Created
July 7, 2022 21:51
-
-
Save tracker1/44ef4181b8234b7affb133c8cf2378b6 to your computer and use it in GitHub Desktop.
Docker PiHole + Wireguard + Caddy Proxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # after starting (docker-compose up -d) | |
| # run docker-compose logs wireguard to view the qr-code for wireguard clients | |
| version: "2.2" | |
| # network required to specify ip for services | |
| networks: | |
| vpnet: | |
| driver: bridge | |
| ipam: | |
| config: | |
| - subnet: "10.4.0.0/16" | |
| gateway: "10.4.0.1" | |
| services: | |
| # See docs for configuration https://caddyserver.com/docs/caddyfile | |
| caddy: | |
| container_name: caddy | |
| networks: | |
| vpnet: | |
| ipv4_address: 10.4.0.80 | |
| image: caddy:2.4.6 | |
| ports: | |
| - 80:80 | |
| - 443:443 | |
| volumes: | |
| - ./Caddyfile:/etc/caddy/Caddyfile | |
| - ./_data/caddy:/data/caddy | |
| restart: unless-stopped | |
| # More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/ | |
| # USE Docker Host's IP address in place of 192.168.0.2 below (ports) | |
| # http://192.168.0.2:8053/ | |
| pihole: | |
| container_name: pihole | |
| image: pihole/pihole:latest | |
| networks: | |
| vpnet: | |
| ipv4_address: 10.4.0.2 | |
| dns: | |
| - 1.1.1.1 | |
| - 1.0.0.1 | |
| ports: | |
| - "192.168.0.2:53:53/tcp" | |
| - "192.168.0.2:53:53/udp" | |
| - "192.168.0.2:67:67/udp" | |
| - "8053:80/tcp" | |
| environment: | |
| TZ: 'Etc/UTC' | |
| WEBPASSWORD: 'My super secret passphrase.' | |
| # Volumes store your data between container upgrades | |
| volumes: | |
| - './_data/pihole/etc-pihole/:/etc/pihole/' | |
| - './_data/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/' | |
| # Recommended but not required (DHCP needs NET_ADMIN) | |
| # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities | |
| cap_add: | |
| - NET_ADMIN | |
| restart: unless-stopped | |
| # See docs: https://docs.linuxserver.io/images/docker-wireguard | |
| wireguard: | |
| container_name: wireguard | |
| networks: | |
| vpnet: | |
| ipv4_address: 10.4.0.3 | |
| image: ghcr.io/linuxserver/wireguard | |
| cap_add: | |
| - NET_ADMIN | |
| - SYS_MODULE | |
| environment: | |
| - PUID=1001 # match host user id - use `id` command | |
| - PGID=1001 # match host group id - use `id` command | |
| - TZ=Europe/London | |
| - SERVERURL=vpn.home.minisrv.org #optional | |
| - SERVERPORT=51820 #optional | |
| - PEERS=1 #optional | |
| - PEERDNS=10.4.0.2 #auto #optional - using the pihole service's dns | |
| - INTERNAL_SUBNET=10.13.13.0 #optional - different than network above | |
| - ALLOWEDIPS=0.0.0.0/0 #optional | |
| volumes: | |
| - ./_data//wireguard/config:/config | |
| - ./_data/wireguard/modules:/lib/modules | |
| ports: | |
| - 51820:51820/udp # default port | |
| sysctls: | |
| - net.ipv4.conf.all.src_valid_mark=1 | |
| restart: unless-stopped |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment