add dockerized firezone

README.md

@@ -71,8 +71,8 @@ docker compose up
 - [wg-easy](examples/wg-easy) - The easiest way to install & manage WireGuard on any Linux host. All-in-one deployment of a WireGuard VPN network service + web management UI.
 - [WireGuard](examples/wireguard) - WireGuard by Linuxserver.io is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.
 - [IPSec VPN Server](examples/ipsec-vpn-server) - Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2.
+- [Firezone](examples/firezone) - Self-hosted secure remote access gateway that supports the WireGuard protocol. It offers a Web GUI, 1-line install script, multi-factor auth (MFA), and SSO.
 - ~~[Netbird](https://github.com/netbirdio/netbird)~~ - Quickly connect your computers, servers, cloud instances, and IoT devices into a secure private network. No configuration required.
-- ~~[Firezone](https://github.com/firezone/firezone)~~ - Self-hosted secure remote access gateway that supports the WireGuard protocol. It offers a Web GUI, 1-line install script, multi-factor auth (MFA), and SSO.
 
 ### Domain Name Service (DNS)
 - [AdGuard Home](examples/adguard-home) - AdGuard Home is a network-wide software for blocking ads and tracking.

examples/firezone/README.md

@@ -0,0 +1,17 @@
+# Reference
+
+- https://www.firezone.dev/docs/deploy/docker
+
+# Notes
+
+1. Download the `docker-compose.yml` and `.env` file from this repository.
+2. Adjust both files to your needs. Especially change the default secrets!
+3. Proceed by executing the below commands.
+
+````
+docker compose run --rm firezone bin/migrate
+docker compose run --rm firezone bin/create-or-reset-admin
+docker compose up -d
+````
+
+Note: This compose setup requires an already existing dockerized Traefik reverse proxy.

examples/firezone/docker-compose.yml

@@ -0,0 +1,68 @@
+x-deploy: &default-deploy
+  restart_policy:
+    condition: unless-stopped
+    delay: 5s
+    window: 120s
+  update_config:
+    order: start-first
+
+version: "3.7"
+
+services:
+
+  firezone:
+    image: firezone/firezone
+    container_name: firezone-web
+    ports:
+      - 51820:51820/udp
+    env_file:
+      # This should contain a list of env vars for configuring Firezone.
+      # See https://docs.firezone.dev/reference/env-vars for more info.
+      - ${FZ_INSTALL_DIR:-.}/.env
+    volumes:
+      # IMPORTANT: Persists WireGuard private key and other data. If
+      # /var/firezone/private_key exists when Firezone starts, it is
+      # used as the WireGuard private. Otherwise, one is generated.
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/firezone:/var/firezone
+    labels:
+     - traefik.enable=true
+     - traefik.docker.network=dev
+     - traefik.http.routers.firezone_https.rule=Host(`firezone.example.com`)
+     - traefik.http.routers.firezone_https.tls=true
+     - traefik.http.services.firezone.loadbalancer.server.port=13000
+    cap_add:
+      # Needed for WireGuard and firewall support.
+      - NET_ADMIN
+      - SYS_MODULE
+    sysctls:
+      # Needed for masquerading and NAT.
+      - net.ipv6.conf.all.disable_ipv6=0
+      - net.ipv4.ip_forward=1
+      - net.ipv6.conf.all.forwarding=1
+    depends_on:
+      - postgres
+    networks:
+      - dev
+
+    deploy:
+      <<: *default-deploy
+
+  postgres:
+    image: postgres:15
+    container_name: firezone-db
+    volumes:
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/postgres-data:/var/lib/postgresql/data
+    environment:
+      POSTGRES_DB: ${DATABASE_NAME:-firezone}
+      POSTGRES_USER: ${DATABASE_USER:-postgres}
+      POSTGRES_PASSWORD: ${DATABASE_PASSWORD:?err}
+    networks:
+      - dev
+    deploy:
+      <<: *default-deploy
+      update_config:
+        order: stop-first
+
+networks:
+  dev:
+    external: true