From 4c57f43f4b867f60e3da8367de38a1133fa14ad8 Mon Sep 17 00:00:00 2001
From: Eduardo Silva <eduardo@eth0.com.br>
Date: Mon, 16 Mar 2026 14:51:36 -0300
Subject: [PATCH] run caddy in wireguard network namespace to access VPN routes

---
 docker-compose-dev.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml
index 2d66795..313867a 100644
--- a/docker-compose-dev.yml
+++ b/docker-compose-dev.yml
@@ -28,6 +28,9 @@ services:
     ports:
       # Do not directly expose the Django port to the internet, use some kind of reverse proxy with SSL.
       - "8000:8000"
+      # Caddy ports — declared here because wireguard-webadmin-caddy shares this network namespace
+      - "80:80"
+      - "443:443"
       # Warning: Docker will have a hard time handling large amount of ports. Expose only the ports that you need.
       # Ports for multiple WireGuard instances. (Probably, you just need one)
       - "51820-51839:51820-51839/udp"
@@ -96,9 +99,7 @@ services:
       - caddy_json_export:/caddy_json_export
       - caddy_data:/data
       - caddy_config:/config
-    ports:
-      - "80:80"
-      - "443:443"
+    network_mode: "service:wireguard-webadmin"
     depends_on:
       - wireguard-webadmin
       - wireguard-webadmin-auth-gateway