version: "3.7" services: wg-easy: container_name: wg-easy image: weejewel/wg-easy:7 restart: unless-stopped volumes: - ${APP_DATA_DIR}/data:/etc/wireguard ports: - 51820:51820/udp - ${APP_PORT}:51821/tcp environment: WG_HOST: "${WIREGUARD_HOST}" PASSWORD: "${WIREGUARD_PASSWORD}" WG_DEFAULT_DNS: "${WIREGUARD_DNS:-8.8.8.8}" WG_ALLOWED_IPS: 0.0.0.0/0, ::/0 cap_add: - NET_ADMIN - SYS_MODULE sysctls: - net.ipv4.conf.all.src_valid_mark=1 - net.ipv4.ip_forward=1 networks: - tipi_main_network labels: # Main traefik.enable: true traefik.http.middlewares.wg-easy-web-redirect.redirectscheme.scheme: https traefik.http.services.wg-easy.loadbalancer.server.port: 51821 # Web traefik.http.routers.wg-easy-insecure.rule: Host(`${APP_DOMAIN}`) traefik.http.routers.wg-easy-insecure.entrypoints: web traefik.http.routers.wg-easy-insecure.service: wg-easy traefik.http.routers.wg-easy-insecure.middlewares: wg-easy-web-redirect # Websecure traefik.http.routers.wg-easy.rule: Host(`${APP_DOMAIN}`) traefik.http.routers.wg-easy.entrypoints: websecure traefik.http.routers.wg-easy.service: wg-easy traefik.http.routers.wg-easy.tls.certresolver: myresolver # Local domain traefik.http.routers.wg-easy-local-insecure.rule: Host(`wg-easy.${LOCAL_DOMAIN}`) traefik.http.routers.wg-easy-local-insecure.entrypoints: web traefik.http.routers.wg-easy-local-insecure.service: wg-easy traefik.http.routers.wg-easy-local-insecure.middlewares: wg-easy-web-redirect # Local domain secure traefik.http.routers.wg-easy-local.rule: Host(`wg-easy.${LOCAL_DOMAIN}`) traefik.http.routers.wg-easy-local.entrypoints: websecure traefik.http.routers.wg-easy-local.service: wg-easy traefik.http.routers.wg-easy-local.tls: true