I have a server running in my home network with wireguard as a client and nginx as a reverse proxy in network_mode: service:wireguard. This server is connected to vps with wireguard server.
When I'm connected to wireguard server I can connect to reverse proxy without any issue.
But when I try to connect to reverse proxy directly from local network, not via wireguard, connection times out.
This is my home server docker-compose.yml
version: "3.5"
services:
wireguard:
image: lscr.io/linuxserver/wireguard:latest
container_name: wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
...
volumes:
- ./config:/config
- /lib/modules:/lib/modules
ports:
- 51820:51820/udp
- 80:80
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
restart: unless-stopped
reverse-proxy:
image: nginx
container_name: reverse-proxy
network_mode: service:wireguard
volumes:
- ./nginx-config/default.conf:/etc/nginx/conf.d/default.conf
networks:
default:
external: true
name: 'my-network'
My guess is that I have to create some iptables rule because when i scan host with nmap I get
PORT STATE SERVICE
22/tcp open ssh
80/tcp filtered http
...
Also there is a rule in iptables already but it isn't enough:
iptables -S | grep 80
-A DOCKER -d 172.18.0.4/32 ! -i br-<id> -o br-<id> -p tcp -m tcp --dport 80 -j ACCEPT
172.18.0.4 is an ip addres of wireguard container in my-network