version: "3"
services:
wireguard:
image: lscr.io/linuxserver/wireguard:latest
container_name: wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- PUID=1026
- PGID=100
- TZ=Europe/Bratislava
volumes:
- /volume1/docker/wireguard:/config
ports:
- "5000:5000"
- "51820:51820/udp"
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
restart: always
wireguard-ui:
image: ngoduykhanh/wireguard-ui:latest
container_name: wireguard-ui
depends_on:
- wireguard
cap_add:
- NET_ADMIN
network_mode: service:wireguard
environment:
- TZ=Europe/Bratislava
- EMAIL_FROM_ADDRESS=YOUR@EMAIL.COM
- EMAIL_FROM_NAME=WireGuard
- SMTP_PORT=587
- SMTP_USERNAME=YOUR@EMAIL.COM
- SMTP_PASSWORD=EMAIL_PASSWORD
- SMTP_ENCRYPTION=STARTTLS
- SMTP_HOSTNAME=smtp.mail.com
- SMTP_AUTH_TYPE=LOGIN
- SESSION_SECRET=ANY_LONG_STRING
- WGUI_USERNAME=admin
- WGUI_PASSWORD=admin
- WGUI_MANAGE_START=true
- WGUI_MANAGE_RESTART=true
- 'WGUI_SERVER_POST_UP_SCRIPT=iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE'
- 'WGUI_SERVER_POST_DOWN_SCRIPT=iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE'
- WGUI_SERVER_LISTEN_PORT=51820
- 'WGUI_DEFAULT_CLIENT_ALLOWED_IPS=0.0.0.0/0,::/0'
- WGUI_ENDPOINT_ADDRESS=IP or DNS name
- WGUI_MTU=none
- WGUI_PERSISTENT_KEEPALIVE=none
- WGUI_SERVER_INTERFACE_ADDRESSES=10.0.110.0/24
- WGUI_DNS=1.1.1.1
- WGUI_LOG_LEVEL=INFO
logging:
driver: json-file
options:
max-size: 50m
volumes:
- /volume1/docker/wireguard/ui:/app/db
- /volume1/docker/wireguard:/etc/wireguard
restart: always