xtcnet/D3V-Server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: revert from host to bridge network mode to bypass external firewalls automatically

Browse source
This commit is contained in:
xtcnet 2026-03-08 15:13:32 +07:00
parent 2cbaab23c5
commit 7bf175da41
2 changed files with 22 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
README.md
View file

@ -45,7 +45,12 @@ docker run -d \
--name npm-wg \
--cap-add=NET_ADMIN \
--cap-add=SYS_MODULE \
--network host \
--sysctl net.ipv4.ip_forward=1 \
--sysctl net.ipv4.conf.all.src_valid_mark=1 \
-p 80:80 \
-p 81:81 \
-p 443:443 \
-p 51820-51830:51820-51830/udp \
-v npm-wg-data:/data \
-v npm-wg-letsencrypt:/etc/letsencrypt \
-v npm-wg-wireguard:/etc/wireguard \
@ -65,7 +70,14 @@ services:
cap_add:
- NET_ADMIN
- SYS_MODULE
network_mode: "host"
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
ports:
- "80:80" # HTTP
- "81:81" # Admin UI
- "443:443" # HTTPS
- "51820-51830:51820-51830/udp" # WireGuard Multi-Server Range
volumes:
- data:/data
- letsencrypt:/etc/letsencrypt

29
install.sh
View file

@ -128,22 +128,6 @@ install_deps() {
log_ok "All system dependencies are ready."
}
# -----------------------------------------------------------
# x. Apply sysctls to Host (For WireGuard in Host Network Mode)
# -----------------------------------------------------------
apply_sysctls_to_host() {
log_step "Applying required sysctl network parameters to host..."
sysctl -w net.ipv4.ip_forward=1 >/dev/null 2>&1
sysctl -w net.ipv4.conf.all.src_valid_mark=1 >/dev/null 2>&1
# Persist sysctls if they don't already exist
if [ -f /etc/sysctl.conf ]; then
grep -q 'net.ipv4.ip_forward=1' /etc/sysctl.conf || echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
grep -q 'net.ipv4.conf.all.src_valid_mark=1' /etc/sysctl.conf || echo 'net.ipv4.conf.all.src_valid_mark=1' >> /etc/sysctl.conf
fi
log_ok "Host network parameters configured."
}
# -----------------------------------------------------------
# x. Generate docker-compose.yml
# -----------------------------------------------------------
@ -164,7 +148,14 @@ services:
cap_add:
- NET_ADMIN
- SYS_MODULE
network_mode: "host"
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
ports:
- "80:80" # HTTP
- "81:81" # Admin UI
- "443:443" # HTTPS
- "51820-51830:51820-51830/udp" # WireGuard Multi-Server Range
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
@ -221,9 +212,6 @@ do_install() {
mkdir -p "$INSTALL_DIR"
log_ok "Directory created."
# --- Apply Sysctls ---
apply_sysctls_to_host
# --- Write docker-compose.yml ---
generate_docker_compose "$wg_host"
@ -392,7 +380,6 @@ do_update() {
log_warn "Could not extract WG_HOST. Using ${current_wg_host}."
fi
apply_sysctls_to_host
generate_docker_compose "$current_wg_host"
log_step "Pulling latest image..."