39 lines
1.1 KiB
YAML
39 lines
1.1 KiB
YAML
services:
|
|
wg-easy:
|
|
#environment:
|
|
# Optional:
|
|
# - PORT=51821
|
|
# - HOST=0.0.0.0
|
|
# - INSECURE=false
|
|
# - WG_MTU=1420
|
|
|
|
image: ghcr.io/wg-easy/wg-easy:15
|
|
container_name: wg-easy
|
|
networks:
|
|
wg:
|
|
ipv4_address: 10.42.42.42
|
|
volumes:
|
|
- /srv/docker/wg-easy:/etc/wireguard # Volume mapping for WireGuard configuration files.
|
|
- /lib/modules:/lib/modules:ro
|
|
ports:
|
|
- "51820:51820/udp" # UDP port used by WireGuard.
|
|
- "51821:51821/tcp" # TCP port for accessing the web interface.
|
|
restart: unless-stopped
|
|
cap_add: # Capabilities required for managing networking features.
|
|
- NET_ADMIN
|
|
- SYS_MODULE
|
|
# - NET_RAW # ⚠️ Uncomment if using Podman
|
|
sysctls: # Kernel parameters that need to be set for WireGuard.
|
|
- net.ipv4.ip_forward=1
|
|
- net.ipv4.conf.all.src_valid_mark=1
|
|
- net.ipv6.conf.all.disable_ipv6=0
|
|
- net.ipv6.conf.all.forwarding=1
|
|
- net.ipv6.conf.default.forwarding=1
|
|
|
|
networks:
|
|
wg:
|
|
driver: bridge
|
|
ipam:
|
|
driver: default
|
|
config:
|
|
- subnet: 10.42.42.0/24 |