-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathmain.docker.compose.yml
135 lines (118 loc) · 3.74 KB
/
main.docker.compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
#Configure To YOUR Enviornment and RUN
# docker compose -f solo-docker-compose.yml up -d
networks:
private_network:
driver: bridge
driver_opts:
com.docker.network.bridge.enable_icc: "true"
attachable: true
internal: false
ipam:
config:
- subnet: 10.2.0.0/24
services:
dnscrypt:
depends_on: [wiregate]
image: "klutchell/dnscrypt-proxy"
container_name: dnscrypt
restart: unless-stopped
hostname: "dnscrypt"
volumes:
- ./configs/dnscrypt:/config
networks:
private_network:
ipv4_address: 10.2.0.42
unbound:
depends_on: [dnscrypt]
image: "noxcis/unbound:latest"
container_name: unbound
restart: unless-stopped
hostname: "unbound"
cap_add:
- NET_ADMIN
healthcheck:
test: ["CMD", "drill", "@127.0.0.1", "dnssec.works"]
interval: 30s
timeout: 30s
retries: 3
start_period: 30s
networks:
private_network:
ipv4_address: 10.2.0.200
adguard:
depends_on: [unbound]
container_name: adguard
image: adguard/adguardhome
restart: unless-stopped
hostname: adguard
# Volumes store your data between container upgrades
volumes:
- "./configs/adguard/Data:/opt/adguardhome/work"
- "./configs/adguard:/opt/adguardhome/conf"
networks:
private_network:
ipv4_address: 10.2.0.100
wiregate:
image: noxcis/wiregate:jiaotu-beta-dev-v0.2.3
container_name: wiregate
hostname: wiregate
cap_add:
- NET_ADMIN
- SYS_MODULE
devices:
- /dev/net/tun:/dev/net/tun
restart: unless-stopped
volumes:
- /lib/modules:/lib/modules:ro
- pf_conf:/WireGate/iptable-rules/
- conf:/etc/wireguard
- db:/WireGate/db
- ./configs/dnscrypt:/WireGate/dnscrypt
- ./configs/tor:/etc/tor/
- ./configs/logs:/WireGate/log/
- ./configs/master-key:/WireGate/master-key
environment:
#Config Path Optional
#- WGDCONF_PATH=/etc/wireguard
#Use Ofuscated Wireguard (AmneziaWG)
- AMNEZIA_WG=true
#Set Timezone
- TZ=America/New_York
#Tor Settings
##########################################################
- WGD_TOR_PROXY=false #Enable Tor
- WGD_TOR_EXIT_NODES={ch} #Ex. {gb},{fr}
- WGD_TOR_DNS_EXIT_NODES={us}
- WGD_TOR_BRIDGES=true #Enable Tor Bridges
- WGD_TOR_PLUGIN=webtunnel #OPTIONS webtunnel, obfs4, snowflake
#WGDashboard Global Settings
##########################################################
- WGD_WELCOME_SESSION=true
- WGD_AUTH_REQ=true
- WGD_USER=admin
- WGD_PASS=admin
- WGD_REMOTE_ENDPOINT=0.0.0.0
- WGD_REMOTE_ENDPOINT_PORT=80
- WGD_PEER_ENDPOINT_ALLOWED_IP=0.0.0.0/0, ::/0
- WGD_KEEP_ALIVE=21
- WGD_MTU=1420
- WGD_PORT_RANGE_STARTPORT=4430
#DNS Setiings (Set To use Containers Above) You can use your own DNS
##########################################################
- WGD_DNS=10.2.0.100
- WGD_IPTABLES_DNS=10.2.0.100
ports:
- "4430-4433:4430-4433/udp" #UDP Interface Listen Ports For Zones
- 8000:80/tcp #Comment Out for full network lockdown, I.E only Accessible via VPN conttenction at http://wire.gate using config in generated master-key folder
sysctls: #Otherwise access the dashboard @ your-sever-ip/domain:6060
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv6.conf.all.forwarding=1
- net.ipv6.conf.default.forwarding=1
networks:
private_network:
ipv4_address: 10.2.0.3
volumes:
db:
conf:
pf_conf: