fix: update wg-easy to official ghcr image with iptables-nft #26
@@ -1,16 +1,10 @@
|
||||
# Custom wg-easy with iptables-nft (nftables-backed iptables)
|
||||
# Fixes crash-loop when host kernel lacks legacy iptable_nat module.
|
||||
FROM weejewel/wg-easy:latest
|
||||
FROM ghcr.io/wg-easy/wg-easy:latest
|
||||
|
||||
# Alpine's iptables-nft provides iptables that uses nftables kernel API
|
||||
# instead of the legacy iptable_nat module. This works on kernels
|
||||
# where only nftables netfilter modules are available.
|
||||
RUN apk add --no-cache iptables-nft
|
||||
|
||||
# Ensure iptables-nft takes priority over legacy iptables
|
||||
RUN ln -sf /sbin/iptables-nft /sbin/iptables && \
|
||||
ln -sf /sbin/iptables-nft-save /sbin/iptables-save && \
|
||||
ln -sf /sbin/iptables-nft-restore /sbin/iptables-restore && \
|
||||
ln -sf /sbin/ip6tables-nft /sbin/ip6tables && \
|
||||
ln -sf /sbin/ip6tables-nft-save /sbin/ip6tables-save && \
|
||||
ln -sf /sbin/ip6tables-nft-restore /sbin/ip6tables-restore
|
||||
# The upstream image defaults to iptables-legacy via update-alternatives.
|
||||
# Switch to iptables-nft so it works on kernels where only nftables
|
||||
# netfilter modules are available (iptable_nat module missing).
|
||||
RUN apk add --no-cache iptables-nft && \
|
||||
update-alternatives --set iptables /usr/sbin/iptables-nft && \
|
||||
update-alternatives --set ip6tables /usr/sbin/ip6tables-nft
|
||||
|
||||
@@ -3,7 +3,7 @@ version: "3.8"
|
||||
services:
|
||||
wireguard:
|
||||
build:
|
||||
context: ./vpn
|
||||
context: .
|
||||
dockerfile: Dockerfile
|
||||
image: wg-easy-iptables-nft:latest
|
||||
container_name: wireguard
|
||||
|
||||
Reference in New Issue
Block a user