# compose.yml # Primary compose file, used to manage the traefik and other network related modules # Other compose files to be run named and used my service services: traefik: # This is the proxy for all other services. Using labels it dynamically secures reverse proxies to other containters image: traefik:v3.6 container_name: traefik restart: unless-stopped ports: - "80:80" - "443:443" volumes: - "/var/run/docker.sock:/var/run/docker.sock" - "./letsencrypt:/letsencrypt" - "./traefik.yml:/etc/traefik/traefik.yml:ro" # sets the traefik.yml file as the options file for configuring proxy settings networks: - traefik wg-easy: image: ghcr.io/wg-easy/wg-easy container_name: wg-easy restart: unless-stopped volumes: - ./etc_wireguard:/etc/wireguard environment: # Required settings - WG_HOST=wg.riverrooks.dev # Optional settings - WG_PORT=51820 # WireGuard UDP port - WG_DEFAULT_DNS=1.1.1.1 - WG_ALLOWED_IPS=10.8.0.0/24 cap_add: - NET_ADMIN - SYS_MODULE sysctls: - net.ipv4.conf.all.src_valid_mark=1 - net.ipv4.ip_forward=1 # Ports: We map the VPN port (UDP) directly to the host. # The Web UI (51821) is handled by Traefik labels instead. ports: - "51820:51820/udp" networks: - traefik labels: # since by default containers are disabled, we need to enable them - "traefik.enable=true" # Set a rule for which hostnames will connect - "traefik.http.routers.wg-easy.rule=Host(`wg.riverrooks.dev`)" # declare an antrypoint. Websecure is defined in the traefik.yml file - "traefik.http.routers.wg-easy.entrypoints=websecure" # declare the certificate resolver. Also defined in traefik.yml file - "traefik.http.routers.wg-easy.tls.certresolver=basic-letsencrypt" # set the port which will be proxied to the address - "traefik.http.services.wg-easy.loadbalancer.server.port=51821" networks: traefik: external: true