VPN: wireguard sidecar, nginx upstreams to 10.0.0.2, backend ports bound to wg0, updated docs

2026-05-24 14:48:52 +02:00
parent 5e97218dc8
commit a8a4567fd3
7 changed files with 38 additions and 101 deletions
@@ -1,20 +1,30 @@
 services:
+  wireguard:
+    image: linuxserver/wireguard
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - SYS_MODULE
+    sysctls:
+      net.ipv4.conf.all.src_valid_mark: "1"
+    volumes:
+      - ./wireguard:/config
+    ports:
+      - "80:80"
+      - "443:443"
+      - "5432:5432"
+      - "51820:51820/udp"
+    restart: unless-stopped
+
  nginx:
    image: nginx:alpine
-    restart: unless-stopped
+    network_mode: "service:wireguard"
+    depends_on:
+      - wireguard
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./nginx/conf.d:/etc/nginx/conf.d:ro
      - ./nginx/stream.d:/etc/nginx/stream.d:ro
      - ./ssl:/etc/nginx/certs:ro
      - ./html:/usr/share/nginx/html:ro
-    ports:
-      - "80:80"
-      - "443:443"
-      - "5432:5432"
-    networks:
-      - frontend
-
-networks:
-  frontend:
-    driver: bridge
+    restart: unless-stopped