38 lines
1.0 KiB
YAML
38 lines
1.0 KiB
YAML
services:
|
|
vpn:
|
|
build: .
|
|
container_name: vpn-wireguard
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- SYS_MODULE
|
|
sysctls:
|
|
- net.ipv4.ip_forward=1
|
|
- net.ipv4.conf.all.src_valid_mark=1
|
|
volumes:
|
|
- ./wg0.conf:/etc/wireguard/wg0.conf:ro
|
|
- /lib/modules:/lib/modules:ro
|
|
ports:
|
|
# Expose app's port 8000 to the local network through the VPN container
|
|
- "8000:8000"
|
|
environment:
|
|
- HEALTH_CHECK_INTERVAL=10
|
|
- HEALTH_CHECK_HOST=1.1.1.1
|
|
- LOCAL_PORTS=8000
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ["CMD", "ping", "-c", "1", "-W", "5", "1.1.1.1"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
|
|
app:
|
|
image: python:3.12-alpine
|
|
container_name: vpn-app
|
|
# Share the VPN container's network — all outgoing traffic goes through WireGuard
|
|
network_mode: "service:vpn"
|
|
depends_on:
|
|
vpn:
|
|
condition: service_healthy
|
|
# Example: simple HTTP server on port 8000. Replace with your actual app.
|
|
command: ["python3", "-m", "http.server", "8000"]
|