remote-chrome-browser/docker-compose.vpn.yml at main · rishimule/remote-chrome-browser · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# VPN override — applied by scripts/start.sh when USE_VPN=true
# Do not run this file directly; use: ./scripts/start.sh

services:
  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    container_name: remote-wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    environment:
      - PUID=${PUID:-1000}
      - PGID=${PGID:-1000}
      - TZ=${TZ:-America/New_York}
    volumes:
      # Place your WireGuard .conf file(s) in the vpn/ directory
      - ./vpn:/config/wg_confs:ro
      # Allows loading the WireGuard kernel module on hosts where it is not built-in
      - /lib/modules:/lib/modules:ro
    # Ports move here from chromium — required when sharing a network namespace
    ports:
      - ${HTTP_PORT:-3000}:3000
      - ${HTTPS_PORT:-3001}:3001
    healthcheck:
      # wg show exits 0 when at least one tunnel is up
      test: ["CMD", "wg", "show"]
      interval: 5s
      timeout: 5s
      retries: 10
      start_period: 15s
    restart: unless-stopped

  chromium:
    # Share wireguard's network namespace — all chromium traffic exits through the VPN
    network_mode: "service:wireguard"
    # Clear ports inherited from docker-compose.yml; they now live on wireguard above
    ports: !reset []
    depends_on:
      wireguard:
        condition: service_healthy