From: Giorgio Ravera <giorgio.ravera@gmail.com>
Date: Sun, 18 Jan 2026 21:36:48 +0000 (+0100)
Subject: Added wg-easy
X-Git-Url: http://git.giorgioravera.it/?a=commitdiff_plain;h=52825afcdec8fbe046bf442c300279fac338b3c4;p=docker.git

Added wg-easy
---

diff --git a/portal/docker-compose.yaml b/portal/docker-compose.yaml
index 7026171..1357467 100644
--- a/portal/docker-compose.yaml
+++ b/portal/docker-compose.yaml
@@ -1,4 +1,4 @@
-service:
+services:
   portal:
     image: busybox:latest
     container_name: portal
@@ -7,6 +7,8 @@ service:
       - TZ=${DOCKER_TZ}
     volumes:
       - ${DOCKER_CFG_DIR}/portal:/www:ro
+    networks:
+      - proxy
     labels:
       - "traefik.enable=true"
       # Router HTTP
@@ -22,3 +24,7 @@ service:
       - "traefik.http.middlewares.portal-https-redirect.redirectscheme.scheme=https"
       # Service: Loadbalancer
       - "traefik.http.services.portal.loadbalancer.server.port=80"
+
+networks:
+  proxy:
+    external: true
diff --git a/wg-easy/create_net.sh b/wg-easy/create_net.sh
new file mode 100755
index 0000000..ebf738c
--- /dev/null
+++ b/wg-easy/create_net.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+docker network create \
+  --driver bridge \
+  --ipv6 \
+  --subnet 172.19.0.0/24 \
+  --subnet fd19:0:0:1::/64 \
+  wireguard
diff --git a/wg-easy/docker-compose.yaml b/wg-easy/docker-compose.yaml
new file mode 100644
index 0000000..5970da8
--- /dev/null
+++ b/wg-easy/docker-compose.yaml
@@ -0,0 +1,87 @@
+services:
+  wg-home:
+    container_name: wg-home
+    image: ghcr.io/wg-easy/wg-easy:15
+    restart: always
+    ports:
+      #- "51821:51821/tcp"   # Web UI home
+      - "51820:51820/udp"   # WireGuard home
+    environment:
+      - TZ=${DOCKER_TZ}
+      - INSECURE=true
+    volumes:
+      - ${DOCKER_CFG_DIR}/wg-easy/home:/etc/wireguard
+      - /lib/modules:/lib/modules:ro
+    networks:
+      - wireguard
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+      # - NET_RAW # Uncomment if using Podman
+    sysctls:
+      - net.ipv4.ip_forward=1
+      - net.ipv4.conf.all.src_valid_mark=1
+      - net.ipv6.conf.all.disable_ipv6=0
+      - net.ipv6.conf.all.forwarding=1
+      - net.ipv6.conf.default.forwarding=1
+    labels:
+      - "traefik.enable=true"
+      # Router: HTTP
+      - "traefik.http.routers.wg-home.entrypoints=http"
+      - "traefik.http.routers.wg-home.rule=Host(`wg-home.giorgioravera.it`)"
+      - "traefik.http.routers.wg-home.middlewares=wg-home-https-redirect"
+      # Router: HTTPS
+      - "traefik.http.routers.wg-home-secure.entrypoints=https"
+      - "traefik.http.routers.wg-home-secure.rule=Host(`wg-home.giorgioravera.it`)"
+      - "traefik.http.routers.wg-home-secure.tls=true"
+      - "traefik.http.routers.wg-home-secure.service=wg-home"
+      # Middlewares: Redirect http to https
+      - "traefik.http.middlewares.wg-home-https-redirect.redirectscheme.scheme=https"
+      # Services: Loadbalancer
+      - "traefik.http.services.wg-home.loadbalancer.server.port=51821"
+
+  wg-guest:
+    container_name: wg-guest
+    image: ghcr.io/wg-easy/wg-easy:15
+    restart: always
+    ports:
+      #- "51821:51821/tcp"   # Web UI guest
+      - "51821:51821/udp"   # WireGuard guest
+    environment:
+      - TZ=${DOCKER_TZ}
+      - INSECURE=true
+    volumes:
+      - ${DOCKER_CFG_DIR}/wg-easy/guest:/etc/wireguard
+      - /lib/modules:/lib/modules:ro
+    networks:
+      - wireguard
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+      # - NET_RAW # Uncomment if using Podman
+    sysctls:
+      - net.ipv4.ip_forward=1
+      - net.ipv4.conf.all.src_valid_mark=1
+      - net.ipv6.conf.all.disable_ipv6=0
+      - net.ipv6.conf.all.forwarding=1
+      - net.ipv6.conf.default.forwarding=1
+    labels:
+      - "traefik.enable=true"
+      # Router: HTTP
+      - "traefik.http.routers.wg-guest.entrypoints=http"
+      - "traefik.http.routers.wg-guest.rule=Host(`wg-guest.giorgioravera.it`)"
+      - "traefik.http.routers.wg-guest.middlewares=wg-guest-https-redirect"
+      # Router: HTTPS
+      - "traefik.http.routers.wg-guest-secure.entrypoints=https"
+      - "traefik.http.routers.wg-guest-secure.rule=Host(`wg-guest.giorgioravera.it`)"
+      - "traefik.http.routers.wg-guest-secure.tls=true"
+      - "traefik.http.routers.wg-guest-secure.service=wg-guest"
+      # Middlewares: Redirect http to https
+      - "traefik.http.middlewares.wg-guest-https-redirect.redirectscheme.scheme=https"
+      # Services: Loadbalancer
+      - "traefik.http.services.wg-guest.loadbalancer.server.port=51821"
+
+networks:
+  #proxy:
+  wireguard:
+    external: true