Compose-Examples/examples/firezone/docker-compose.yml

73 lines
2.0 KiB
YAML
Raw Normal View History

2023-06-22 07:40:05 +00:00
x-deploy: &default-deploy
restart_policy:
condition: unless-stopped
delay: 5s
window: 120s
update_config:
order: start-first
services:
firezone:
2024-08-24 03:23:21 +00:00
image: l4rm4nd/firezone
2023-06-22 07:40:05 +00:00
container_name: firezone-web
ports:
- 51820:51820/udp
- 127.0.0.1:13000:13000/tcp
expose:
- 13000
2023-06-22 07:40:05 +00:00
env_file:
# This should contain a list of env vars for configuring Firezone.
# See https://docs.firezone.dev/reference/env-vars for more info.
- ${FZ_INSTALL_DIR:-.}/.env
volumes:
# IMPORTANT: Persists WireGuard private key and other data. If
# /var/firezone/private_key exists when Firezone starts, it is
# used as the WireGuard private. Otherwise, one is generated.
2024-08-18 21:58:09 +00:00
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/firezone/data:/var/firezone
2023-06-22 07:40:05 +00:00
cap_add:
# Needed for WireGuard and firewall support.
- NET_ADMIN
- SYS_MODULE
sysctls:
# Needed for masquerading and NAT.
- net.ipv6.conf.all.disable_ipv6=0
- net.ipv4.ip_forward=1
- net.ipv6.conf.all.forwarding=1
depends_on:
- postgres
2024-08-18 21:50:10 +00:00
#networks:
# - proxy
#labels:
# - traefik.enable=true
# - traefik.docker.network=proxy
# - traefik.http.routers.firezone_https.rule=Host(`firezone.example.com`)
# - traefik.http.routers.firezone_https.tls=true
# - traefik.http.services.firezone.loadbalancer.server.port=13000
# #- traefik.http.routers.firezone.middlewares=local-ipwhitelist@file
2023-06-22 07:40:05 +00:00
deploy:
<<: *default-deploy
postgres:
2024-08-24 03:23:21 +00:00
image: postgres:15-alpine
2023-06-22 07:40:05 +00:00
container_name: firezone-db
expose:
- 5432
2023-06-22 07:40:05 +00:00
volumes:
2024-08-18 21:58:09 +00:00
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/firezone/db:/var/lib/postgresql/data
2023-06-22 07:40:05 +00:00
environment:
POSTGRES_DB: ${DATABASE_NAME:-firezone}
POSTGRES_USER: ${DATABASE_USER:-postgres}
POSTGRES_PASSWORD: ${DATABASE_PASSWORD:?err}
deploy:
<<: *default-deploy
update_config:
order: stop-first
2024-08-18 21:50:10 +00:00
#networks:
# - proxy
2023-06-22 07:40:05 +00:00
2024-08-18 21:50:10 +00:00
#networks:
# proxy:
# external: true