diff --git a/README.md b/README.md index d43eeb7..c462698 100644 --- a/README.md +++ b/README.md @@ -71,8 +71,8 @@ docker compose up - [wg-easy](examples/wg-easy) - The easiest way to install & manage WireGuard on any Linux host. All-in-one deployment of a WireGuard VPN network service + web management UI. - [WireGuard](examples/wireguard) - WireGuard by Linuxserver.io is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. - [IPSec VPN Server](examples/ipsec-vpn-server) - Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2. +- [Firezone](examples/firezone) - Self-hosted secure remote access gateway that supports the WireGuard protocol. It offers a Web GUI, 1-line install script, multi-factor auth (MFA), and SSO. - ~~[Netbird](https://github.com/netbirdio/netbird)~~ - Quickly connect your computers, servers, cloud instances, and IoT devices into a secure private network. No configuration required. -- ~~[Firezone](https://github.com/firezone/firezone)~~ - Self-hosted secure remote access gateway that supports the WireGuard protocol. It offers a Web GUI, 1-line install script, multi-factor auth (MFA), and SSO. ### Domain Name Service (DNS) - [AdGuard Home](examples/adguard-home) - AdGuard Home is a network-wide software for blocking ads and tracking. diff --git a/examples/firezone/README.md b/examples/firezone/README.md new file mode 100644 index 0000000..40750f5 --- /dev/null +++ b/examples/firezone/README.md @@ -0,0 +1,17 @@ +# Reference + +- https://www.firezone.dev/docs/deploy/docker + +# Notes + +1. Download the `docker-compose.yml` and `.env` file from this repository. +2. Adjust both files to your needs. Especially change the default secrets! +3. Proceed by executing the below commands. + +```` +docker compose run --rm firezone bin/migrate +docker compose run --rm firezone bin/create-or-reset-admin +docker compose up -d +```` + +Note: This compose setup requires an already existing dockerized Traefik reverse proxy. diff --git a/examples/firezone/docker-compose.yml b/examples/firezone/docker-compose.yml new file mode 100644 index 0000000..2507da0 --- /dev/null +++ b/examples/firezone/docker-compose.yml @@ -0,0 +1,68 @@ +x-deploy: &default-deploy + restart_policy: + condition: unless-stopped + delay: 5s + window: 120s + update_config: + order: start-first + +version: "3.7" + +services: + + firezone: + image: firezone/firezone + container_name: firezone-web + ports: + - 51820:51820/udp + env_file: + # This should contain a list of env vars for configuring Firezone. + # See https://docs.firezone.dev/reference/env-vars for more info. + - ${FZ_INSTALL_DIR:-.}/.env + volumes: + # IMPORTANT: Persists WireGuard private key and other data. If + # /var/firezone/private_key exists when Firezone starts, it is + # used as the WireGuard private. Otherwise, one is generated. + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/firezone:/var/firezone + labels: + - traefik.enable=true + - traefik.docker.network=dev + - traefik.http.routers.firezone_https.rule=Host(`firezone.example.com`) + - traefik.http.routers.firezone_https.tls=true + - traefik.http.services.firezone.loadbalancer.server.port=13000 + cap_add: + # Needed for WireGuard and firewall support. + - NET_ADMIN + - SYS_MODULE + sysctls: + # Needed for masquerading and NAT. + - net.ipv6.conf.all.disable_ipv6=0 + - net.ipv4.ip_forward=1 + - net.ipv6.conf.all.forwarding=1 + depends_on: + - postgres + networks: + - dev + + deploy: + <<: *default-deploy + + postgres: + image: postgres:15 + container_name: firezone-db + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/postgres-data:/var/lib/postgresql/data + environment: + POSTGRES_DB: ${DATABASE_NAME:-firezone} + POSTGRES_USER: ${DATABASE_USER:-postgres} + POSTGRES_PASSWORD: ${DATABASE_PASSWORD:?err} + networks: + - dev + deploy: + <<: *default-deploy + update_config: + order: stop-first + +networks: + dev: + external: true