version: "3"
services:
traefik:
image: "traefik:v2.10"
container_name: "traefik"
command:
#- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=MYEMAIL@gmail.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
# - "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
private_network:
ipv4_address: 10.2.0.120
unbound:
image: "mvance/unbound:1.17.0"
container_name: unbound
restart: unless-stopped
hostname: "unbound"
volumes:
- "./unbound:/opt/unbound/etc/unbound/"
networks:
private_network:
ipv4_address: 10.2.0.200
wg-easy:
depends_on: [unbound, adguardhome]
environment:
- WG_HOST=MYHOST_IP
- PASSWORD=openode
- WG_PORT=51820
- WG_DEFAULT_ADDRESS=10.10.10.x
- WG_DEFAULT_DNS=10.2.0.100
- WG_ALLOWED_IPS=10.2.0.0/24, 0.0.0.0/0, ::/0
- WG_PERSISTENT_KEEPALIVE=25
- WG_MTU=1280
#image: ditek/wg-easy
image: weejewel/wg-easy
container_name: wg-easy
volumes:
- .:/etc/wireguard
ports:
- "51820:51820/udp"
# - "51821:51821/tcp"
restart: unless-stopped
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
dns:
- 10.2.0.100
- 10.2.0.200
networks:
private_network:
ipv4_address: 10.2.0.3
labels:
- "traefik.enable=true"
- "traefik.http.routers.vpn.rule=Host(`vpn.site.com`)"
- "traefik.http.routers.vpn.entrypoints=websecure"
- 'traefik.http.routers.vpn.tls=true'
- "traefik.http.routers.vpn.tls.certresolver=myresolver"
- "traefik.http.services.vpn.loadbalancer.server.port=51821"
adguardhome:
depends_on: [unbound]
image: adguard/adguardhome
container_name: adguardhome
restart: unless-stopped
environment:
- TZ=America/Los_Angeles
volumes:
- ./work:/opt/adguardhome/work
- ./conf:/opt/adguardhome/conf
networks:
private_network:
ipv4_address: 10.2.0.100
networks:
private_network:
ipam:
driver: default
config:
- subnet: 10.2.0.0/24
свой exchange или подписка
azure ad как услуга
Lan1 - интернет - роутер1 (192.168.1.250) + через LTE модем
Lan2 - интернет - роутер2 (192.168.1.1) (ростелеком)
LAN 192.168.168.0/24
26 : WG_CLIENT_PORT,
203 : ${WG_CLIENT_PORT ? `ListenPort = ${WG_CLIENT_PORT}` : ''}
/ip ipsec profile
set [ find default=yes ] enc-algorithm=aes-256,aes-192,aes-128,3des,des name=***
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha512,sha256,sha1,md5,null enc-algorithms="aes-256-cbc,aes-256-ctr,aes\
-256-gcm,aes-192-cbc,aes-192-ctr,aes-192-gcm,aes-128-cbc,aes-128-ctr,aes-128-gcm,3des,des,null" pfs-group=\
modp2048