Created
April 15, 2022 17:57
-
-
Save oki/5bcf19fcc4dcd7832f2342c5738ff7db to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
oki@debian:~/vaultwarden$ find . | |
. | |
./ssl | |
./ssl/xxx.xxx.xxx.pem | |
./docker-compose.yml | |
./haproxy | |
./haproxy/haproxy.cfg | |
./vw-data | |
./vw-data/rsa_key.pub.pem | |
./vw-data/rsa_key.pem | |
./vw-data/icon_cache | |
./vw-data/db.sqlite3-shm | |
./vw-data/db.sqlite3-wal | |
./vw-data/db.sqlite3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: '3' | |
services: | |
vaultwarden: | |
image: vaultwarden/server:latest | |
container_name: vaultwarden | |
restart: always | |
environment: | |
- WEBSOCKET_ENABLED=true # Enable WebSocket notifications. | |
volumes: | |
- ./vw-data:/data | |
haproxy: | |
image: haproxy:alpine3.15 | |
ports: | |
- 9880:9880 | |
- 9883:9883 | |
volumes: | |
- ./haproxy:/usr/local/etc/haproxy | |
- ./ssl:/etc/ssl_certs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
global | |
log /dev/log local0 | |
log /dev/log local1 notice | |
daemon | |
# Default SSL material locations | |
ca-base /etc/ssl/certs | |
crt-base /etc/ssl/private | |
# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate | |
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 | |
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 | |
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets | |
defaults | |
log global | |
mode http | |
option httplog | |
option dontlognull | |
timeout connect 5000 | |
timeout client 50000 | |
timeout server 50000 | |
frontend default_http | |
bind *:9880 | |
mode http | |
default_backend vaultwarden_http | |
frontend default_https | |
bind *:9883 ssl crt /etc/ssl_certs/ alpn h2,http/1.1 | |
default_backend vaultwarden_http | |
backend vaultwarden_http | |
server vaultwarden vaultwarden:80 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment