add dockerized firezone

This commit is contained in:
LRVT 2023-06-22 09:40:05 +02:00
parent 554eeaf3e9
commit 33d04d9d7b
3 changed files with 86 additions and 1 deletions

View File

@ -71,8 +71,8 @@ docker compose up
- [wg-easy](examples/wg-easy) - The easiest way to install & manage WireGuard on any Linux host. All-in-one deployment of a WireGuard VPN network service + web management UI.
- [WireGuard](examples/wireguard) - WireGuard by Linuxserver.io is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.
- [IPSec VPN Server](examples/ipsec-vpn-server) - Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2.
- [Firezone](examples/firezone) - Self-hosted secure remote access gateway that supports the WireGuard protocol. It offers a Web GUI, 1-line install script, multi-factor auth (MFA), and SSO.
- ~~[Netbird](https://github.com/netbirdio/netbird)~~ - Quickly connect your computers, servers, cloud instances, and IoT devices into a secure private network. No configuration required.
- ~~[Firezone](https://github.com/firezone/firezone)~~ - Self-hosted secure remote access gateway that supports the WireGuard protocol. It offers a Web GUI, 1-line install script, multi-factor auth (MFA), and SSO.
### Domain Name Service (DNS)
- [AdGuard Home](examples/adguard-home) - AdGuard Home is a network-wide software for blocking ads and tracking.

View File

@ -0,0 +1,17 @@
# Reference
- https://www.firezone.dev/docs/deploy/docker
# Notes
1. Download the `docker-compose.yml` and `.env` file from this repository.
2. Adjust both files to your needs. Especially change the default secrets!
3. Proceed by executing the below commands.
````
docker compose run --rm firezone bin/migrate
docker compose run --rm firezone bin/create-or-reset-admin
docker compose up -d
````
Note: This compose setup requires an already existing dockerized Traefik reverse proxy.

View File

@ -0,0 +1,68 @@
x-deploy: &default-deploy
restart_policy:
condition: unless-stopped
delay: 5s
window: 120s
update_config:
order: start-first
version: "3.7"
services:
firezone:
image: firezone/firezone
container_name: firezone-web
ports:
- 51820:51820/udp
env_file:
# This should contain a list of env vars for configuring Firezone.
# See https://docs.firezone.dev/reference/env-vars for more info.
- ${FZ_INSTALL_DIR:-.}/.env
volumes:
# IMPORTANT: Persists WireGuard private key and other data. If
# /var/firezone/private_key exists when Firezone starts, it is
# used as the WireGuard private. Otherwise, one is generated.
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/firezone:/var/firezone
labels:
- traefik.enable=true
- traefik.docker.network=dev
- traefik.http.routers.firezone_https.rule=Host(`firezone.example.com`)
- traefik.http.routers.firezone_https.tls=true
- traefik.http.services.firezone.loadbalancer.server.port=13000
cap_add:
# Needed for WireGuard and firewall support.
- NET_ADMIN
- SYS_MODULE
sysctls:
# Needed for masquerading and NAT.
- net.ipv6.conf.all.disable_ipv6=0
- net.ipv4.ip_forward=1
- net.ipv6.conf.all.forwarding=1
depends_on:
- postgres
networks:
- dev
deploy:
<<: *default-deploy
postgres:
image: postgres:15
container_name: firezone-db
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/postgres-data:/var/lib/postgresql/data
environment:
POSTGRES_DB: ${DATABASE_NAME:-firezone}
POSTGRES_USER: ${DATABASE_USER:-postgres}
POSTGRES_PASSWORD: ${DATABASE_PASSWORD:?err}
networks:
- dev
deploy:
<<: *default-deploy
update_config:
order: stop-first
networks:
dev:
external: true