| { | |
| # email admin@deine-domain.example | |
| # acme_ca http://openbao.testdom.internal:8200/v1/pki/acme/directory | |
| } | |
| vaultwarden.testdom.internal { | |
| reverse_proxy bitwarden:80 | |
| tls /etc/caddy/certs/caddy.crt /etc/caddy/certs/caddy.key | |
| # tls { | |
| # ca_root /etc/caddy/certs/rootCA.pem | |
| # } | |
| } |
| version: "3.2" | |
| services: | |
| bitwarden: | |
| image: vaultwarden/server:latest | |
| restart: always | |
| ports: | |
| - "80:80" | |
| environment: | |
| - ADMIN_TOKEN=YOURPASSWORD | |
| - WEBSOCKET_ENABLED=true | |
| - SIGNUPS_ALLOWED=false | |
| - INVITATIONS_ALLOWED=false | |
| - LOG_FILE=/data/vaultwarden.log | |
| - LOG_LEVEL=warn | |
| - EXTENDED_LOGGING=true | |
| # - SMTP_HOST="<smtp.domain.tld>" | |
| # - SMTP_FROM="<vaultwarden@domain.tld>" | |
| # - SMTP_PORT="587" | |
| # - SMTP_SECURITY="starttls" | |
| # - SMTP_USERNAME="<username>" | |
| # - SMTP_PASSWORD="<password>" | |
| - /etc/localtime:/etc/localtime:ro | |
| - /etc/timezone:/etc/timezone:ro | |
| volumes: | |
| - ./data:/data | |
| caddy: | |
| image: caddy:latest | |
| restart: always | |
| ports: | |
| # - "80:80" | |
| - "443:443" | |
| volumes: | |
| - ./caddy/Caddyfile:/etc/caddy/Caddyfile:ro | |
| - ./caddy/data:/data | |
| - ./caddy/config:/config | |
| # custom root ca for custom acme server like openbao | |
| # - ./caddy/rootCA.crt:/etc/caddy/certs/rootCA.pem:ro | |
| # custom self generated ca for this webserver | |
| # caddy certs: key = "caddy.key"; cert = "caddy.crt" | |
| - ./caddy/certs:/etc/caddy/certs:ro | |
| depends_on: | |
| - bitwarden |
mkdir -p ./caddy/certs && cd ./caddy/certs && \
openssl req -x509 -newkey rsa:4096 -keyout caddy.key -out caddy.crt -days 365 -nodes -subj "/CN=vaultwarden.testdom.internal"cd ./caddy/certs && \
openssl req -new -key caddy.key -out caddy.csr -subj "/CN=vaultwarden.testdom.internal" && \
openssl x509 -req -in caddy.csr -signkey caddy.key -out caddy.crt -days 365