63 lines
1.9 KiB
Markdown
63 lines
1.9 KiB
Markdown
**Purpose**: Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs.
|
|
|
|
```yaml title="docker-compose.yml"
|
|
---
|
|
version: "2.1"
|
|
services:
|
|
vaultwarden:
|
|
image: vaultwarden/server:latest
|
|
container_name: vaultwarden
|
|
environment:
|
|
- TZ=America/Denver
|
|
- INVITATIONS_ALLOWED=false
|
|
- SIGNUPS_ALLOWED=false
|
|
- WEBSOCKET_ENABLED=false
|
|
- ADMIN_TOKEN=REDACTED #PUT A REALLY REALLY REALLY SECURE PASSWORD HERE
|
|
volumes:
|
|
- /srv/containers/vaultwarden:/data
|
|
ports:
|
|
- 80:80
|
|
restart: always
|
|
networks:
|
|
docker_network:
|
|
ipv4_address: 192.168.5.15
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.bunny-vaultwarden.rule=Host(`vault.bunny-lab.io`)"
|
|
- "traefik.http.routers.bunny-vaultwarden.entrypoints=websecure"
|
|
- "traefik.http.routers.bunny-vaultwarden.tls.certresolver=letsencrypt"
|
|
- "traefik.http.services.bunny-vaultwarden.loadbalancer.server.port=80"
|
|
networks:
|
|
default:
|
|
external:
|
|
name: docker_network
|
|
docker_network:
|
|
external: true
|
|
```
|
|
!!! warning "ADMIN_TOKEN"
|
|
It is **CRITICAL** that you never share the `ADMIN_TOKEN` with anyone. It allows you to log into the instance at https://vault.example.com/admin to add users, delete users, make changes system wide, etc.
|
|
|
|
```yaml title=".env"
|
|
Not Applicable
|
|
```
|
|
## Traefik Reverse Proxy Configuration
|
|
If the container does not run on the same host as Traefik, you will need to manually add configuration to Traefik's dynamic config file, outlined below.
|
|
```yaml
|
|
http:
|
|
routers:
|
|
bunny-vaultwarden:
|
|
entryPoints:
|
|
- websecure
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: vaultwarden
|
|
rule: Host(`vault.bunny-lab.io`)
|
|
|
|
services:
|
|
vaultwarden:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://192.168.5.15:80
|
|
passHostHeader: true
|
|
```
|