I need help figuring out what I did wrong with my setup.
My main compose file:
name: homelab
networks:
main:
name: main
external: true
driver: bridge
wg_network:
name: wg_network
ipam:
config:
- subnet: 10.8.1.0/24
secrets:
cf_dns_api_token:
file: ${SECRETSDIR}/cf_dns_api_token
include:
- compose/dns/traefik.yaml
- compose/dns/pihole.yaml
- compose/dns/wg-easy.yaml
- compose/services/uptime-kuma.yaml
My PiHole compsoe:
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
ports:
- "53:53/tcp"
- "53:53/udp"
- "82:80/tcp"
hostname: pi.hole
environment:
- TZ=${TZ}
- WEBPASSWORD=${PIHOLE_PASSWORD}
volumes:
- ${DOCKERDIR}/data/pihole/etc-pihole:/etc/pihole
- ${DOCKERDIR}/data/pihole/etc-dnsmasq.d:/etc/dnsmasq.d
restart: unless-stopped
networks:
main: {}
wg_network:
ipv4_address: 10.8.1.3
labels:
- "traefik.enable=true"
- "traefik.http.routers.pihole.entrypoints=websecure"
- "traefik.http.routers.pihole.rule=Host(`pihole.${DOMAIN}`) && (PathPrefix(`/admin`) || PathPrefix(`/api`))"
- "traefik.http.routers.pihole.tls.certresolver=cloudflare"
- "traefik.http.routers.pihole.middlewares=secure-headers@file"
- "traefik.http.services.pihole.loadbalancer.server.port=80"
And wg-easy:
services:
wg-easy:
container_name: wg-easy
image: ghcr.io/wg-easy/wg-easy
restart: unless-stopped
environment:
- WG_HOST=${DOMAIN}
- PASSWORD_HASH=${PASSWORD_HASH}
- WG_DEFAULT_DNS=10.8.1.3
- WG_DEFAULT_ADDRESS=10.8.0.x
volumes:
- ${DOCKERDIR}/data/wireguard:/etc/wireguard
ports:
- "51820:51820/udp"
- "51821:51821/tcp"
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
networks:
main: {}
wg_network:
ipv4_address: 10.8.1.2
labels:
- "traefik.enable=true"
- "traefik.http.routers.wg-easy.entrypoints=websecure"
- "traefik.http.routers.wg-easy.rule=Host(`wg.${DOMAIN}`)"
- "traefik.http.routers.wg-easy.tls.certresolver=cloudflare"
- "traefik.http.routers.wg-easy.middlewares=secure-headers@file"
- "traefik.http.services.wg-easy.loadbalancer.server.port=51821"
I can resolve from within my wg-easy container
> docker exec -it wg-easy nslookup google.com 10.8.1.3
Server: 10.8.1.3
Address: 10.8.1.3:53
Non-authoritative answer:
Name: google.com
Address: 142.250.75.142
Non-authoritative answer:
Name: google.com
Address: 2a00:1450:4028:805::200e
I even see traffic in my wg-easy UI, yet I still can’t resolve <service>.domain.com when I test it on my phone. Or even google.com.
I can however ping 8.8.8.8 while connected, so it seems like a DNS issue.
Some more WG related things:
wg show
> docker exec -it wg-easy wg show
interface: wg0
public key: MYOSylsghbaB7SmXuK6ZCX0Zuia6HiW62GEDplX6iW0=
private key: (hidden)
listening port: 51820
peer: nAz7erPfcxf0UEUFsBWfDkGbvyE5quPWvC1owztplS4=
preshared key: (hidden)
endpoint: 2.53.160.215:33853
allowed ips: 10.8.0.2/32
latest handshake: 4 minutes, 36 seconds ago
transfer: 410.81 KiB received, 7.58 MiB sent
IP Route
> docker exec -it wg-easy ip route
default via 172.18.0.1 dev eth0
10.8.0.2 dev wg0 scope link
10.8.1.0/24 dev eth1 proto kernel scope link src 10.8.1.2
10.8.1.0/24 dev wg0 proto kernel scope link src 10.8.1.1
172.18.0.0/16 dev eth0 proto kernel scope link src 172.18.0.4
Any help debugging this would be appreciated.
Tried deleting everything from scratch, pruning docker networks.
New contributor
Moti Banana is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.