nessi
4b16e0d4fc
Change gateway service from bridge networking to host network mode to enable direct access to host network interfaces. Replace host.docker.internal references with 127.0.0.1 in gateway URLs and backend host configuration. Remove port mapping, extra_hosts, and explicit network attachments since host mode provides direct network access.
107 lines
2.8 KiB
YAML
107 lines
2.8 KiB
YAML
services:
|
|
postgres:
|
|
image: postgres:17-alpine
|
|
environment:
|
|
POSTGRES_DB: ${POSTGRES_DB}
|
|
POSTGRES_USER: ${POSTGRES_USER}
|
|
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
|
ports:
|
|
- "5432:5432"
|
|
volumes:
|
|
- postgres-data:/var/lib/postgresql/data
|
|
- ../backend/migrations/000001_init.sql:/docker-entrypoint-initdb.d/010_init.sql:ro
|
|
- ../backend/seed/001_seed.sql:/docker-entrypoint-initdb.d/020_seed.sql:ro
|
|
networks:
|
|
- control
|
|
|
|
backend:
|
|
build:
|
|
context: ../backend
|
|
dockerfile: Dockerfile
|
|
hostname: backend
|
|
env_file:
|
|
- .env
|
|
depends_on:
|
|
- postgres
|
|
networks:
|
|
control:
|
|
aliases:
|
|
- backend
|
|
gateway:
|
|
aliases:
|
|
- backend
|
|
|
|
admin-web:
|
|
build:
|
|
context: ../admin-web
|
|
dockerfile: Dockerfile
|
|
depends_on:
|
|
- backend
|
|
ports:
|
|
- "8081:80"
|
|
networks:
|
|
- control
|
|
|
|
public-web:
|
|
build:
|
|
context: ..
|
|
dockerfile: public-web/Dockerfile
|
|
depends_on:
|
|
- backend
|
|
ports:
|
|
- "8080:80"
|
|
networks:
|
|
- control
|
|
|
|
reverse-proxy:
|
|
image: nginx:1.27-alpine
|
|
depends_on:
|
|
- backend
|
|
- admin-web
|
|
ports:
|
|
- "80:80"
|
|
volumes:
|
|
- ./nginx/reverse-proxy.conf:/etc/nginx/conf.d/default.conf:ro
|
|
networks:
|
|
- control
|
|
|
|
gateway:
|
|
build:
|
|
context: .
|
|
dockerfile: gateway/Dockerfile
|
|
depends_on:
|
|
- backend
|
|
network_mode: host
|
|
sysctls:
|
|
net.ipv4.ip_forward: "1"
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- SYS_MODULE
|
|
devices:
|
|
- /dev/net/tun:/dev/net/tun
|
|
environment:
|
|
GATEWAY_BOOTSTRAP_TOKEN: ${GATEWAY_BOOTSTRAP_TOKEN:-nexavpn-gateway-bootstrap}
|
|
NEXAVPN_GATEWAY_ID: ${NEXAVPN_GATEWAY_ID:-}
|
|
NEXAVPN_GATEWAY_NAME: ${NEXAVPN_GATEWAY_NAME:-primary-gateway}
|
|
NEXAVPN_GATEWAY_LISTEN_PORT: ${GATEWAY_UDP_PORT:-51900}
|
|
NEXAVPN_GATEWAY_SYNC_URL: ${NEXAVPN_GATEWAY_SYNC_URL:-http://127.0.0.1:8080/api/v1/gateway-agent}
|
|
NEXAVPN_GATEWAY_BOOTSTRAP_URL: ${NEXAVPN_GATEWAY_BOOTSTRAP_URL:-http://127.0.0.1:8080/api/v1/gateway-agent/bootstrap}
|
|
DEFAULT_GATEWAY_ENDPOINT: ${DEFAULT_GATEWAY_ENDPOINT:-localhost:${GATEWAY_UDP_PORT:-51900}}
|
|
DEFAULT_VPN_CIDR: ${DEFAULT_VPN_CIDR:-100.96.0.0/24}
|
|
NEXAVPN_API_TOKEN: ${NEXAVPN_API_TOKEN:-}
|
|
NEXAVPN_GATEWAY_PRIVATE_KEY: ${NEXAVPN_GATEWAY_PRIVATE_KEY:-}
|
|
NEXAVPN_GATEWAY_INTERFACE: ${NEXAVPN_GATEWAY_INTERFACE:-wg0}
|
|
NEXAVPN_UPLINK_INTERFACE: ${NEXAVPN_UPLINK_INTERFACE:-eth0}
|
|
NEXAVPN_ENABLE_MASQUERADE: ${NEXAVPN_ENABLE_MASQUERADE:-true}
|
|
NEXAVPN_BACKEND_HOST: ${NEXAVPN_BACKEND_HOST:-127.0.0.1}
|
|
volumes:
|
|
- ./scripts/gateway-entrypoint.sh:/scripts/gateway-entrypoint.sh:ro
|
|
- gateway-state:/var/lib/nexavpn
|
|
|
|
volumes:
|
|
postgres-data:
|
|
gateway-state:
|
|
|
|
networks:
|
|
control:
|