-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Traefik and wireguard vpn #83
Conversation
docker-compose.traefik.yml
Outdated
- 1.0.0.1 | ||
volumes: | ||
- ./packages/vpn/wg0.conf:/config/wg0.conf | ||
- /lib/modules:/lib/modules |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm sure /lib/modules
is required and for instance we don't have it on OSX
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's a shame and you're definitely right the container relies on the wireguard linux kernel module. Unfortunately I don't even have a hackintosh to test on sorry :(
Hi thank you for the contribution. The VPN here is used only to traffic transmission/torrent through VPN in order to hide what we are downloading so your guess was right 👍 I need to setup myself a wireguard server and try this later this week. |
Alright thank you for the information about wireguard requirements.
So the two configurations are distinct. |
For sure, do you mean differently than f3615e3? In the f3615e3 commit there's a docker-compose.traefik.yml for the base then 2 corresponding vpn compose files: So for instance for openvpn config:
And for wireguard:
If you want a sample wg0.conf we should connect on discord or something and I'll send the one I have - just bought a month from Mullvad for testing. |
I mean, that we should replace nginx and default docker-compose with traefik out of the box. I've checked the docs it looks awesome, and I really like this tagging/auto-discovery feature no need to create configuration for sub-domains, you made my day! Bobarr need to be simple with less configuration possible, so having a lot of docker-compose files bother me, we should just have nginx or traefik. I want to support the existing vpn with openvpn and wireguard with your docker-compose. Dont worry for wireguard, I'll use https://github.com/angristan/wireguard-install from @angristan and start one server. I'll replace my openvpn with wireguard in the long term. After that, you will need to update the README and the package.json for shortcuts (https://github.com/iam4x/bobarr/blob/master/package.json#L8-L10) and I'll be happy to merge it! |
Ohh that is excellent!!! I'm so happy thank you :) I'll make another commit shortly per your requests above. Would it be alright if I added some environment variables to the .env file for:
Would provide some flexibility in case people want to use different subdomains for the services. Although I have noticed the API needs to expose :4000 currently to function correctly. And my intention in long term is thinking to add support for LetsEncrypt. |
Definitely go for it 👍 |
Think I got it all - if anything needs changes let me know or feel free to go for it. I noticed some issues with permissions when changing my .env to match your UID and GID then going back. Planning to look into later - might need to check perms and chown on transmission startup to avoid conflicts if someone else does the same. |
fdea71a
to
8f09d90
Compare
Hi @ohkeenan could you fix the conflicts so I can test it? I'm not sure traefik is going to work correctly on OSX, we don't have |
Can do. Using /var/run/docker.sock is actually not an ideal way of using traefik but it is faster to setup than reconfiguring the socket securely over TCP with certificates in place. If it's your first time setting that up it's a bit of a learning curve (or at least it was for me) and it may break docker completely until you get it all sorted. Edit: @iam4x after a bit of searching it looks to me like osx does use /var/run/docker.sock but Windows definitely doesn't. Should be good to go. Also not sure why the bobarr-api docker image build failed.:/ |
Ok this might be because I'm using docker-machine directly and not Docker for Mac and it's not working for me. This is my I'm sorry but I don't think I will be able to merge the replacement of nginx with traefik. It seems a bit overcomplicated for users who wants to run bobarr on their own computer just for downloading a movie. I'm still thankfull about your contribution, but do you think you can modify the PR to only include wireguard? Otherwise I'll continue where you left. |
I'm not entirely sure if your purpose for the VPN is intended to connect this stack to a remote endpoint (aka your home net) or to mask the outbound IP for anon purposes? Either way wireguard is implemented and works for masking outbound IP just drop a wg0.conf in the ./packages/vpn dir.