Gateway/docker-compose.yml

version: "3.3"

services:

  #  Route via Traefik
  router-traefik:
    image: "traefik:v2.10"
    env_file:
      - .env
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.wireguard.address=:51820"
      - "--certificatesresolvers.exitNode.acme.tlschallenge=true"
      - "--certificatesresolvers.exitNode.acme.email=devops@lt.hn"
      - "--certificatesresolvers.exitNode.acme.storage=/letsencrypt/acme.json"
      - "--experimental.plugins.ldapAuth.modulename=github.com/wiltonsr/ldapAuth"
      - "--experimental.plugins.ldapAuth.version=v0.0.22"
    ports:
      - "443:443"
      - "80:8080"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

  #  Wireguard VPN
  vpn-wireguard:
    image: linuxserver/wireguard:latest
    cap_add:
      - NET_ADMIN
      - SYS_MODULE #optional
    env_file:
      - .env
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - SERVERURL=$NODE_HOSTNAME #optional
      - SERVERPORT=51820 #optional
      #- PEERS=1 #uncomment if wishing to not set usernames and only set a random number of peers.
      - PEERDNS=auto #optional
      - INTERNAL_SUBNET=10.13.13.0 #optional
      - ALLOWEDIPS=0.0.0.0/0 #optional
      - PERSISTENTKEEPALIVE_PEERS= #optional
      - LOG_CONFS=true #optional
    volumes:
      - ./config:/config
      - /lib/modules:/lib/modules #optional
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    labels:
      - "traefik.enable=true"
      - "traefik.udp.routers.wireguard.rule=HostRegexp(`${SERVER_CNAME_NAMESPACE}`, `{subdomain:[a-z]+}.${SERVER_CNAME_NAMESPACE}`)"
      - "traefik.udp.routers.wireguard.entrypoints=wireguard"
    restart: unless-stopped
create a wireguard vpn server setup with optional tweaks 2025-01-12 00:29:25 +11:00			`version: "3.3"`

			`services:`

			`# Route via Traefik`
			`router-traefik:`
			`image: "traefik:v2.10"`
			`env_file:`
			`- .env`
			`command:`
			`- "--api.insecure=true"`
			`- "--providers.docker=true"`
			`- "--providers.docker.exposedbydefault=false"`
			`- "--entrypoints.websecure.address=:443"`
			`- "--entrypoints.wireguard.address=:51820"`
			`- "--certificatesresolvers.exitNode.acme.tlschallenge=true"`
			`- "--certificatesresolvers.exitNode.acme.email=devops@lt.hn"`
			`- "--certificatesresolvers.exitNode.acme.storage=/letsencrypt/acme.json"`
			`- "--experimental.plugins.ldapAuth.modulename=github.com/wiltonsr/ldapAuth"`
			`- "--experimental.plugins.ldapAuth.version=v0.0.22"`
			`ports:`
			`- "443:443"`
			`- "80:8080"`
			`volumes:`
			`- "./letsencrypt:/letsencrypt"`
			`- "/var/run/docker.sock:/var/run/docker.sock:ro"`

			`# Wireguard VPN`
			`vpn-wireguard:`
			`image: linuxserver/wireguard:latest`
			`cap_add:`
			`- NET_ADMIN`
			`- SYS_MODULE #optional`
			`env_file:`
			`- .env`
			`environment:`
			`- PUID=1000`
			`- PGID=1000`
			`- TZ=Etc/UTC`
			`- SERVERURL=$NODE_HOSTNAME #optional`
			`- SERVERPORT=51820 #optional`
			`#- PEERS=1 #uncomment if wishing to not set usernames and only set a random number of peers.`
			`- PEERDNS=auto #optional`
			`- INTERNAL_SUBNET=10.13.13.0 #optional`
			`- ALLOWEDIPS=0.0.0.0/0 #optional`
			`- PERSISTENTKEEPALIVE_PEERS= #optional`
			`- LOG_CONFS=true #optional`
			`volumes:`
			`- ./config:/config`
			`- /lib/modules:/lib/modules #optional`
			`ports:`
			`- 51820:51820/udp`
			`sysctls:`
			`- net.ipv4.conf.all.src_valid_mark=1`
			`labels:`
			`- "traefik.enable=true"`
			- "traefik.udp.routers.wireguard.rule=HostRegexp(`${SERVER_CNAME_NAMESPACE}`, `{subdomain:[a-z]+}.${SERVER_CNAME_NAMESPACE}`)"
			`- "traefik.udp.routers.wireguard.entrypoints=wireguard"`
			`restart: unless-stopped`