This docker mod helps you with keeping all desired containers connected to your wireguard container. You won't need to recreate all your dependent containers manually after making a change in the wireguard container configuration. This mod will all handle that for you.
The mod works by running a service after startup which checks all dependent containers and their configured network_mode value. If they don't refer to wireguard container or the data is outdated, the dependent container will get recreated with a similar tweaked configuration that now makes it able to route traffic through wireguard container.
Optionally, you can set a timeout value that will perform the same check again as stated above.
From my experience there was also a need to restart all dependant containers if ever wireguard container got restarted without changing its ID. This is the reason why
R2M_RESTART_CORRECTis set toTrueby default.
First, you need to give the wireguard container read-only access to docker.sock file in order to allow this to work. The mod is configurable via two ways: environment variables and labels:
You set them on the wireguard container. They are all optional:
| Variable | Default | Definition |
|---|---|---|
| R2M_DOCKER_SOCK | /var/run/docker.sock |
Path to docker.sock file |
| R2M_TIMEOUT | -1 |
Number of seconds to wait before performing another check. Enter -1 to run check only once, after the wireguard container has started. |
| R2M_LOG_PATH | /config/logs/route2me.log |
Path to a file to log to. |
| R2M_LOG_LEVEL | INFO |
Set minimal level that should be logged to the file. Possible values: CRITICAL, ERROR, WARNING, INFO, DEBUG |
| R2M_HEALTHCHECK | False |
Wait until the wireguard container becomes healthy. Only then begin the checks. If true, you WILL NEED to specify healtcheck manually in the container configuration! |
| R2M_RESTART_CORRECT | True |
Should slave containers that have correct NetworkMode set up be restarted after wireguard container (re)start? |
Add the com.route2me.slave label to all dependent containers that you wish to check. The wireguard container will be found automatically if its hostname corresponds to its container ID. If you have changed the hostname of a wireguard container to a custom value, you need to add the com.route2me.master label to it as well.
NOTE: All dependant containers need to be started before the wireguard container. You can achieve this by
depends_onindocker-compose.yml.
version: "2.1"
services:
wireguard:
image: ghcr.io/linuxserver/wireguard
container_name: wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
- DOCKER_MODS=samuelbartik/route2me # <--- Required
- R2M_DOCKER_SOCK=/var/run/docker.sock # <--- Optional
- R2M_TIMEOUT=-1 # <--- Optional
- R2M_LOG_PATH=/config/logs/route2me.log # <--- Optional
- R2M_LOG_LEVEL=INFO # <--- Optional
- R2M_HEALTHCHECK=True # <--- Optional
- R2M_RESTART_CORRECT=False # <--- Optional
volumes:
- /path/to/appdata/config:/config
- /lib/modules:/lib/modules
- /var/run/docker.sock:/var/run/docker.sock:ro # <--- Required
healthcheck: # <--- Required if R2M_HEALTHCHECK=True
test: "ping -c 1 www.google.com || exit 1"
interval: 2m30s
timeout: 10s
retries: 3
ports:
- 51820:51820/udp
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
labels:
- com.route2me.master # <--- Required only if you have changed the hostname of wireguard container
restart: unless-stopped
qbittorrent:
image: ghcr.io/linuxserver/qbittorrent
network_mode: "none" # <--- Optional. This will be swapped out for the wireguard container by the mod
container_name: qbittorrent
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
- WEBUI_PORT=8080
volumes:
- /path/to/appdata/config:/config
- /path/to/downloads:/downloads
ports:
- 6881:6881
- 6881:6881/udp
- 8080:8080
depends_on:
- wireguard # <--- Required
labels:
- com.route2me.slave # <--- Required
restart: unless-stopped