Skip to content

Instantly share code, notes, and snippets.

@hoelsner
Created Jul 30, 2022
Embed
What would you like to do?
Use of Wireguard within Docker
version: "3.9"
networks:
wireguard_network:
enable_ipv6: true
name: wg_internal
driver_opts:
com.docker.network.enable_ipv6: "true"
ipam:
config:
- subnet: "172.29.0.0/28"
gateway: "172.29.0.1"
- subnet: "FD00::0:0/112"
gateway: "FD00::0:EEEE"
services:
wireguard_hub:
image: localhost.local/wireguard-container-endpoint:test
cap_add:
- NET_ADMIN
sysctls:
- "net.ipv4.ip_forward=1"
- "net.ipv4.conf.all.src_valid_mark=1"
- "net.ipv6.conf.all.forwarding=1"
- "net.ipv6.conf.all.disable_ipv6=0"
# use Dockerfile from this gist
build:
context: .
command: sleep infinity
ports:
- 0.0.0.0:51820:51820/udp
networks:
wireguard_network:
ipv4_address: "172.29.0.2"
ipv6_address: "FD00::0:2"
nginx_demo:
image: nginxdemos/nginx-hello:latest
networks:
wireguard_network:
ipv4_address: "172.29.0.3"
ipv6_address: "FD00::0:3"
# dockerfile for the Wireguard Container Endpoint
# container required cap-add=NET_ADMIN and cap-add=NET_RAW to work properly
FROM ubuntu:20.04
ENV PATH="/home/appuser/.local/bin:${PATH}"
ADD --chown=root:root https://raw.githubusercontent.com/WireGuard/wireguard-tools/v1.0.20210914/contrib/json/wg-json /bin/wg-json
RUN set -x \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
curl=7.68.0-1ubuntu2.7 \
wireguard=1.0.20200513-1~20.04.2 \
wireguard-tools=1.0.20200513-1~20.04.2 \
iproute2=5.5.0-1ubuntu1 \
iputils-ping=3:20190709-3 \
inetutils-traceroute=2:1.9.4-11ubuntu0.1 \
iptables=1.8.4-3ubuntu2 \
nano=4.8-1ubuntu1 \
&& apt-get clean autoclean \
&& apt-get autoremove -y \
&& chmod 755 /bin/wg-json \
&& rm -rf /var/lib/apt/lists/*
# the container must be root, because it uses wg-quick and various other commands to
# configure the wireguard endpoints (otherwise, it won't work)
USER root
CMD ["/bin/bash"]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment