lvnilesh/docker-compose.yaml

## docker-compose.yaml
---
services:
  bitwarden:
    container_name: vault
    hostname: vault
    image: vaultwarden/server:1.30.5-alpine
    restart: always
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - $PWD/log:/var/log/vaultwarden
      - $PWD/data:/data
    networks:
      - traefik
    environment:
      # See: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token
      ADMIN_TOKEN: ${ADMIN_TOKEN}
      RUST_BACKTRACE: 1
      LOG_FILE: /var/log/vaultwarden/vaultwarden.log
      WEBSOCKET_ENABLED: true # Enable WebSocket notifications.
      WEBSOCKET_PORT: 3012
      # Enable Vault interface, when disabled, only API is served
      WEB_VAULT_ENABLED: true
      ROCKET_WORKERS: "10"
      ROCKET_PORT: 80
      DATA_FOLDER: "/data"
      # What domain is bitwarden going to be hosted on
      # This needs to reflect setting in ingress otherwise some 2FA methods might not work
      DOMAIN: ${DOMAIN}
      DOMAIN_ORIGIN: ${DOMAIN}
      SMTP_HOST: "smtp.service.domain"
      SMTP_FROM: "from-address"
      SMTP_PORT: "2525"
      SMTP_SECURITY: "starttls"
      SMTP_USERNAME: username
      SMTP_PASSWORD: password
      INVITATIONS_ALLOWED: false
      SIGNUPS_ALLOWED: true
      SHOW_PASSWORD_HINT: false
      YUBICO_CLIENT_ID: "123"
      YUBICO_SECRET_KEY: "secret"
      HIBP_API_KEY: None

    labels:
      # Traefik
      traefik.enable: true
      # Web-UI
      traefik.http.routers.bitwarden.entrypoints: https
      traefik.http.routers.bitwarden.rule: Host(`yourinternal.domain.com`)
      traefik.http.routers.bitwarden.service: bitwarden-service
      traefik.http.services.bitwarden-service.loadbalancer.server.port: 80
      traefik.http.routers.bitwarden.tls: true
      # Websocket
      traefik.http.routers.bitwarden-ws.entrypoints: https
      traefik.http.routers.bitwarden-ws.rule: Host(`yourinternal.domain.com`) && Path(`/notifications/hub`)
      traefik.http.routers.bitwarden-ws.service: bitwarden-ws-service
      traefik.http.services.bitwarden-ws-service.loadbalancer.server.port: 3012
      traefik.http.routers.bitwarden-ws.tls: true

networks:
  traefik:
    external: true
	---
	services:
	bitwarden:
	container_name: vault
	hostname: vault
	image: vaultwarden/server:1.30.5-alpine
	restart: always
	volumes:
	- /etc/localtime:/etc/localtime:ro
	- $PWD/log:/var/log/vaultwarden
	- $PWD/data:/data
	networks:
	- traefik
	environment:
	# See: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token
	ADMIN_TOKEN: ${ADMIN_TOKEN}
	RUST_BACKTRACE: 1
	LOG_FILE: /var/log/vaultwarden/vaultwarden.log
	WEBSOCKET_ENABLED: true # Enable WebSocket notifications.
	WEBSOCKET_PORT: 3012
	# Enable Vault interface, when disabled, only API is served
	WEB_VAULT_ENABLED: true
	ROCKET_WORKERS: "10"
	ROCKET_PORT: 80
	DATA_FOLDER: "/data"
	# What domain is bitwarden going to be hosted on
	# This needs to reflect setting in ingress otherwise some 2FA methods might not work
	DOMAIN: ${DOMAIN}
	DOMAIN_ORIGIN: ${DOMAIN}
	SMTP_HOST: "smtp.service.domain"
	SMTP_FROM: "from-address"
	SMTP_PORT: "2525"
	SMTP_SECURITY: "starttls"
	SMTP_USERNAME: username
	SMTP_PASSWORD: password
	INVITATIONS_ALLOWED: false
	SIGNUPS_ALLOWED: true
	SHOW_PASSWORD_HINT: false
	YUBICO_CLIENT_ID: "123"
	YUBICO_SECRET_KEY: "secret"
	HIBP_API_KEY: None

	labels:
	# Traefik
	traefik.enable: true
	# Web-UI
	traefik.http.routers.bitwarden.entrypoints: https
	traefik.http.routers.bitwarden.rule: Host(`yourinternal.domain.com`)
	traefik.http.routers.bitwarden.service: bitwarden-service
	traefik.http.services.bitwarden-service.loadbalancer.server.port: 80
	traefik.http.routers.bitwarden.tls: true
	# Websocket
	traefik.http.routers.bitwarden-ws.entrypoints: https
	traefik.http.routers.bitwarden-ws.rule: Host(`yourinternal.domain.com`) && Path(`/notifications/hub`)
	traefik.http.routers.bitwarden-ws.service: bitwarden-ws-service
	traefik.http.services.bitwarden-ws-service.loadbalancer.server.port: 3012
	traefik.http.routers.bitwarden-ws.tls: true

	networks:
	traefik:
	external: true