mirror of
https://github.com/Haxxnet/Compose-Examples
synced 2025-03-13 17:19:52 +00:00
add dockerized firezone
This commit is contained in:
parent
554eeaf3e9
commit
33d04d9d7b
@ -71,8 +71,8 @@ docker compose up
|
||||
- [wg-easy](examples/wg-easy) - The easiest way to install & manage WireGuard on any Linux host. All-in-one deployment of a WireGuard VPN network service + web management UI.
|
||||
- [WireGuard](examples/wireguard) - WireGuard by Linuxserver.io is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.
|
||||
- [IPSec VPN Server](examples/ipsec-vpn-server) - Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2.
|
||||
- [Firezone](examples/firezone) - Self-hosted secure remote access gateway that supports the WireGuard protocol. It offers a Web GUI, 1-line install script, multi-factor auth (MFA), and SSO.
|
||||
- ~~[Netbird](https://github.com/netbirdio/netbird)~~ - Quickly connect your computers, servers, cloud instances, and IoT devices into a secure private network. No configuration required.
|
||||
- ~~[Firezone](https://github.com/firezone/firezone)~~ - Self-hosted secure remote access gateway that supports the WireGuard protocol. It offers a Web GUI, 1-line install script, multi-factor auth (MFA), and SSO.
|
||||
|
||||
### Domain Name Service (DNS)
|
||||
- [AdGuard Home](examples/adguard-home) - AdGuard Home is a network-wide software for blocking ads and tracking.
|
||||
|
17
examples/firezone/README.md
Normal file
17
examples/firezone/README.md
Normal file
@ -0,0 +1,17 @@
|
||||
# Reference
|
||||
|
||||
- https://www.firezone.dev/docs/deploy/docker
|
||||
|
||||
# Notes
|
||||
|
||||
1. Download the `docker-compose.yml` and `.env` file from this repository.
|
||||
2. Adjust both files to your needs. Especially change the default secrets!
|
||||
3. Proceed by executing the below commands.
|
||||
|
||||
````
|
||||
docker compose run --rm firezone bin/migrate
|
||||
docker compose run --rm firezone bin/create-or-reset-admin
|
||||
docker compose up -d
|
||||
````
|
||||
|
||||
Note: This compose setup requires an already existing dockerized Traefik reverse proxy.
|
68
examples/firezone/docker-compose.yml
Normal file
68
examples/firezone/docker-compose.yml
Normal file
@ -0,0 +1,68 @@
|
||||
x-deploy: &default-deploy
|
||||
restart_policy:
|
||||
condition: unless-stopped
|
||||
delay: 5s
|
||||
window: 120s
|
||||
update_config:
|
||||
order: start-first
|
||||
|
||||
version: "3.7"
|
||||
|
||||
services:
|
||||
|
||||
firezone:
|
||||
image: firezone/firezone
|
||||
container_name: firezone-web
|
||||
ports:
|
||||
- 51820:51820/udp
|
||||
env_file:
|
||||
# This should contain a list of env vars for configuring Firezone.
|
||||
# See https://docs.firezone.dev/reference/env-vars for more info.
|
||||
- ${FZ_INSTALL_DIR:-.}/.env
|
||||
volumes:
|
||||
# IMPORTANT: Persists WireGuard private key and other data. If
|
||||
# /var/firezone/private_key exists when Firezone starts, it is
|
||||
# used as the WireGuard private. Otherwise, one is generated.
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/firezone:/var/firezone
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.docker.network=dev
|
||||
- traefik.http.routers.firezone_https.rule=Host(`firezone.example.com`)
|
||||
- traefik.http.routers.firezone_https.tls=true
|
||||
- traefik.http.services.firezone.loadbalancer.server.port=13000
|
||||
cap_add:
|
||||
# Needed for WireGuard and firewall support.
|
||||
- NET_ADMIN
|
||||
- SYS_MODULE
|
||||
sysctls:
|
||||
# Needed for masquerading and NAT.
|
||||
- net.ipv6.conf.all.disable_ipv6=0
|
||||
- net.ipv4.ip_forward=1
|
||||
- net.ipv6.conf.all.forwarding=1
|
||||
depends_on:
|
||||
- postgres
|
||||
networks:
|
||||
- dev
|
||||
|
||||
deploy:
|
||||
<<: *default-deploy
|
||||
|
||||
postgres:
|
||||
image: postgres:15
|
||||
container_name: firezone-db
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/postgres-data:/var/lib/postgresql/data
|
||||
environment:
|
||||
POSTGRES_DB: ${DATABASE_NAME:-firezone}
|
||||
POSTGRES_USER: ${DATABASE_USER:-postgres}
|
||||
POSTGRES_PASSWORD: ${DATABASE_PASSWORD:?err}
|
||||
networks:
|
||||
- dev
|
||||
deploy:
|
||||
<<: *default-deploy
|
||||
update_config:
|
||||
order: stop-first
|
||||
|
||||
networks:
|
||||
dev:
|
||||
external: true
|
Loading…
x
Reference in New Issue
Block a user