LizenzFass78851/vaultwarden_docker-compose.yml

## vaultwarden_docker-compose.yml
version: "3.2"
services:
  bitwarden:
    image: vaultwarden/server:latest
    restart: always
    ports:
      - "80:80"
    environment:
      - ADMIN_TOKEN=YOURPASSWORD
      - WEBSOCKET_ENABLED=true
      - SIGNUPS_ALLOWED=false
      - INVITATIONS_ALLOWED=false
      - LOG_FILE=/data/vaultwarden.log
      - LOG_LEVEL=warn
      - EXTENDED_LOGGING=true
#      - SMTP_HOST="<smtp.domain.tld>"
#      - SMTP_FROM="<vaultwarden@domain.tld>"
#      - SMTP_PORT="587"
#      - SMTP_SECURITY="starttls"
#      - SMTP_USERNAME="<username>"
#      - SMTP_PASSWORD="<password>"
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
    volumes:
      - ./data:/data

  nginx:
    image: nginx:latest
    restart: always
    ports:
      - "443:443"
    volumes:
      # nginx conf
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
      # nginx certs: key = "nginx.key"; cert = "nginx.crt"
      - ./certs:/etc/nginx/ssl:ro
    depends_on:
      - bitwarden

## vaultwarden_nginx.conf
events { }

http {
    server {
        listen 443 ssl;
        server_name vaultwarden.test.com;

        ssl_certificate /etc/nginx/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx.key;

        location / {
            proxy_pass http://bitwarden:80;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
}

## vaultwarden_readme.md

      
    Raw
  

              vaultwarden_readme.md
            
          
    Vaultwarden Docker Compose

instructions for creating and renewing self-created certificates


create

mkdir certs && cd certs && \ 
  openssl req -x509 -newkey rsa:4096 -keyout nginx.key -out nginx.crt -days 365 -nodes -subj "/CN=vaultwarden.test.com"

nenew

cd certs && \ 
  openssl req -new -key nginx.key -out nginx.csr -subj "/CN=vaultwarden.test.com" && \ 
  openssl x509 -req -in nginx.csr -signkey nginx.key -out nginx.crt -days 365
	version: "3.2"
	services:
	bitwarden:
	image: vaultwarden/server:latest
	restart: always
	ports:
	- "80:80"
	environment:
	- ADMIN_TOKEN=YOURPASSWORD
	- WEBSOCKET_ENABLED=true
	- SIGNUPS_ALLOWED=false
	- INVITATIONS_ALLOWED=false
	- LOG_FILE=/data/vaultwarden.log
	- LOG_LEVEL=warn
	- EXTENDED_LOGGING=true
	# - SMTP_HOST="<smtp.domain.tld>"
	# - SMTP_FROM="<vaultwarden@domain.tld>"
	# - SMTP_PORT="587"
	# - SMTP_SECURITY="starttls"
	# - SMTP_USERNAME="<username>"
	# - SMTP_PASSWORD="<password>"
	- /etc/localtime:/etc/localtime:ro
	- /etc/timezone:/etc/timezone:ro
	volumes:
	- ./data:/data

	nginx:
	image: nginx:latest
	restart: always
	ports:
	- "443:443"
	volumes:
	# nginx conf
	- ./nginx.conf:/etc/nginx/nginx.conf:ro
	# nginx certs: key = "nginx.key"; cert = "nginx.crt"
	- ./certs:/etc/nginx/ssl:ro
	depends_on:
	- bitwarden
	events { }

	http {
	server {
	listen 443 ssl;
	server_name vaultwarden.test.com;

	ssl_certificate /etc/nginx/ssl/nginx.crt;
	ssl_certificate_key /etc/nginx/ssl/nginx.key;

	location / {
	proxy_pass http://bitwarden:80;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	}
	}
	}