Compare commits
30 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 theis.gaedigk
|
cf2df0aaac | ||
|
theis.gaedigk
|
1199d6468f | ||
|
theis.gaedigk
|
7cd958c31e | ||
|
theis.gaedigk
|
f89cf84a38 | ||
|
theis.gaedigk
|
e3fc1d8659 | ||
|
theis.gaedigk
|
060f8d01c6 | ||
|
theis.gaedigk
|
667609d70c | ||
|
theis.gaedigk
|
b05f19acd9 | ||
|
theis.gaedigk
|
2aa9a968f5 | ||
|
theis.gaedigk
|
e42a2f510a | ||
|
theis.gaedigk
|
d2b22fc71f | ||
|
theis.gaedigk
|
471c0c7a49 | ||
|
theis.gaedigk
|
75ff65e76b | ||
|
theis.gaedigk
|
7cf1245ef6 | ||
|
theis.gaedigk
|
2adbfa75a5 | ||
|
theis.gaedigk
|
216a1cb1d4 | ||
|
theis.gaedigk
|
7fc98d6c9f | ||
|
theis.gaedigk
|
e346cf9445 | ||
|
theis.gaedigk
|
c030b6dbe6 | ||
|
theis.gaedigk
|
6f26b9bbc3 | ||
|
theis.gaedigk
|
a34a70572f | ||
|
theis.gaedigk
|
4b3c8a2424 | ||
|
theis.gaedigk
|
568b3bf495 | ||
|
theis.gaedigk
|
5653d32857 | ||
|
theis.gaedigk
|
7cf5b8df48 | ||
|
theis.gaedigk
|
65c5fc0f8f | ||
|
theis.gaedigk
|
b626a67907 | ||
|
theis.gaedigk
|
6643a176a6 | ||
|
theis.gaedigk
|
89803754a7 | ||
|
theis.gaedigk
|
5052b3e83a |
@@ -1,115 +0,0 @@
|
||||
services:
|
||||
frontend:
|
||||
container_name: ca-lose-frontend
|
||||
hostname: lose-verkaufen
|
||||
build: ./frontend
|
||||
networks:
|
||||
ca-lose-internal:
|
||||
ipv4_address: 172.25.0.2
|
||||
proxynet:
|
||||
ipv4_address: 172.20.0.61
|
||||
restart: unless-stopped
|
||||
|
||||
backend:
|
||||
container_name: ca-lose-backend
|
||||
hostname: backend
|
||||
build: ./backend
|
||||
environment:
|
||||
NODE_ENV: production
|
||||
DB_HOST: ca-lose-mysql
|
||||
DB_USER: root
|
||||
DB_PASSWORD: ${DB_PASSWORD}
|
||||
DB_NAME: ca_lose
|
||||
depends_on:
|
||||
- database
|
||||
networks:
|
||||
ca-lose-internal:
|
||||
ipv4_address: 172.25.0.3
|
||||
restart: unless-stopped
|
||||
|
||||
database:
|
||||
container_name: ca-lose-mysql
|
||||
hostname: database
|
||||
image: mysql:8.0
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
MYSQL_ROOT_PASSWORD: ${DB_PASSWORD}
|
||||
MYSQL_DATABASE: ca_lose
|
||||
TZ: Europe/Berlin
|
||||
volumes:
|
||||
- ca-lose_mysql:/var/lib/mysql
|
||||
- ./mysql-timezone.cnf:/etc/mysql/conf.d/timezone.cnf:ro
|
||||
networks:
|
||||
ca-lose-internal:
|
||||
ipv4_address: 172.25.0.4
|
||||
proxynet:
|
||||
ipv4_address: 172.20.0.60
|
||||
|
||||
# DNS Server für Hostname-Auflösung innerhalb des VPN
|
||||
dnsmasq:
|
||||
container_name: ca-lose-dns
|
||||
image: andyshinn/dnsmasq:latest
|
||||
restart: unless-stopped
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
command: >
|
||||
--no-daemon
|
||||
--log-queries
|
||||
--address=/lose-verkaufen/172.25.0.2
|
||||
--address=/frontend/172.25.0.2
|
||||
--address=/backend/172.25.0.3
|
||||
--address=/database/172.25.0.4
|
||||
--address=/wg-admin/172.25.0.10
|
||||
networks:
|
||||
ca-lose-internal:
|
||||
ipv4_address: 172.25.0.53
|
||||
|
||||
# WireGuard VPN mit Web-UI (wg-easy)
|
||||
wireguard:
|
||||
image: ghcr.io/wg-easy/wg-easy:latest
|
||||
container_name: ca-lose-wireguard
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
- SYS_MODULE
|
||||
environment:
|
||||
LANG: de
|
||||
WG_HOST: dus3.the1s.de
|
||||
WG_PORT: "51830"
|
||||
PORT: "51821"
|
||||
WG_DEFAULT_ADDRESS: 10.14.14.x
|
||||
WG_DEFAULT_DNS: "172.25.0.53"
|
||||
WG_ALLOWED_IPS: 172.25.0.0/24
|
||||
WG_PERSISTENT_KEEPALIVE: "25"
|
||||
WG_POST_UP: "iptables -t nat -A POSTROUTING -s 10.14.14.0/24 -o eth0 -j MASQUERADE; iptables -A FORWARD -i wg0 -o eth0 -j ACCEPT; iptables -A FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -A FORWARD -i wg0 -d 172.25.0.2 -j ACCEPT; iptables -A FORWARD -i wg0 -d 172.25.0.53 -j ACCEPT; iptables -A FORWARD -i wg0 -j DROP"
|
||||
WG_POST_DOWN: "iptables -t nat -D POSTROUTING -s 10.14.14.0/24 -o eth0 -j MASQUERADE; iptables -D FORWARD -i wg0 -o eth0 -j ACCEPT; iptables -D FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -D FORWARD -i wg0 -d 172.25.0.2 -j ACCEPT; iptables -D FORWARD -i wg0 -d 172.25.0.53 -j ACCEPT; iptables -D FORWARD -i wg0 -j DROP"
|
||||
volumes:
|
||||
- wireguard-data:/etc/wireguard
|
||||
- /lib/modules:/lib/modules:ro
|
||||
ports:
|
||||
- "51830:51830/udp"
|
||||
sysctls:
|
||||
- net.ipv4.ip_forward=1
|
||||
- net.ipv4.conf.all.src_valid_mark=1
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- dnsmasq
|
||||
- frontend
|
||||
networks:
|
||||
ca-lose-internal:
|
||||
ipv4_address: 172.25.0.10
|
||||
proxynet:
|
||||
ipv4_address: 172.20.0.50
|
||||
|
||||
volumes:
|
||||
ca-lose_mysql:
|
||||
wireguard-data:
|
||||
|
||||
networks:
|
||||
ca-lose-internal:
|
||||
driver: bridge
|
||||
ipam:
|
||||
config:
|
||||
- subnet: 172.25.0.0/24
|
||||
gateway: 172.25.0.1
|
||||
proxynet:
|
||||
external: true
|
||||
+74
-12
@@ -1,16 +1,19 @@
|
||||
services:
|
||||
# frontend:
|
||||
# container_name: ca-lose-frontend
|
||||
# build: ./frontend
|
||||
# ports:
|
||||
# - "8002:80"
|
||||
# restart: unless-stopped
|
||||
frontend:
|
||||
container_name: ca-lose-frontend
|
||||
hostname: lose-verkaufen
|
||||
build: ./frontend
|
||||
depends_on:
|
||||
- backend
|
||||
networks:
|
||||
ca-lose-internal:
|
||||
ipv4_address: 172.25.0.2
|
||||
restart: unless-stopped
|
||||
|
||||
backend:
|
||||
container_name: ca-lose-backend
|
||||
hostname: backend
|
||||
build: ./backend
|
||||
ports:
|
||||
- "8004:8004"
|
||||
environment:
|
||||
NODE_ENV: production
|
||||
DB_HOST: ca-lose-mysql
|
||||
@@ -19,21 +22,80 @@ services:
|
||||
DB_NAME: ca_lose
|
||||
depends_on:
|
||||
- database
|
||||
networks:
|
||||
ca-lose-internal:
|
||||
ipv4_address: 172.25.0.3
|
||||
restart: unless-stopped
|
||||
|
||||
database:
|
||||
container_name: ca-lose-mysql
|
||||
hostname: database
|
||||
image: mysql:8.0
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "3311:3306"
|
||||
environment:
|
||||
MYSQL_ROOT_PASSWORD: ${DB_PASSWORD}
|
||||
MYSQL_DATABASE: ca_lose
|
||||
TZ: Europe/Berlin
|
||||
volumes:
|
||||
- ca-lose_mysql:/var/lib/mysql
|
||||
- ../docker/volumes/ca-lose_mysql:/var/lib/mysql
|
||||
- ./mysql-timezone.cnf:/etc/mysql/conf.d/timezone.cnf:ro
|
||||
networks:
|
||||
ca-lose-internal:
|
||||
ipv4_address: 172.25.0.4
|
||||
|
||||
# DNS Server für Hostname-Auflösung innerhalb des VPN
|
||||
dnsmasq:
|
||||
container_name: ca-lose-dns
|
||||
image: andyshinn/dnsmasq:latest
|
||||
restart: unless-stopped
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
command: >
|
||||
--no-daemon
|
||||
--log-queries
|
||||
--address=/lose-verkaufen/172.25.0.2
|
||||
--address=/frontend/172.25.0.2
|
||||
--address=/backend/172.25.0.3
|
||||
--address=/database/172.25.0.4
|
||||
--address=/wireguard/172.25.0.6
|
||||
networks:
|
||||
ca-lose-internal:
|
||||
ipv4_address: 172.25.0.5
|
||||
|
||||
# WireGuard VPN mit Web-UI (wg-easy)
|
||||
wireguard:
|
||||
image: ghcr.io/wg-easy/wg-easy:latest
|
||||
container_name: ca-lose-wireguard
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
- SYS_MODULE
|
||||
environment:
|
||||
LANG: de
|
||||
WG_HOST: dus3.the1s.de
|
||||
WG_PORT: "51830"
|
||||
WG_DEFAULT_DNS: "172.25.0.5"
|
||||
PORT: "80" # Web-UI Port
|
||||
PASSWORD_HASH: ${WIREGUARD_PASSWORD_HASH}
|
||||
volumes:
|
||||
ca-lose_mysql:
|
||||
- ../docker/volumes/ca-lose-wireguard:/etc/wireguard
|
||||
- /lib/modules:/lib/modules:ro
|
||||
ports:
|
||||
- "51830:51830/udp"
|
||||
# - "51831:80/tcp" # only for short configuration access - remove in production - external: 51831 internal: 80
|
||||
sysctls:
|
||||
- net.ipv4.ip_forward=1
|
||||
- net.ipv4.conf.all.src_valid_mark=1
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- dnsmasq
|
||||
networks:
|
||||
ca-lose-internal:
|
||||
ipv4_address: 172.25.0.6
|
||||
|
||||
networks:
|
||||
ca-lose-internal:
|
||||
driver: bridge
|
||||
ipam:
|
||||
config:
|
||||
- subnet: 172.25.0.0/24
|
||||
gateway: 172.25.0.1
|
||||
|
||||
Reference in New Issue
Block a user