cloudflare-s2s/docker-compose.yaml at main · BastelBaus/cloudflare-s2s · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
services:
  cloudflare-s2s:
    container_name: cloudflared-s2s
    image: cloudflared-s2s:staging
    #image: bastelbaus/cloudflared-s2s:latest
    pull_policy: build
    build:
      context: ./
      dockerfile: Dockerfile
    restart: always
    #build:
    #  context: .

    ports: # host_port : docker_port
      - ${API_PORT}:${API_PORT}      # the WebUI
      - ${WEBUI_PORT}:${WEBUI_PORT}  # the REST API
      - 51820:51820 # wireguard to test !

    volumes:
      - ./app:/var/app2       # just temp, if neede
      - ./data:/var/data      # the folder where the data is stored
    #volumes:
    #  - ./app:/app # mounting local app directory
    #  - ~/cloudflared-mgr:/source
    environment:
      - TUNNEL_TOKEN=${TUNNEL_TOKEN}    # the default tunnel token, if a token is given in the API,
                                        # this as precedence
      - SERVER_NAME=${SERVER_NAME}      # The instance name (usefull if accessed by other frontends)
      - WEBUI_PORT=${WEBUI_PORT}        # the port of webui to control several sites
      - API_PORT=${API_PORT}            # the port of the API for this site
      - AUTO_CONNECT=1                  # Tries to automatically connect to the warp networp
                                        #    yes: 1 (default)   no: 0
      - SUBNET=${SUBNET}                # the subnet, needed to allow connection to the host itself


      # TODO: how to include the example,.env ??
    #  - PUID=1000 # change this to your user id
    #  - PGID=1000 # change this to your group id
    #  - STORAGE_SECRET="change-this-to-yor-own-private-secret"
    # some additonal settings needed for routing
    #network_mode: "host"
    cap_add:
      - NET_ADMIN
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=1
#      - net.ipv4.conf.all.src_valid_mark=1
    networks:
      default:
      macvlan_network:
        ipv4_address: ${ROUTER_IP}

networks:
  macvlan_network:
    driver: macvlan
    driver_opts:
      parent: eth0                       # put here the device of your server ethernet (i.e. get it by "ip -a")
    ipam:
      driver: default
      config:
       - subnet: "${SUBNET}"
         ip_range: "${ROUTER_IP}/32"     # block new IPs except the given
         gateway: "${GATEWAY_IP}"