-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
52 lines (50 loc) · 1.56 KB
/
docker-compose.yml
File metadata and controls
52 lines (50 loc) · 1.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
services:
safe-stremio:
image: psyb0t/safe-stremio:latest
cap_add:
- NET_ADMIN
environment:
- WITH_OPENVPN=true
- USERNAME=user
- PASSWORD=pass
volumes:
- ./openvpn/config.ovpn:/vpn-config.ovpn
- ./openvpn/auth.txt:/vpn-auth.txt
restart: always
# Proxy for LAN/external access.
# When VPN is enabled, the safe-stremio container routes all traffic through
# the VPN tunnel. This breaks LAN access because responses to incoming LAN
# requests try to route back through the VPN instead of the local network.
# This proxy runs outside the VPN container but on the same Docker network,
# so container-to-container traffic bypasses VPN routing entirely.
proxy:
image: nginx:alpine
ports:
- "8080:80"
configs:
- source: proxy_conf
target: /etc/nginx/nginx.conf
depends_on:
- safe-stremio
restart: always
configs:
proxy_conf:
content: |
events {
worker_connections 1024;
}
http {
server {
listen 80;
location / {
proxy_pass http://safe-stremio:80;
proxy_http_version 1.1;
proxy_set_header Host $$host;
proxy_set_header Upgrade $$http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $$remote_addr;
proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $$scheme;
}
}
}