AppsVPN - Mesh NetworkingFirezone

Firezone

WireGuard based VPN Server and Firewall.

Directory Structure

    • .env
    • docker-compose.yml

docker-compose.yml

version: '3'
 
services:
 
  firezone:
    container_name: firezone
    hostname: firezone
    image: firezone/firezone:latest
    restart: unless-stopped
    networks:
      backend:              # backend communications to DB
      caddy_caddynet:       # frontend communications (web UI)
    expose:
      - 13000               # Web UI
    ports:
      - "51820:51820/udp"   # WireGuard VPN
    env_file:
      - container-vars.env
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./data:/var/firezone
    cap_add:
      - NET_ADMIN           # perform various network-related operations
      - SYS_MODULE          # load and unload kernel modules
    sysctls:
      # Needed for masquerading and NAT.
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv4.ip_forward=1
      - net.ipv6.conf.all.forwarding=1
    depends_on:
      - firezone-postgres
 
  firezone-postgres:
    container_name: firezone-postgres
    hostname: firezone-postgres
    image: postgres:15
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s
    networks:
      - backend
    env_file:
      - container-vars-postgres.env
    volumes:
      - ./db:/var/lib/postgresql/data
 
networks:
  caddy_caddynet:
    external: true
  backend:
    driver: bridge

container-vars-postgres.env

POSTGRES_PASSWORD=YOUR_PASSWORD_HERE
POSTGRES_DB=firezone
POSTGRES_USER=postgres
Firezone Environme

container-vars.env

# Postgres
DATABASE_HOST=firezone-postgres
DATABASE_NAME=firezone
DATABASE_USER=postgres
DATABASE_PASSWORD=YOUR_PASSWORD_HERE      # same password as in container-vars-postgres.env
 
# Firezone web server
EXTERNAL_URL=https://vpn.home.yourdomain.com
 
# Firezone admin setup
DEFAULT_ADMIN_EMAIL=YOUR EMAIL HERE
DEFAULT_ADMIN_PASSWORD=YOUR ADMIN PASSWORD HERE
 
# Secrets
GUARDIAN_SECRET_KEY=COPY FROM default.env
DATABASE_ENCRYPTION_KEY=COPY FROM default.env
SECRET_KEY_BASE=COPY FROM default.env
LIVE_VIEW_SIGNING_SALT=COPY FROM default.env
COOKIE_SIGNING_SALT=COPY FROM default.env
COOKIE_ENCRYPTION_SALT=COPY FROM default.env
 
# Firezone misc.
TELEMETRY_ENABLED=false
 
# Email
OUTBOUND_EMAIL_FROM="Your Name <name@domain.com>"  # replace with your name/email
OUTBOUND_EMAIL_ADAPTER=Elixir.Swoosh.Adapters.Sendgrid
OUTBOUND_EMAIL_ADAPTER_OPTS={"api_key": "YOUR SENDGRID API KEY"}
 
# WireGuard network settings copied from default.env.
# Firezone recommends NOT changing these.
WIREGUARD_IPV4_NETWORK=100.64.0.0/10
WIREGUARD_IPV4_ADDRESS=100.64.0.1
WIREGUARD_IPV6_NETWORK=fd00::/106
WIREGUARD_IPV6_ADDRESS=fd00::1

Resources

Website: https://www.firezone.dev/

GitHub: https://github.com/firezone/firezone

Docker Hub: https://hub.docker.com/r/firezone/firezone

Configuration: https://www.firezone.dev/docs/deploy/docker

WireGuard-UIHeadscale