Skip to content

Instantly share code, notes, and snippets.

@lvnilesh
Created April 28, 2024 02:20
Show Gist options
  • Save lvnilesh/c3bdf32e75afe7d6194f0937074e3ed6 to your computer and use it in GitHub Desktop.
Save lvnilesh/c3bdf32e75afe7d6194f0937074e3ed6 to your computer and use it in GitHub Desktop.
self-hosted network-isolated vaultwarden
---
services:
bitwarden:
container_name: vault
hostname: vault
image: vaultwarden/server:1.30.5-alpine
restart: always
volumes:
- /etc/localtime:/etc/localtime:ro
- $PWD/log:/var/log/vaultwarden
- $PWD/data:/data
networks:
- traefik
environment:
# See: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token
ADMIN_TOKEN: ${ADMIN_TOKEN}
RUST_BACKTRACE: 1
LOG_FILE: /var/log/vaultwarden/vaultwarden.log
WEBSOCKET_ENABLED: true # Enable WebSocket notifications.
WEBSOCKET_PORT: 3012
# Enable Vault interface, when disabled, only API is served
WEB_VAULT_ENABLED: true
ROCKET_WORKERS: "10"
ROCKET_PORT: 80
DATA_FOLDER: "/data"
# What domain is bitwarden going to be hosted on
# This needs to reflect setting in ingress otherwise some 2FA methods might not work
DOMAIN: ${DOMAIN}
DOMAIN_ORIGIN: ${DOMAIN}
SMTP_HOST: "smtp.service.domain"
SMTP_FROM: "from-address"
SMTP_PORT: "2525"
SMTP_SECURITY: "starttls"
SMTP_USERNAME: username
SMTP_PASSWORD: password
INVITATIONS_ALLOWED: false
SIGNUPS_ALLOWED: true
SHOW_PASSWORD_HINT: false
YUBICO_CLIENT_ID: "123"
YUBICO_SECRET_KEY: "secret"
HIBP_API_KEY: None
labels:
# Traefik
traefik.enable: true
# Web-UI
traefik.http.routers.bitwarden.entrypoints: https
traefik.http.routers.bitwarden.rule: Host(`yourinternal.domain.com`)
traefik.http.routers.bitwarden.service: bitwarden-service
traefik.http.services.bitwarden-service.loadbalancer.server.port: 80
traefik.http.routers.bitwarden.tls: true
# Websocket
traefik.http.routers.bitwarden-ws.entrypoints: https
traefik.http.routers.bitwarden-ws.rule: Host(`yourinternal.domain.com`) && Path(`/notifications/hub`)
traefik.http.routers.bitwarden-ws.service: bitwarden-ws-service
traefik.http.services.bitwarden-ws-service.loadbalancer.server.port: 3012
traefik.http.routers.bitwarden-ws.tls: true
networks:
traefik:
external: true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment