Hello Friends,
I have a small ubuntu Server and I finally also want to transfer my Vaultwarden Instance to it. On this Server I have several services running (homeassistant, …) and Certbot via Dehydrated (right now I get a certificate for my duckdns address). In some directory I have the privkey and fullchain files.
Now my Problem is that when I start vaultwarden it wont load as https.
I believe, my Problem is telling Vaultwarden, where my certificate files are located so it can use them accordingly.
This is my Compose File right now:
vaultwarden: container_name: vaultwarden image: vaultwarden/server:latest restart: unless-stopped volumes: - /home/vaultwarden:/data/ - /home/(directory to my certificates):/usr/share/ca-certificates/ ports: - 8129:80 environment: - DOMAIN=hurrdurr.duckdns.org - LOGIN_RATELIMIT_MAX_BURST=10 - LOGIN_RATELIMIT_SECONDS=60 - ADMIN_RATELIMIT_MAX_BURST=10 - ADMIN_RATELIMIT_SECONDS=60 - ADMIN_TOKEN=token - SENDS_ALLOWED=true - EMERGENCY_ACCESS_ALLOWED=true - WEB_VAULT_ENABLED=true - SIGNUPS_ALLOWED=true
The Volume Mapping to the certificates was just me trying it out so maybe its working if I map it like that.
If I open the 8129 in my Browser it will just time out. I also managed it to start but it wouldnt let me register as theres not https certificate.
Kangie@lemmy.srcfiles.zip 1 year ago
Here’s the secret to stuff like this:
Run a single reverse proxy / edge router for all of your containerised services.
I recommend Traefik - gitlab.com/…/traefik-grafana-prometheus-docker
You can configure services with labels attached to the container and (almost) never expose ports directly. It also lets you host an arbitrary number of services listening on 80/443.
An example config might look like this:
emhl@feddit.de 1 year ago
Using traefik as your first reverse proxy might be a bit daunting. Caddy or “nginx reverse proxy” are much easier to configure.
7Sea_Sailor@lemmy.dbzer0.com 1 year ago
If you want it beginner friendly, I can recommend nginx proxy Manager, which is basically a web ui frontend for nginx. This has its own drawbacks, but makes setup very uncomplicated.