dragolabs/vaultwarden-docker-compose.yml

## vaultwarden-docker-compose.yml
---
version: '3'

services:
  vaultwarden:
    image: vaultwarden/server:1.29.2
    container_name: vaultwarden
    restart: always
    environment:
      WEBSOCKET_ENABLED: true  # Enable WebSocket notifications.
      DOMAIN: "https://vaultwarden.example.com"
    volumes:
      - ./vw-data:/data
    labels:
      - traefik.enable=true
      - traefik.docker.network=default
      - traefik.http.middlewares.redirect-https.redirectScheme.scheme=https
      - traefik.http.middlewares.redirect-https.redirectScheme.permanent=true
      - traefik.http.routers.vaultwarden-ui-https.rule=Host(`vaultwarden.example.com`)
      - traefik.http.routers.vaultwarden-ui-https.entrypoints=https
      - traefik.http.routers.vaultwarden-ui-https.tls=true
      - traefik.http.routers.vaultwarden-ui-https.service=vaultwarden-ui
      - traefik.http.routers.vaultwarden-ui-http.rule=Host(`vaultwarden.example.com`)
      - traefik.http.routers.vaultwarden-ui-http.entrypoints=http
      - traefik.http.routers.vaultwarden-ui-http.middlewares=redirect-https
      - traefik.http.routers.vaultwarden-ui-http.service=vaultwarden-ui
      - traefik.http.services.vaultwarden-ui.loadbalancer.server.port=80
      - traefik.http.routers.vaultwarden-websocket-https.rule=Host(`vaultwarden.example.com`) && Path(`/notifications/hub`)
      - traefik.http.routers.vaultwarden-websocket-https.entrypoints=https
      - traefik.http.routers.vaultwarden-websocket-https.tls=true
      - traefik.http.routers.vaultwarden-websocket-https.service=vaultwarden-websocket
      - traefik.http.routers.vaultwarden-websocket-http.rule=Host(`vaultwarden.example.com`) && Path(`/notifications/hub`)
      - traefik.http.routers.vaultwarden-websocket-http.entrypoints=http
      - traefik.http.routers.vaultwarden-websocket-http.middlewares=redirect-https
      - traefik.http.routers.vaultwarden-websocket-http.service=vaultwarden-websocket
      - traefik.http.services.vaultwarden-websocket.loadbalancer.server.port=3012
      - traefik.http.routers.vaultwarden-ui-https.tls.certresolver=letsencrypt
      - traefik.http.routers.vaultwarden-websocket-https.tls.certresolver=letsencrypt

  traefik:
    image: traefik:2.10.5
    environment:
      - CF_DNS_API_TOKEN=CLOUDFLARE_SECURE_TOKEN
    command:
      - --log.level=DEBUG
      - --entrypoints.http.address=:80
      - --entrypoints.https.address=:443
      - --providers.docker=true
      - --api=true
      - --certificatesresolvers.letsencrypt.acme.dnschallenge=true
      - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare
      - --certificatesresolvers.letsencrypt.acme.email=mail@example.com
      - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
    labels:
      # Redirect all HTTP traffic to HTTPS
      - traefik.http.routers.to-https.rule=HostRegexp(`{host:.+}`)
      - traefik.http.routers.to-https.entrypoints=http
      - traefik.http.routers.to-https.middlewares=to-https
      - traefik.http.middlewares.to-https.redirectscheme.scheme=https
    volumes:
      - ./letsencrypt:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro
	---
	version: '3'

	services:
	vaultwarden:
	image: vaultwarden/server:1.29.2
	container_name: vaultwarden
	restart: always
	environment:
	WEBSOCKET_ENABLED: true # Enable WebSocket notifications.
	DOMAIN: "https://vaultwarden.example.com"
	volumes:
	- ./vw-data:/data
	labels:
	- traefik.enable=true
	- traefik.docker.network=default
	- traefik.http.middlewares.redirect-https.redirectScheme.scheme=https
	- traefik.http.middlewares.redirect-https.redirectScheme.permanent=true
	- traefik.http.routers.vaultwarden-ui-https.rule=Host(`vaultwarden.example.com`)
	- traefik.http.routers.vaultwarden-ui-https.entrypoints=https
	- traefik.http.routers.vaultwarden-ui-https.tls=true
	- traefik.http.routers.vaultwarden-ui-https.service=vaultwarden-ui
	- traefik.http.routers.vaultwarden-ui-http.rule=Host(`vaultwarden.example.com`)
	- traefik.http.routers.vaultwarden-ui-http.entrypoints=http
	- traefik.http.routers.vaultwarden-ui-http.middlewares=redirect-https
	- traefik.http.routers.vaultwarden-ui-http.service=vaultwarden-ui
	- traefik.http.services.vaultwarden-ui.loadbalancer.server.port=80
	- traefik.http.routers.vaultwarden-websocket-https.rule=Host(`vaultwarden.example.com`) && Path(`/notifications/hub`)
	- traefik.http.routers.vaultwarden-websocket-https.entrypoints=https
	- traefik.http.routers.vaultwarden-websocket-https.tls=true
	- traefik.http.routers.vaultwarden-websocket-https.service=vaultwarden-websocket
	- traefik.http.routers.vaultwarden-websocket-http.rule=Host(`vaultwarden.example.com`) && Path(`/notifications/hub`)
	- traefik.http.routers.vaultwarden-websocket-http.entrypoints=http
	- traefik.http.routers.vaultwarden-websocket-http.middlewares=redirect-https
	- traefik.http.routers.vaultwarden-websocket-http.service=vaultwarden-websocket
	- traefik.http.services.vaultwarden-websocket.loadbalancer.server.port=3012
	- traefik.http.routers.vaultwarden-ui-https.tls.certresolver=letsencrypt
	- traefik.http.routers.vaultwarden-websocket-https.tls.certresolver=letsencrypt

	traefik:
	image: traefik:2.10.5
	environment:
	- CF_DNS_API_TOKEN=CLOUDFLARE_SECURE_TOKEN
	command:
	- --log.level=DEBUG
	- --entrypoints.http.address=:80
	- --entrypoints.https.address=:443
	- --providers.docker=true
	- --api=true
	- --certificatesresolvers.letsencrypt.acme.dnschallenge=true
	- --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare
	- --certificatesresolvers.letsencrypt.acme.email=mail@example.com
	- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
	labels:
	# Redirect all HTTP traffic to HTTPS
	- traefik.http.routers.to-https.rule=HostRegexp(`{host:.+}`)
	- traefik.http.routers.to-https.entrypoints=http
	- traefik.http.routers.to-https.middlewares=to-https
	- traefik.http.middlewares.to-https.redirectscheme.scheme=https
	volumes:
	- ./letsencrypt:/letsencrypt
	- /var/run/docker.sock:/var/run/docker.sock:ro