Search code examples
docker-composeredminewireguard

Add route in docker compose


I have VM with docker containers in a cloud. It have 2 containers: wireguard and redmine. I have LDAP-authorization in redmine. LDAP-server locates in private LAN (behind NAT), and I have VPN via wireguard to this LAN. I need add route in Redmine-container so that redmine has access to a private LAN via Wireguard-container. Now I make it by hand after containers start I write docker-compose exec redmine ip route add 192.168.42.0/23 via 172.20.0.50

Could you advice me, how implement it to my pipeline?

P.S. redmine-container already has entrypoint and cmd directives in Dockerfile.

version: '3.9'

services:
  wireguard:
    image: linuxserver/wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    volumes:
      - ./wireguard-config:/config
      - /lib/modules:/lib/modules
    networks:
      default:
        ipv4_address: 172.20.0.50
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1 # for clients mode
    restart: unless-stopped

  postgres:
    image: postgres:14.2-alpine
    volumes:
      - postgres-data:/var/lib/postgresql/data
    environment:
      - 'POSTGRES_PASSWORD=MySUperSecret'
      - 'POSTGRES_DB=redmine'

  redmine:
    image: redmine:5.0.1-alpine
    cap_add:
      - NET_ADMIN
    volumes:
      - redmine-files:/usr/src/redmine/files
      - ./redmine-plugins:/usr/src/redmine/plugins
      - ./configuration.yml:/usr/src/redmine/config/configuration.yml
    ports:
      - 80:3000
    depends_on:
      - postgres
    environment:
      - 'REDMINE_DB_POSTGRES=postgres'
      - 'REDMINE_DB_DATABASE=redmine'
      - 'REDMINE_DB_PASSWORD=MySUperSecret'
      - 'REDMINE_PLUGINS_MIGRATE=true'
    restart: unless-stopped

networks:
  default:
    ipam:
      config:
        - subnet: 172.20.0.0/24

volumes:
  postgres-data:
  redmine-files:

Solution

  • I solve my problem:

    services:
      wireguard:
        image: linuxserver/wireguard
        cap_add:
          - NET_ADMIN
          - SYS_MODULE
        ports:
          - 3000:3000
        environment:
          - TZ=Europe/Moscow
        volumes:
          - ./wireguard-config:/config
          - /lib/modules:/lib/modules
        sysctls:
          - net.ipv4.conf.all.src_valid_mark=1 # for clients mode
        restart: unless-stopped
    
      postgres:
        image: postgres:14.2-alpine
        volumes:
          - postgres-data:/var/lib/postgresql/data
        environment:
          - 'POSTGRES_PASSWORD=MySUperSecret'
          - 'POSTGRES_DB=redmine'
    
      redmine:
        image: redmine:5.0.2-alpine
        network_mode: service:wireguard
        volumes:
          - redmine-files:/usr/src/redmine/files
          - ./redmine-plugins:/usr/src/redmine/plugins
          - ./configuration.yml:/usr/src/redmine/config/configuration.yml
        # ports:
        #   - 80:3000
        depends_on:
          - postgres
        environment:
          - 'REDMINE_DB_POSTGRES=postgres'
          - 'REDMINE_DB_DATABASE=redmine'
          - 'REDMINE_DB_PASSWORD=MySUperSecret'
          - 'REDMINE_PLUGINS_MIGRATE=true'
        restart: unless-stopped
    
    volumes:
      postgres-data:
      redmine-files:
    

    The diff:

    --- /tmp/a  2023-11-14 05:26:19.107003164 +0200
    +++ /tmp/b  2023-11-14 05:26:48.177031304 +0200
    @@ -1,17 +1,16 @@
    -version: '3.9'
    -
     services:
       wireguard:
         image: linuxserver/wireguard
         cap_add:
           - NET_ADMIN
           - SYS_MODULE
    +    ports:
    +      - 3000:3000
    +    environment:
    +      - TZ=Europe/Moscow
         volumes:
           - ./wireguard-config:/config
           - /lib/modules:/lib/modules
    -    networks:
    -      default:
    -        ipv4_address: 172.20.0.50
         sysctls:
           - net.ipv4.conf.all.src_valid_mark=1 # for clients mode
         restart: unless-stopped
    @@ -25,15 +24,14 @@
           - 'POSTGRES_DB=redmine'
     
       redmine:
    -    image: redmine:5.0.1-alpine
    -    cap_add:
    -      - NET_ADMIN
    +    image: redmine:5.0.2-alpine
    +    network_mode: service:wireguard
         volumes:
           - redmine-files:/usr/src/redmine/files
           - ./redmine-plugins:/usr/src/redmine/plugins
           - ./configuration.yml:/usr/src/redmine/config/configuration.yml
    -    ports:
    -      - 80:3000
    +    # ports:
    +    #   - 80:3000
         depends_on:
           - postgres
         environment:
    @@ -43,12 +41,6 @@
           - 'REDMINE_PLUGINS_MIGRATE=true'
         restart: unless-stopped
     
    -networks:
    -  default:
    -    ipam:
    -      config:
    -        - subnet: 172.20.0.0/24
    -
     volumes:
       postgres-data:
       redmine-files: