feat: switch gateway container to host network mode and replace host.docker.internal with 127.0.0.1

Change gateway service from bridge networking to host network mode to enable direct access to host network interfaces. Replace host.docker.internal references with 127.0.0.1 in gateway URLs and backend host configuration. Remove port mapping, extra_hosts, and explicit network attachments since host mode provides direct network access.

deploy/.env.example

@@ -16,11 +16,11 @@ DEFAULT_GATEWAY_PUBLIC_KEY=replace-me
 GATEWAY_BOOTSTRAP_TOKEN=nexavpn-gateway-bootstrap
 NEXAVPN_GATEWAY_ID=
 NEXAVPN_GATEWAY_NAME=primary-gateway
-NEXAVPN_GATEWAY_SYNC_URL=http://host.docker.internal:8080/api/v1/gateway-agent
+NEXAVPN_GATEWAY_SYNC_URL=http://127.0.0.1:8080/api/v1/gateway-agent
-NEXAVPN_GATEWAY_BOOTSTRAP_URL=http://host.docker.internal:8080/api/v1/gateway-agent/bootstrap
+NEXAVPN_GATEWAY_BOOTSTRAP_URL=http://127.0.0.1:8080/api/v1/gateway-agent/bootstrap
 NEXAVPN_API_TOKEN=
 NEXAVPN_GATEWAY_PRIVATE_KEY=
 NEXAVPN_GATEWAY_INTERFACE=wg0
 NEXAVPN_UPLINK_INTERFACE=eth0
 NEXAVPN_ENABLE_MASQUERADE=true
-NEXAVPN_BACKEND_HOST=host.docker.internal
+NEXAVPN_BACKEND_HOST=127.0.0.1

deploy/docker-compose.yml

@@ -71,6 +71,7 @@ services:
       dockerfile: gateway/Dockerfile
     depends_on:
       - backend
+    network_mode: host
     sysctls:
       net.ipv4.ip_forward: "1"
     cap_add:
@@ -78,17 +79,13 @@ services:
       - SYS_MODULE
     devices:
       - /dev/net/tun:/dev/net/tun
-    extra_hosts:
-      - "host.docker.internal:host-gateway"
-    ports:
-      - "${GATEWAY_UDP_PORT:-51900}:${GATEWAY_UDP_PORT:-51900}/udp"
     environment:
       GATEWAY_BOOTSTRAP_TOKEN: ${GATEWAY_BOOTSTRAP_TOKEN:-nexavpn-gateway-bootstrap}
       NEXAVPN_GATEWAY_ID: ${NEXAVPN_GATEWAY_ID:-}
       NEXAVPN_GATEWAY_NAME: ${NEXAVPN_GATEWAY_NAME:-primary-gateway}
       NEXAVPN_GATEWAY_LISTEN_PORT: ${GATEWAY_UDP_PORT:-51900}
-      NEXAVPN_GATEWAY_SYNC_URL: ${NEXAVPN_GATEWAY_SYNC_URL:-http://host.docker.internal:8080/api/v1/gateway-agent}
+      NEXAVPN_GATEWAY_SYNC_URL: ${NEXAVPN_GATEWAY_SYNC_URL:-http://127.0.0.1:8080/api/v1/gateway-agent}
-      NEXAVPN_GATEWAY_BOOTSTRAP_URL: ${NEXAVPN_GATEWAY_BOOTSTRAP_URL:-http://host.docker.internal:8080/api/v1/gateway-agent/bootstrap}
+      NEXAVPN_GATEWAY_BOOTSTRAP_URL: ${NEXAVPN_GATEWAY_BOOTSTRAP_URL:-http://127.0.0.1:8080/api/v1/gateway-agent/bootstrap}
       DEFAULT_GATEWAY_ENDPOINT: ${DEFAULT_GATEWAY_ENDPOINT:-localhost:${GATEWAY_UDP_PORT:-51900}}
       DEFAULT_VPN_CIDR: ${DEFAULT_VPN_CIDR:-100.96.0.0/24}
       NEXAVPN_API_TOKEN: ${NEXAVPN_API_TOKEN:-}
@@ -96,13 +93,10 @@ services:
       NEXAVPN_GATEWAY_INTERFACE: ${NEXAVPN_GATEWAY_INTERFACE:-wg0}
       NEXAVPN_UPLINK_INTERFACE: ${NEXAVPN_UPLINK_INTERFACE:-eth0}
       NEXAVPN_ENABLE_MASQUERADE: ${NEXAVPN_ENABLE_MASQUERADE:-true}
-      NEXAVPN_BACKEND_HOST: ${NEXAVPN_BACKEND_HOST:-host.docker.internal}
+      NEXAVPN_BACKEND_HOST: ${NEXAVPN_BACKEND_HOST:-127.0.0.1}
     volumes:
       - ./scripts/gateway-entrypoint.sh:/scripts/gateway-entrypoint.sh:ro
       - gateway-state:/var/lib/nexavpn
-    networks:
-      - gateway
-      - control
 
 volumes:
   postgres-data:
@@ -110,4 +104,3 @@ volumes:
 
 networks:
   control:
-  gateway: