-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.yml.sample
100 lines (93 loc) · 2.46 KB
/
docker-compose.yml.sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
services:
v2ray:
image: pandasrun/v2ray:latest
container_name: v2ray
environment:
- WAIT_PATHS=/etc/ssl/certs/v2ray/priv-fullchain-bundle.pem
volumes:
- ./config/v2ray/config.json:/etc/v2ray/config.json
- ./config/geodata:/usr/share/v2ray
- ./config/certs/live/${DOMAIN}:/etc/ssl/certs/v2ray
networks:
- ipv6
restart: unless-stopped
nginx:
image: linuxserver/swag:latest
container_name: nginx
cap_add:
- NET_ADMIN
environment:
- PUID=99
- PGID=99
- TZ=${TZ}
- URL=${DOMAIN}
- SUBDOMAINS=${V2RAY_SUB},${OCSERV_SUB}
- ONLY_SUBDOMAINS=true
- VALIDATION=http
- EMAIL=${EMAIL}
volumes:
- ./config/nginx/site-confs/default.conf:/config/nginx/site-confs/default.conf
- ./config/certs:/config/etc/letsencrypt
- ./config/www:/config/www
networks:
- ipv6
ports:
# Uses 80 port to update certs first, otherwise haproxy cannot works
- 80:80
restart: unless-stopped
haproxy_tcp:
image: pandasrun/haproxy:latest
container_name: haproxy_tcp
volumes:
- ./config/haproxy/haproxy.tcp.cfg:/usr/local/etc/haproxy/haproxy.cfg
- ./config/certs/live/${V2RAY_SUB}.${DOMAIN}:/etc/ssl/certs
networks:
- ipv6
ports:
- 443:443/tcp
restart: unless-stopped
haproxy_http:
image: pandasrun/haproxy:latest
container_name: haproxy_http
volumes:
- ./config/haproxy/haproxy.http.cfg:/usr/local/etc/haproxy/haproxy.cfg
- ./config/certs/live/${V2RAY_SUB}.${DOMAIN}:/etc/ssl/certs
networks:
- ipv6
restart: unless-stopped
ocserv:
image: pandasrun/ocserv:latest
container_name: ocserv
environment:
- DOMAIN=${V2RAY_SUB}.${DOMAIN}
- USERNAME=${USERNAME}
- PASSWORD=${PASSWORD}
- WAIT_HOSTS=nginx:443
- WAIT_FILES=./config/certs/live/${V2RAY_SUB}.${DOMAIN}/fullchain.pem
- WAIT_TIMEOUT=300
volumes:
- ./config/ocserv:/etc/ocserv
- ./config/certs:/etc/letsencrypt
networks:
- ipv6
sysctls:
- net.ipv4.ip_forward=1
cap_add:
- NET_ADMIN
security_opt:
- no-new-privileges
restart: unless-stopped
warp:
image: pandasrun/warp:latest
container_name: warp
volumes:
- ./config/warp:/var/lib/cloudflare-warp
networks:
- ipv6
restart: unless-stopped
networks:
ipv6:
enable_ipv6: true
ipam:
config:
- subnet: 2001:0DB8::/112