docs: create guides/wireguard-pihole/wireguard-mit-pihole-einrichten
This commit is contained in:
parent
1db569166c
commit
9dfa4d28c8
1 changed files with 161 additions and 0 deletions
161
guides/wireguard-pihole/wireguard-mit-pihole-einrichten.md
Normal file
161
guides/wireguard-pihole/wireguard-mit-pihole-einrichten.md
Normal file
|
@ -0,0 +1,161 @@
|
|||
---
|
||||
title: Anleitung zur Erstellung eines Docker-Containers für wg-easy-extended und Pihole
|
||||
description:
|
||||
published: true
|
||||
date: 2024-02-10T23:33:59.348Z
|
||||
tags:
|
||||
editor: markdown
|
||||
dateCreated: 2024-02-10T23:33:59.348Z
|
||||
---
|
||||
|
||||
# Anleitung zur Erstellung eines Docker-Containers für wg-easy-extended
|
||||
|
||||
## Schritt 1: Docker Compose-Datei erstellen
|
||||
|
||||
Erstellen Sie eine Datei mit dem Namen `docker-compose.yml` und fügen Sie den folgenden Inhalt ein:
|
||||
|
||||
```yaml
|
||||
version: "3"
|
||||
|
||||
# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
|
||||
services:
|
||||
pihole:
|
||||
container_name: pihole
|
||||
#image: pihole/pihole:latest
|
||||
image: cbcrowe/pihole-unbound:latest
|
||||
# For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
|
||||
ports:
|
||||
- "127.0.0.1:53:53/tcp"
|
||||
- "127.0.0.1:53:53/udp"
|
||||
#- "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
|
||||
#- "127.0.0.1:8084:80/tcp"
|
||||
environment:
|
||||
ServerIP: 10.8.1.3
|
||||
TZ: 'Europe/Berlin'
|
||||
WEBPASSWORD: '${PASSWORT}'
|
||||
REV_SERVER: 'false'
|
||||
DNS1: 127.0.0.1#5335 # Hardcoded to our Unbound server
|
||||
DNS2: 127.0.0.1#5335 # Hardcoded to our Unbound server
|
||||
DNSSEC: 'true' # Enable DNSSEC
|
||||
VIRTUAL_HOST: pihole.${WEBSEITE}
|
||||
VIRTUAL_PORT: 80
|
||||
LETSENCRYPT_HOST: pihole.${WEBSEITE}
|
||||
LETSENCRYPT_EMAIL: admin@${WEBSEITE}
|
||||
|
||||
# Volumes store your data between container upgrades
|
||||
volumes:
|
||||
- './etc-pihole:/etc/pihole'
|
||||
- './etc-dnsmasq.d:/etc/dnsmasq.d'
|
||||
# https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
|
||||
cap_add:
|
||||
- NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
|
||||
restart: always
|
||||
|
||||
labels:
|
||||
- "com.centurylinklabs.watchtower.enable=true"
|
||||
- flame.type=application
|
||||
- flame.name=Pi-hole
|
||||
- flame.url=https://pihole.${WEBSEITE}/admin/
|
||||
- flame.icon=dns
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
edge-tier:
|
||||
dns:
|
||||
ipv4_address: 172.28.0.2
|
||||
wg-easy:
|
||||
ipv4_address: 10.8.1.3
|
||||
|
||||
wg-easy-extended:
|
||||
container_name: wg-easy-extended
|
||||
environment:
|
||||
WG_HOST: brothertec.eu
|
||||
PASSWORD: ${PASSWORT}
|
||||
#- WG_DEFAULT_DNS=1.1.1.1
|
||||
WG_DEFAULT_DNS: 10.8.1.3
|
||||
WG_DEFAULT_ADDRESS: 10.8.0.x
|
||||
# - WG_MTU=1420
|
||||
WG_PERSISTENT_KEEPALIVE: 25
|
||||
WG_ALLOWED_IPS: 10.8.0.0/24,10.8.1.3
|
||||
WG_POST_UP: >
|
||||
iptables-legacy -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE;
|
||||
iptables-legacy -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth1 -j MASQUERADE;
|
||||
iptables-legacy -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth2 -j MASQUERADE;
|
||||
iptables-legacy -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth3 -j MASQUERADE;
|
||||
iptables-legacy -A INPUT -p udp -m udp --dport 51820 -j ACCEPT;
|
||||
iptables-legacy -A FORWARD -i wg0 -j ACCEPT;
|
||||
iptables-legacy -A FORWARD -o wg0 -j ACCEPT;
|
||||
# - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt
|
||||
# - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt
|
||||
# - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt
|
||||
# - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt
|
||||
|
||||
VIRTUAL_HOST: vpn.${WEBSEITE}
|
||||
VIRTUAL_PORT: 51821
|
||||
LETSENCRYPT_HOST: vpn.${WEBSEITE}
|
||||
LETSENCRYPT_EMAIL: admin@${WEBSEITE}
|
||||
volumes:
|
||||
- ./wg-easy:/etc/wireguard
|
||||
ports:
|
||||
- 51820:51820/udp
|
||||
#- 51821:51821/tcp
|
||||
#- 9586:9586/tcp
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
- SYS_MODULE
|
||||
sysctls:
|
||||
- net.ipv4.conf.all.src_valid_mark=1
|
||||
- net.ipv4.ip_forward=1
|
||||
restart: unless-stopped
|
||||
image: ghcr.io/tolkonepiu/wg-easy-extended
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
edge-tier:
|
||||
dns:
|
||||
ipv4_address: 172.28.0.3
|
||||
wg-easy:
|
||||
ipv4_address: 10.8.1.2
|
||||
|
||||
labels:
|
||||
- "com.centurylinklabs.watchtower.enable=true"
|
||||
- flame.type=application
|
||||
- flame.name=Wireguard
|
||||
- flame.url=https://vpn.${WEBSEITE}
|
||||
- flame.icon=vpn
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
name: nginx-proxy
|
||||
external: true
|
||||
edge-tier:
|
||||
name: edge
|
||||
external: true
|
||||
dns:
|
||||
name: dns
|
||||
external: true
|
||||
wg-easy:
|
||||
ipam:
|
||||
config:
|
||||
- subnet: 10.8.1.0/24
|
||||
|
||||
|
||||
```
|
||||
|
||||
## Schritt 2: Erstellen des DNS Netzwerkes
|
||||
|
||||
~~~
|
||||
docker network create --driver=bridge --subnet=172.28.0.0/16 dns
|
||||
~~~
|
||||
|
||||
## Schritt 3: Docker-Container starten
|
||||
|
||||
Navigieren Sie im Terminal zum Verzeichnis, in dem sich die `docker-compose.yml`-Datei befindet, und führen Sie den folgenden Befehl aus, um den Docker-Container zu starten:
|
||||
|
||||
```bash
|
||||
docker-compose up -d
|
||||
```
|
||||
|
||||
Der Parameter `-d` startet den Container im Hintergrund.
|
||||
|
||||
Nachdem der Container gestartet wurde, ist Ihr wg-easy-extended-Dienst einsatzbereit.
|
Loading…
Reference in a new issue