forked from arriven/db1000n
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
195 lines (185 loc) · 5.48 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
version: "3.9"
services:
# creates privileged container
autoheal:
container_name: autoheal
image: willfarrell/autoheal:1.2.0
restart: always
privileged: true
volumes:
- /var/run/docker.sock:/var/run/docker.sock:Z
# creates OpenVPN Docker container to first provider that randomly picks .conf file
ovpn_01:
image: ghcr.io/wfg/openvpn-client:2.1.0
cap_add:
- NET_ADMIN
security_opt:
- label:disable
restart: unless-stopped
volumes:
- /dev/net:/dev/net:z
- ./openvpn/:/data/vpn:z
sysctls:
- net.ipv6.conf.all.disable_ipv6=1
environment:
KILL_SWITCH: "on"
HTTP_PROXY: "off"
VPN_AUTH_SECRET: provider01_secret
VPN_CONFIG_PATTERN: provider01*.conf # this will match provider01_country01.conf, provider01_country02.conf etc
secrets:
- provider01_secret
labels:
autoheal: "true"
healthcheck:
test: [ "CMD", "nslookup", "google.com", "8.8.8.8" ]
timeout: 10s
interval: 30s
retries: 3
# creates OpenVPN Docker container to first provider with specific .conf file
ovpn_02:
image: ghcr.io/wfg/openvpn-client:2.1.0
cap_add:
- NET_ADMIN
security_opt:
- label:disable
restart: unless-stopped
volumes:
- /dev/net:/dev/net:z
- ./openvpn/:/data/vpn:z
sysctls:
- net.ipv6.conf.all.disable_ipv6=1
environment:
KILL_SWITCH: "on"
HTTP_PROXY: "off"
VPN_AUTH_SECRET: provider01_secret
VPN_CONFIG_FILE: provider01.endpoint02.conf # will use only this .conf file
secrets:
- provider01_secret
labels:
autoheal: "true"
healthcheck:
test: [ "CMD", "nslookup", "google.com", "8.8.8.8" ]
timeout: 10s
interval: 30s
retries: 3
# creates OpenVPN Docker container to second provider with specific .conf file
ovpn_03:
image: ghcr.io/wfg/openvpn-client:2.1.0
cap_add:
- NET_ADMIN
security_opt:
- label:disable
restart: unless-stopped
volumes:
- /dev/net:/dev/net:z
- ./openvpn/:/data/vpn:z
sysctls:
- net.ipv6.conf.all.disable_ipv6=1
environment:
KILL_SWITCH: "on"
HTTP_PROXY: "off"
VPN_AUTH_SECRET: provider02_secret
VPN_CONFIG_FILE: provider02.endpoint01.conf # will use only this .conf file
secrets:
- provider02_secret
labels:
autoheal: "true"
healthcheck:
test: [ "CMD", "nslookup", "google.com", "8.8.8.8" ]
timeout: 10s
interval: 30s
retries: 3
# [OPTIONAL]
# run db1000n in updater mode, which will fetch configuration bypassing VPN and store it in shared volume
updater:
image: ghcr.io/arriven/db1000n
restart: unless-stopped
labels:
autoheal: "true"
entrypoint: "./db1000n --updater-mode"
volumes:
- ./config:/usr/src/app/config:z
environment:
UPDATER_DESTINATION_CONFIG: "config/config.json"
healthcheck:
test: [ "CMD", "test", "-f", "config/config.json" ]
timeout: 5s
interval: 5s
retries: 5
# this Docker container will use VPN 01
# it will use config.json created by 'updater' container above
# this is set by specifying same volume and -c config/config.json
db1000n_01:
image: ghcr.io/arriven/db1000n
restart: unless-stopped
depends_on:
ovpn_01:
condition: service_healthy
updater:
condition: service_healthy
network_mode: "service:ovpn_01"
labels:
autoheal: "true"
# set single country to check IP against and exit container if IP matches country OR IP cannot be determined
environment:
STRICT_COUNTRY_CHECK: "true"
COUNTRY_LIST: "Country"
CONFIG: "config/config.json"
volumes:
- ./config:/usr/src/app/config:z
healthcheck:
test: [ "CMD", "nslookup", "google.com", "8.8.8.8" ]
timeout: 10s
interval: 30s
retries: 3
# this Docker container will use VPN 02
# it will use config.json created by 'updater' container above
# this is set by specifying same volume and -c config/config.json
db1000n_02:
image: ghcr.io/arriven/db1000n
restart: unless-stopped
depends_on:
ovpn_02:
condition: service_healthy
updater:
condition: service_healthy
network_mode: "service:ovpn_02"
labels:
autoheal: "true"
# set multiple countries to check IP against and exit container if IP matches country OR IP cannot be determined
environment:
STRICT_COUNTRY_CHECK: "true"
COUNTRY_LIST: "Country, Another Country"
CONFIG: "config/config.json"
volumes:
- ./config:/usr/src/app/config:z
healthcheck:
test: [ "CMD", "nslookup", "google.com", "8.8.8.8" ]
timeout: 10s
interval: 30s
retries: 3
# this Docker container will use VPN 03
# it will download config itself and won't access shared volume so those options are undefined here
db1000n_03:
image: ghcr.io/arriven/db1000n
restart: unless-stopped
depends_on:
ovpn_03:
condition: service_healthy
network_mode: "service:ovpn_03"
labels:
autoheal: "true"
# set single country to check IP against but do not exit container if IP matches country
environment:
STRICT_COUNTRY_CHECK: "false"
COUNTRY_LIST: "Country"
healthcheck:
test: [ "CMD", "nslookup", "google.com", "8.8.8.8" ]
timeout: 10s
interval: 30s
retries: 3
secrets:
provider01_secret:
file: ./openvpn/provider01.txt
provider02_secret:
file: ./openvpn/provider02.txt