diff --git a/servers/apoc/docker-compose.d/custom/nginx/conf.d/firezone.conf b/servers/apoc/docker-compose.d/custom/nginx/conf.d/firezone.conf new file mode 100644 index 0000000..6f70dc2 --- /dev/null +++ b/servers/apoc/docker-compose.d/custom/nginx/conf.d/firezone.conf @@ -0,0 +1,13 @@ +server { + listen 80; + server_name fz.ixvd.net; + + location / { + proxy_pass http://firezone:13000; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } +} diff --git a/servers/apoc/docker-compose.d/docker-compose.firezone.yml b/servers/apoc/docker-compose.d/docker-compose.firezone.yml new file mode 100644 index 0000000..ee08656 --- /dev/null +++ b/servers/apoc/docker-compose.d/docker-compose.firezone.yml @@ -0,0 +1,66 @@ +version: '2.2' +# Example compose file for production deployment on Linux. +# +# Note: This file is meant to serve as a template. Please modify it +# according to your needs. Read more about Docker Compose: +# +# https://docs.docker.com/compose/compose-file/ +# +# +x-deploy: &default-deploy + restart_policy: + condition: unless-stopped + delay: 5s + window: 120s + update_config: + order: start-first + +services: + firezone: + image: firezone/firezone:${VERSION:-latest} + ports: + - 51820:51820/udp + environment: + EXTERNAL_URL: "https://fz.ixvd.net/" + DATABASE_HOST: "fz-postgres" + DATABASE_USER: "firezone" + DATABASE_PASSWORD: "firezone" + env_file: + - /etc/ixvd/secrets/env/firezone.env + volumes: + - /srv/firezone/config:/var/firezone + cap_add: + - NET_ADMIN + - SYS_MODULE + sysctls: + - net.ipv6.conf.all.disable_ipv6=0 + - net.ipv4.ip_forward=1 + - net.ipv6.conf.all.forwarding=1 + depends_on: + - postgres + networks: + proxy: + fz-internal: + ipv4_address: 172.25.0.10 + ipv6_address: fcff:3990:3990::99 + + fz-postgres: + image: postgres:15 + volumes: + - /srv/firezone/data:/var/lib/postgresql/data + environment: + POSTGRES_DB: firezone + POSTGRES_USER: firezone + POSTGRES_PASSWORD: firezone + networks: + - fz-internal + +networks: + fz-internal: + enable_ipv6: true + driver: bridge + ipam: + config: + - subnet: 172.19.0.0/16 + - subnet: fcff:3990:3990::/64 + gateway: fcff:3990:3990::1