From 4b16e0d4fc391c3c4d7e965ff5029c9d54452bc8 Mon Sep 17 00:00:00 2001 From: nessi Date: Wed, 18 Mar 2026 08:28:33 +0100 Subject: [PATCH] feat: switch gateway container to host network mode and replace host.docker.internal with 127.0.0.1 Change gateway service from bridge networking to host network mode to enable direct access to host network interfaces. Replace host.docker.internal references with 127.0.0.1 in gateway URLs and backend host configuration. Remove port mapping, extra_hosts, and explicit network attachments since host mode provides direct network access. --- deploy/.env.example | 6 +++--- deploy/docker-compose.yml | 15 ++++----------- 2 files changed, 7 insertions(+), 14 deletions(-) diff --git a/deploy/.env.example b/deploy/.env.example index 59b301c..03e016f 100644 --- a/deploy/.env.example +++ b/deploy/.env.example @@ -16,11 +16,11 @@ DEFAULT_GATEWAY_PUBLIC_KEY=replace-me GATEWAY_BOOTSTRAP_TOKEN=nexavpn-gateway-bootstrap NEXAVPN_GATEWAY_ID= NEXAVPN_GATEWAY_NAME=primary-gateway -NEXAVPN_GATEWAY_SYNC_URL=http://host.docker.internal:8080/api/v1/gateway-agent -NEXAVPN_GATEWAY_BOOTSTRAP_URL=http://host.docker.internal:8080/api/v1/gateway-agent/bootstrap +NEXAVPN_GATEWAY_SYNC_URL=http://127.0.0.1:8080/api/v1/gateway-agent +NEXAVPN_GATEWAY_BOOTSTRAP_URL=http://127.0.0.1:8080/api/v1/gateway-agent/bootstrap NEXAVPN_API_TOKEN= NEXAVPN_GATEWAY_PRIVATE_KEY= NEXAVPN_GATEWAY_INTERFACE=wg0 NEXAVPN_UPLINK_INTERFACE=eth0 NEXAVPN_ENABLE_MASQUERADE=true -NEXAVPN_BACKEND_HOST=host.docker.internal +NEXAVPN_BACKEND_HOST=127.0.0.1 diff --git a/deploy/docker-compose.yml b/deploy/docker-compose.yml index be7775a..6d28871 100644 --- a/deploy/docker-compose.yml +++ b/deploy/docker-compose.yml @@ -71,6 +71,7 @@ services: dockerfile: gateway/Dockerfile depends_on: - backend + network_mode: host sysctls: net.ipv4.ip_forward: "1" cap_add: @@ -78,17 +79,13 @@ services: - SYS_MODULE devices: - /dev/net/tun:/dev/net/tun - extra_hosts: - - "host.docker.internal:host-gateway" - ports: - - "${GATEWAY_UDP_PORT:-51900}:${GATEWAY_UDP_PORT:-51900}/udp" environment: GATEWAY_BOOTSTRAP_TOKEN: ${GATEWAY_BOOTSTRAP_TOKEN:-nexavpn-gateway-bootstrap} NEXAVPN_GATEWAY_ID: ${NEXAVPN_GATEWAY_ID:-} NEXAVPN_GATEWAY_NAME: ${NEXAVPN_GATEWAY_NAME:-primary-gateway} NEXAVPN_GATEWAY_LISTEN_PORT: ${GATEWAY_UDP_PORT:-51900} - NEXAVPN_GATEWAY_SYNC_URL: ${NEXAVPN_GATEWAY_SYNC_URL:-http://host.docker.internal:8080/api/v1/gateway-agent} - NEXAVPN_GATEWAY_BOOTSTRAP_URL: ${NEXAVPN_GATEWAY_BOOTSTRAP_URL:-http://host.docker.internal:8080/api/v1/gateway-agent/bootstrap} + NEXAVPN_GATEWAY_SYNC_URL: ${NEXAVPN_GATEWAY_SYNC_URL:-http://127.0.0.1:8080/api/v1/gateway-agent} + NEXAVPN_GATEWAY_BOOTSTRAP_URL: ${NEXAVPN_GATEWAY_BOOTSTRAP_URL:-http://127.0.0.1:8080/api/v1/gateway-agent/bootstrap} DEFAULT_GATEWAY_ENDPOINT: ${DEFAULT_GATEWAY_ENDPOINT:-localhost:${GATEWAY_UDP_PORT:-51900}} DEFAULT_VPN_CIDR: ${DEFAULT_VPN_CIDR:-100.96.0.0/24} NEXAVPN_API_TOKEN: ${NEXAVPN_API_TOKEN:-} @@ -96,13 +93,10 @@ services: NEXAVPN_GATEWAY_INTERFACE: ${NEXAVPN_GATEWAY_INTERFACE:-wg0} NEXAVPN_UPLINK_INTERFACE: ${NEXAVPN_UPLINK_INTERFACE:-eth0} NEXAVPN_ENABLE_MASQUERADE: ${NEXAVPN_ENABLE_MASQUERADE:-true} - NEXAVPN_BACKEND_HOST: ${NEXAVPN_BACKEND_HOST:-host.docker.internal} + NEXAVPN_BACKEND_HOST: ${NEXAVPN_BACKEND_HOST:-127.0.0.1} volumes: - ./scripts/gateway-entrypoint.sh:/scripts/gateway-entrypoint.sh:ro - gateway-state:/var/lib/nexavpn - networks: - - gateway - - control volumes: postgres-data: @@ -110,4 +104,3 @@ volumes: networks: control: - gateway: