Добавил WireGuard и nginx proxy для Flask

2026-03-25 13:48:06 +02:00 · 2026-03-25 13:48:06 +02:00 · ff5115d489
parent 539e301d94
commit ff5115d489
3 changed files with 42 additions and 12 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -14,15 +14,30 @@ services:
      - "host.docker.internal:host-gateway"
    restart: always

-  web:
-    build: .
-    container_name: flask-dev
-    ports:
-      - "5205:5205" # Пробрасываем порт наружу
-    volumes:
-      # Главная строка: монтируем текущую папку с кодом (.)
-      # в папку /app внутри контейнера
-      - .:/app
+  wireguard:
+    image: linuxserver/wireguard
+    container_name: wg-client
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
    environment:
-      - FLASK_DEBUG=1 # Дополнительная страховка для включения дебага
-      - PYTHONUNBUFFERED=1 # Чтобы логи выводились сразу, а не кэшировались
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Amsterdam
+    volumes:
+      - ./wireguard:/config
+      - /lib/modules:/lib/modules
+    sysctls:
+      - net.ipv4.conf.all.src_valid_mark=1
+    restart: unless-stopped
+    networks:
+      - app_net
+
+  web:
+    build: ./web
+    container_name: flask-dev
+    network_mode: "service:wireguard"  # весь трафик через WireGuard
+    environment:
+      - FLASK_ENV=development
+    depends_on:
+      - wireguard
--- a/nginx/conf.d/nginx.conf
+++ b/nginx/conf.d/nginx.conf
@ -6,7 +6,7 @@ server {
    ssl_certificate_key /etc/letsencrypt/live/wstkeys.top/privkey.pem;

    location / {
-        proxy_pass http://host.docker.internal:5205;
+        proxy_pass http://wireguard:5205;

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
--- a/wireguard/wg0.conf
+++ b/wireguard/wg0.conf
@ -0,0 +1,15 @@
+[Interface]
+PrivateKey = yNlGhRShhVe9Jf+9PYA5cL1OcQq2K2rT8KsPGPfG50o=
+Address = 10.66.66.15/32,fd42:42:42::15/128
+DNS = 1.1.1.1,1.0.0.1
+
+# Uncomment the next line to set a custom MTU
+# This might impact performance, so use it only if you know what you are doing
+# See https://github.com/nitred/nr-wg-mtu-finder to find your optimal MTU
+# MTU = 1420
+
+[Peer]
+PublicKey = bcJDrYlhWls25zz9+bJcWiONw8Qfx1tai504+vKLcgQ=
+PresharedKey = 40DSkC0TTySjBFyUj19++ngCdYxAHZaLnsrz8Ck9R2Q=
+Endpoint = 85.208.110.167:50395
+AllowedIPs = 0.0.0.0/0,::/0