mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 10:18:54 +00:00
88 lines
2.3 KiB
YAML
88 lines
2.3 KiB
YAML
# Example compose file for a running a local Firezone instance on
|
|
# macOS or Windows.
|
|
#
|
|
# Note: This file is meant to serve as a template. Please modify it
|
|
# according to your needs. Read more about Docker Compose:
|
|
#
|
|
# https://docs.docker.com/compose/compose-file/
|
|
#
|
|
#
|
|
x-deploy: &default-deploy
|
|
restart_policy:
|
|
condition: unless-stopped
|
|
delay: 5s
|
|
window: 120s
|
|
update_config:
|
|
order: start-first
|
|
|
|
version: '3.7'
|
|
|
|
services:
|
|
caddy:
|
|
image: caddy:2
|
|
volumes:
|
|
- ${FZ_INSTALL_DIR:-.}/caddy:/data/caddy
|
|
ports:
|
|
- 80:80
|
|
- 443:443
|
|
# See Caddy's documentation for customizing the Caddyfile
|
|
# https://caddyserver.com/docs/quick-starts/reverse-proxy
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- |
|
|
cat <<EOF > /etc/caddy/Caddyfile && caddy run --config /etc/caddy/Caddyfile
|
|
|
|
https:// {
|
|
log
|
|
reverse_proxy * 172.25.0.100:${PHOENIX_PORT:-13000}
|
|
${TLS_OPTS:-}
|
|
}
|
|
EOF
|
|
deploy:
|
|
<<: *default-deploy
|
|
|
|
firezone:
|
|
image: firezone/firezone:${VERSION:-latest}
|
|
ports:
|
|
- ${WIREGUARD_PORT:-51820}:${WIREGUARD_PORT:-51820}/udp
|
|
env_file:
|
|
# This should contain a list of env vars for configuring Firezone.
|
|
# See https://docs.firezone.dev/reference/env-vars for more info.
|
|
- ${FZ_INSTALL_DIR:-.}/.env
|
|
volumes:
|
|
# IMPORTANT: Persists WireGuard private key and other data. If
|
|
# /var/firezone/private_key exists when Firezone starts, it is
|
|
# used as the WireGuard private. Otherwise, one is generated.
|
|
- ${FZ_INSTALL_DIR:-.}/firezone:/var/firezone
|
|
cap_add:
|
|
# Needed for WireGuard and firewall support.
|
|
- NET_ADMIN
|
|
- SYS_MODULE
|
|
sysctls:
|
|
# Needed for masquerading and NAT.
|
|
- net.ipv6.conf.all.disable_ipv6=0
|
|
- net.ipv4.ip_forward=1
|
|
- net.ipv6.conf.all.forwarding=1
|
|
depends_on:
|
|
- postgres
|
|
deploy:
|
|
<<: *default-deploy
|
|
|
|
postgres:
|
|
image: postgres:15
|
|
volumes:
|
|
- postgres-data:/var/lib/postgresql/data
|
|
environment:
|
|
POSTGRES_DB: ${DATABASE_NAME:-firezone}
|
|
POSTGRES_USER: ${DATABASE_USER:-postgres}
|
|
POSTGRES_PASSWORD: ${DATABASE_PASSWORD:?err}
|
|
deploy:
|
|
<<: *default-deploy
|
|
update_config:
|
|
order: stop-first
|
|
|
|
# Postgres needs a named volume to prevent perms issues on non-linux platforms
|
|
volumes:
|
|
postgres-data:
|