version: "2.2" services: gateway: image: docker.mitigator.ru/mitigator/gateway:${VERSION:?VERSION not set} hostname: gateway cap_add: - NET_ADMIN sysctls: - net.ipv4.conf.all.src_valid_mark=1 - net.ipv4.ip_nonlocal_bind=1 ports: - "${WEB_CHALLENGER_HTTP_PORT:-8080}:${WEB_CHALLENGER_HTTP_PORT:-8080}" - "${WEB_CHALLENGER_HTTPS_PORT:-4443}:${WEB_CHALLENGER_HTTPS_PORT:-4443}" - "${WEB_CHALLENGER_VPN_PORT:-4567}:${WEB_CHALLENGER_VPN_PORT:-4567}/udp" volumes: - ./vpn-public.conf:/srv/public.conf:ro - ./vpn-private.conf:/srv/private.conf:ro environment: GATEWAY_ADDRESS: "${WEB_CHALLENGER_VPN_ADDRESS:-10.8.3.1}/${WEB_CHALLENGER_VPN_PREFIX:-24}" web-challenger: image: docker.mitigator.ru/mitigator/web-challenger:${VERSION:?VERSION not set} restart: ${CONTAINER_RESTART_POLICY:-on-failure} privileged: true network_mode: service:gateway depends_on: [gateway] volumes: - config:/etc/nginx/:rw environment: DATA_INTERFACE: "${WEB_CHALLENGER_DATA_INTERFACE:-eth0}" volumes: config: