Vaultwarden Caddy Docker Compose
Posted on
Caddy v2
cat caddy/docker-compose.yaml
version: '3'
services:
caddy:
image: caddy:alpine
container_name: webserver
restart: unless-stopped
ports:
- 80:80
- 443:443
volumes:
- ./caddy_data:/data
- ./caddy_config:/config
- ./Caddyfile:/etc/caddy/Caddyfile
networks:
- proxy-network
networks:
proxy-network:
external: true
cat caddy/Caddyfile
{
email [email protected]
acme_ca https://acme.zerossl.com/v2/DV90
# optional
# acme_eab {
# key_id your kbid
# mac_key your hmac key
# }
}
(security_header) {
header {
Content-Security-Policy "upgrade-insecure-requests"
#Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff;
X-XSS-Protection "1; mode=block;"
X-Robots-Tag none;
X-Frame-Options SAMEORIGIN;
Referrer-Policy no-referrer-when-downgrade;
}
}
(cors) {
@origin{args.0} header Origin {args.0}
header @origin{args.0} Access-Control-Allow-Origin "{args.0}"
header @origin{args.0} Vary Origin
}
yoursub.domain.tld {
reverse_proxy /notifications/hub bitwarden:3012
reverse_proxy bitwarden:80
import security_header
}
Vaultwarden
cat bitwarden/docker-compose.yaml
version: '3'
services:
bitwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: always
environment:
- IP_HEADER=X-Forwarded-For
- WEBSOCKET_ENABLED=true
- SIGNUPS_ALLOWED=false
- DOMAIN=https://yoursub.domain.tld
- SMTP_HOST=
- SMTP_FROM=
- SMTP_PORT=587
- SMTP_SSL=true
- SMTP_USERNAME=
- SMTP_PASSWORD=
- ADMIN_TOKEN=random_admin_token
- DATABASE_URL=mysql://db_user:db_passwd@db_host/db_name
volumes:
- ./data:/data
networks:
- internal-network
- proxy-network
networks:
internal-network:
external: true
proxy-network:
external: true
MariaDB
cat mariadb/docker-compose.yaml
version: '3'
services:
mariadb:
image: mariadb:10.5
container_name: mariadb
volumes:
- db_data:/var/lib/mysql
restart: unless-stopped
environment:
MYSQL_ROOT_PASSWORD: strong_root_passwd
MYSQL_DATABASE: db_name
MYSQL_USER: db_user
MYSQL_PASSWORD: db_passwd
volumes:
- './db/data:/var/lib/mysql'
- './db/my.cnf:/etc/mysql/conf.d/my.cnf'
- './db/sql:/docker-entrypoint-initdb.d'
networks:
- internal-network
networks:
internal-network:
external: true