Comment

Comment on Vaultwarden using Docker Compose with existing Certificates

Kangie@lemmy.srcfiles.zip ⁨1⁩ ⁨year⁩ ago

Here’s the secret to stuff like this:

Run a single reverse proxy / edge router for all of your containerised services.

I recommend Traefik - gitlab.com/…/traefik-grafana-prometheus-docker

You can configure services with labels attached to the container and (almost) never expose ports directly. It also lets you host an arbitrary number of services listening on 80/443.

An example config might look like this:

# docker-compose.yml
version: '3.9'

services:
  bitwarden:
    image: vaultwarden/server:latest
    restart: always
    volumes:
      - /data/vaultwarden/:/data
    environment:
#      - ADMIN_TOKEN=
      - WEBSOCKET_ENABLED=true
    networks:
      - proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.bitwarden-ui-https.tls.certresolver=letsencrypt
      - traefik.http.middlewares.redirect-https.redirectScheme.scheme=https
      - traefik.http.middlewares.redirect-https.redirectScheme.permanent=true
      - traefik.http.routers.bitwarden-ui-https.rule=Host(`my.domain.com`)
      - traefik.http.routers.bitwarden-ui-https.entrypoints=websecure
      - traefik.http.routers.bitwarden-ui-https.tls=true
      - traefik.http.routers.bitwarden-ui-https.service=bitwarden-ui
      - traefik.http.routers.bitwarden-ui-http.rule=Host(`my.domain.com`)
      - traefik.http.routers.bitwarden-ui-http.entrypoints=web
      - traefik.http.routers.bitwarden-ui-http.middlewares=redirect-https
      - traefik.http.routers.bitwarden-ui-http.service=bitwarden-ui
      - traefik.http.services.bitwarden-ui.loadbalancer.server.port=80
      - traefik.http.routers.bitwarden-websocket-https.rule=Host(`my.domain.com) &amp;&amp; Path(`/notifications/hub`)
      - traefik.http.routers.bitwarden-websocket-https.entrypoints=websecure
      - traefik.http.routers.bitwarden-websocket-https.tls=true
      - traefik.http.routers.bitwarden-websocket-https.service=bitwarden-websocket
      - traefik.http.routers.bitwarden-websocket-http.rule=Host(`my.domain.com`) &amp;&amp; Path(`/notifications/hub`)
      - traefik.http.routers.bitwarden-websocket-http.entrypoints=web
      - traefik.http.routers.bitwarden-websocket-http.middlewares=redirect-https
      - traefik.http.routers.bitwarden-websocket-http.service=bitwarden-websocket
      - traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012

source

Sort:hotnew top

emhl@feddit.de ⁨1⁩ ⁨year⁩ ago
Using traefik as your first reverse proxy might be a bit daunting. Caddy or “nginx reverse proxy” are much easier to configure.

source
- 7Sea_Sailor@lemmy.dbzer0.com ⁨1⁩ ⁨year⁩ ago
  If you want it beginner friendly, I can recommend nginx proxy Manager, which is basically a web ui frontend for nginx. This has its own drawbacks, but makes setup very uncomplicated.
  
  source
  - koinu@lemmy.world ⁨1⁩ ⁨year⁩ ago
    I agree, very beginner friendly. But also, it’s what most people are gonna need.
    
    I actually started with Traefik because I didn’t know any better, and I kinda wanna go back to be honest because with Traefik I was able to configure a Minecraft server, without having to expose the port. But not with NGINX Proxy Manager.l, since it only does http and shit. But I REALLY like being able to do everything via a webUI since I only have a phone to manage my server .
    
    So, I find myself stuck between functionality and ease of use. :(
    
    source
    7Sea_Sailor@lemmy.dbzer0.com ⁨1⁩ ⁨year⁩ ago
    You should look into NPM Streams, they’re built exactly for this purpose.
    
    source
    -> View More Comments
    lemmyvore@feddit.nl ⁨1⁩ ⁨year⁩ ago
    Nginx Proxy Manager can do stream hosts, which are encrypted tunnels where you can put any kind of traffic not just HTTP.
    
    source
    -> View More Comments
    Kangie@lemmy.srcfiles.zip ⁨1⁩ ⁨year⁩ ago
    At the end of the day Traefik isn’t that hard, especially if you know the core concepts; if you know both and have a need for Traefik I’d just use that everywhere.
    
    source