95 lines
2.6 KiB
YAML
95 lines
2.6 KiB
YAML
version: '3.8'
|
|
|
|
services:
|
|
# MariaDB Database
|
|
db:
|
|
image: mariadb:10.11
|
|
container_name: mguard-db
|
|
restart: unless-stopped
|
|
environment:
|
|
MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD:-changeme_root}
|
|
MYSQL_DATABASE: ${DB_NAME:-mguard_vpn}
|
|
MYSQL_USER: ${DB_USER:-mguard}
|
|
MYSQL_PASSWORD: ${DB_PASSWORD:-changeme_db}
|
|
volumes:
|
|
- db_data:/var/lib/mysql
|
|
- ./server/init.sql:/docker-entrypoint-initdb.d/init.sql:ro
|
|
networks:
|
|
- mguard-network
|
|
healthcheck:
|
|
test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
|
|
# FastAPI Server + Web UI
|
|
api:
|
|
build:
|
|
context: ./server
|
|
dockerfile: Dockerfile
|
|
container_name: mguard-api
|
|
restart: unless-stopped
|
|
extra_hosts:
|
|
- "host.docker.internal:host-gateway"
|
|
environment:
|
|
- DATABASE_URL=mysql+pymysql://${DB_USER:-mguard}:${DB_PASSWORD:-changeme_db}@db:3306/${DB_NAME:-mguard_vpn}
|
|
- SECRET_KEY=${SECRET_KEY:-change_me_in_production_use_openssl_rand_hex_32}
|
|
- ADMIN_USERNAME=${ADMIN_USERNAME:-admin}
|
|
- ADMIN_PASSWORD=${ADMIN_PASSWORD:-changeme}
|
|
- ADMIN_EMAIL=${ADMIN_EMAIL:-admin@example.com}
|
|
- OPENVPN_MANAGEMENT_HOST=openvpn
|
|
- OPENVPN_MANAGEMENT_PORT=7505
|
|
- VPN_SERVER_ADDRESS=${VPN_SERVER_ADDRESS:-vpn.example.com}
|
|
ports:
|
|
- "8000:8000"
|
|
volumes:
|
|
- ./server/app:/server/app
|
|
- openvpn_logs:/var/log/openvpn:ro
|
|
depends_on:
|
|
db:
|
|
condition: service_healthy
|
|
networks:
|
|
- mguard-network
|
|
|
|
# OpenVPN Multi-Server Container (Host Network)
|
|
# Manages multiple VPN server instances dynamically based on database configuration.
|
|
# No need to edit docker-compose.yml when adding new VPN servers - just create them
|
|
# via the web UI and the container will automatically start them.
|
|
openvpn:
|
|
build:
|
|
context: ./openvpn
|
|
dockerfile: Dockerfile
|
|
container_name: mguard-openvpn
|
|
restart: unless-stopped
|
|
network_mode: host
|
|
privileged: true
|
|
cap_add:
|
|
- NET_ADMIN
|
|
environment:
|
|
# API runs on localhost:8000 from container's perspective (host network)
|
|
- API_URL=http://127.0.0.1:8000/api/internal
|
|
- API_TIMEOUT=120
|
|
- API_RETRY_INTERVAL=5
|
|
- POLL_INTERVAL=30
|
|
volumes:
|
|
- openvpn_config:/etc/openvpn
|
|
- openvpn_logs:/var/log/openvpn
|
|
depends_on:
|
|
- api
|
|
|
|
volumes:
|
|
db_data:
|
|
name: mguard_db_data
|
|
openvpn_config:
|
|
name: mguard_openvpn_config
|
|
openvpn_logs:
|
|
name: mguard_openvpn_logs
|
|
|
|
networks:
|
|
mguard-network:
|
|
name: mguard_network
|
|
driver: bridge
|
|
ipam:
|
|
config:
|
|
- subnet: 172.20.0.0/16
|