Added wg-easy

author Giorgio Ravera <giorgio.ravera@gmail.com>

Sun, 18 Jan 2026 21:36:48 +0000 (22:36 +0100)

committer Giorgio Ravera <giorgio.ravera@gmail.com>

Wed, 21 Jan 2026 20:08:40 +0000 (21:08 +0100)
author Giorgio Ravera <giorgio.ravera@gmail.com>
Sun, 18 Jan 2026 21:36:48 +0000 (22:36 +0100)
committer Giorgio Ravera <giorgio.ravera@gmail.com>
Wed, 21 Jan 2026 20:08:40 +0000 (21:08 +0100)
diff --git a/portal/docker-compose.yaml b/portal/docker-compose.yaml

index 7026171a21949c45aafdea6330c6965d80254b1b..1357467d88a89e963d1bdc5b6a1ec53ea8e347f5 100644 (file)
--- a/portal/docker-compose.yaml
+++ b/portal/docker-compose.yaml
@@ -1,4 +1,4 @@
-service:
+services:
    portal:
      image: busybox:latest
      container_name: portal
@@ -7,6 +7,8 @@ service:
        - TZ=${DOCKER_TZ}
      volumes:
        - ${DOCKER_CFG_DIR}/portal:/www:ro
+    networks:
+      - proxy
      labels:
        - "traefik.enable=true"
        # Router HTTP
@@ -22,3 +24,7 @@ service:
        - "traefik.http.middlewares.portal-https-redirect.redirectscheme.scheme=https"
        # Service: Loadbalancer
        - "traefik.http.services.portal.loadbalancer.server.port=80"
+
+networks:
+  proxy:
+    external: true
diff --git a/wg-easy/create_net.sh b/wg-easy/create_net.sh

new file mode 100755 (executable)

index 0000000..ebf738c
--- /dev/null
+++ b/wg-easy/create_net.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+docker network create \
+  --driver bridge \
+  --ipv6 \
+  --subnet 172.19.0.0/24 \
+  --subnet fd19:0:0:1::/64 \
+  wireguard
diff --git a/wg-easy/docker-compose.yaml b/wg-easy/docker-compose.yaml

new file mode 100644 (file)

index 0000000..5970da8
--- /dev/null
+++ b/wg-easy/docker-compose.yaml
@@ -0,0 +1,87 @@
+services:
+  wg-home:
+    container_name: wg-home
+    image: ghcr.io/wg-easy/wg-easy:15
+    restart: always
+    ports:
+      #- "51821:51821/tcp"   # Web UI home
+      - "51820:51820/udp"   # WireGuard home
+    environment:
+      - TZ=${DOCKER_TZ}
+      - INSECURE=true
+    volumes:
+      - ${DOCKER_CFG_DIR}/wg-easy/home:/etc/wireguard
+      - /lib/modules:/lib/modules:ro
+    networks:
+      - wireguard
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+      # - NET_RAW # Uncomment if using Podman
+    sysctls:
+      - net.ipv4.ip_forward=1
+      - net.ipv4.conf.all.src_valid_mark=1
+      - net.ipv6.conf.all.disable_ipv6=0
+      - net.ipv6.conf.all.forwarding=1
+      - net.ipv6.conf.default.forwarding=1
+    labels:
+      - "traefik.enable=true"
+      # Router: HTTP
+      - "traefik.http.routers.wg-home.entrypoints=http"
+      - "traefik.http.routers.wg-home.rule=Host(`wg-home.giorgioravera.it`)"
+      - "traefik.http.routers.wg-home.middlewares=wg-home-https-redirect"
+      # Router: HTTPS
+      - "traefik.http.routers.wg-home-secure.entrypoints=https"
+      - "traefik.http.routers.wg-home-secure.rule=Host(`wg-home.giorgioravera.it`)"
+      - "traefik.http.routers.wg-home-secure.tls=true"
+      - "traefik.http.routers.wg-home-secure.service=wg-home"
+      # Middlewares: Redirect http to https
+      - "traefik.http.middlewares.wg-home-https-redirect.redirectscheme.scheme=https"
+      # Services: Loadbalancer
+      - "traefik.http.services.wg-home.loadbalancer.server.port=51821"
+
+  wg-guest:
+    container_name: wg-guest
+    image: ghcr.io/wg-easy/wg-easy:15
+    restart: always
+    ports:
+      #- "51821:51821/tcp"   # Web UI guest
+      - "51821:51821/udp"   # WireGuard guest
+    environment:
+      - TZ=${DOCKER_TZ}
+      - INSECURE=true
+    volumes:
+      - ${DOCKER_CFG_DIR}/wg-easy/guest:/etc/wireguard
+      - /lib/modules:/lib/modules:ro
+    networks:
+      - wireguard
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+      # - NET_RAW # Uncomment if using Podman
+    sysctls:
+      - net.ipv4.ip_forward=1
+      - net.ipv4.conf.all.src_valid_mark=1
+      - net.ipv6.conf.all.disable_ipv6=0
+      - net.ipv6.conf.all.forwarding=1
+      - net.ipv6.conf.default.forwarding=1
+    labels:
+      - "traefik.enable=true"
+      # Router: HTTP
+      - "traefik.http.routers.wg-guest.entrypoints=http"
+      - "traefik.http.routers.wg-guest.rule=Host(`wg-guest.giorgioravera.it`)"
+      - "traefik.http.routers.wg-guest.middlewares=wg-guest-https-redirect"
+      # Router: HTTPS
+      - "traefik.http.routers.wg-guest-secure.entrypoints=https"
+      - "traefik.http.routers.wg-guest-secure.rule=Host(`wg-guest.giorgioravera.it`)"
+      - "traefik.http.routers.wg-guest-secure.tls=true"
+      - "traefik.http.routers.wg-guest-secure.service=wg-guest"
+      # Middlewares: Redirect http to https
+      - "traefik.http.middlewares.wg-guest-https-redirect.redirectscheme.scheme=https"
+      # Services: Loadbalancer
+      - "traefik.http.services.wg-guest.loadbalancer.server.port=51821"
+
+networks:
+  #proxy:
+  wireguard:
+    external: true
author	Giorgio Ravera <giorgio.ravera@gmail.com>
	Sun, 18 Jan 2026 21:36:48 +0000 (22:36 +0100)
committer	Giorgio Ravera <giorgio.ravera@gmail.com>
	Wed, 21 Jan 2026 20:08:40 +0000 (21:08 +0100)
portal/docker-compose.yaml		patch \| blob \| history
wg-easy/create_net.sh	[new file with mode: 0755]	patch \| blob
wg-easy/docker-compose.yaml	[new file with mode: 0644]	patch \| blob