mirror of
https://github.com/tommytran732/Vaultwarden-Docker-Compose
synced 2024-11-22 16:02:12 -05:00
Initial Commit
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
81e6da7737
commit
007cd5d841
32
Caddyfile
Normal file
32
Caddyfile
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
{$DOMAIN}:443 {
|
||||||
|
log {
|
||||||
|
level INFO
|
||||||
|
output file {$LOG_FILE} {
|
||||||
|
roll_size 10MB
|
||||||
|
roll_keep 10
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Use the ACME HTTP-01 challenge to get a cert for the configured domain.
|
||||||
|
tls {$EMAIL}
|
||||||
|
|
||||||
|
# This setting may have compatibility issues with some browsers
|
||||||
|
# (e.g., attachment downloading on Firefox). Try disabling this
|
||||||
|
# if you encounter issues.
|
||||||
|
encode gzip
|
||||||
|
|
||||||
|
# Notifications redirected to the WebSocket server
|
||||||
|
reverse_proxy /notifications/hub vaultwarden:3012
|
||||||
|
|
||||||
|
# Proxy everything else to Rocket
|
||||||
|
reverse_proxy vaultwarden:80 {
|
||||||
|
# Send the true remote IP to Rocket, so that vaultwarden can put this in the
|
||||||
|
# log, so that fail2ban can ban the correct IP.
|
||||||
|
header_up X-Real-IP {remote_host}
|
||||||
|
header_down Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
|
||||||
|
header_down Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()"
|
||||||
|
header_down X-XSS-Protection "0"
|
||||||
|
header_down Content-Security-Policy "upgrade-insecure-requests; block-all-mixed-content; form-action 'none'; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://*"
|
||||||
|
header_down Expect-CT: "enforce, max-age=63072000"
|
||||||
|
}
|
||||||
|
}
|
5
README.md
Normal file
5
README.md
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
# Synapse-Docker-Compose
|
||||||
|
Vaultwarden Docker-Compose
|
||||||
|
|
||||||
|
1. Update `docker-compose.yml`
|
||||||
|
2. Run `docker-compose up` and make sure nothing errors out. You can use `docker-compose up -d` to start it in the background if you want.
|
71
docker-compose.yml
Normal file
71
docker-compose.yml
Normal file
@ -0,0 +1,71 @@
|
|||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
vaultwarden:
|
||||||
|
image: vaultwarden/server:alpine
|
||||||
|
container_name: vaultwarden
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
- WEBSOCKET_ENABLED=true # Enable WebSocket notifications.
|
||||||
|
- DATABASE_URL=postgresql://vaultwarden:YOUR_POSTGRESQL_PASSWORD@postgres:5432/vaultwarden
|
||||||
|
- ADMIN_TOKEN=YOUR_ADMIN_PASSWORD
|
||||||
|
volumes:
|
||||||
|
- vaultwarden:/data
|
||||||
|
networks:
|
||||||
|
- vaultwarden
|
||||||
|
security_opt:
|
||||||
|
- no-new-privileges:true
|
||||||
|
cap_drop:
|
||||||
|
- ALL
|
||||||
|
|
||||||
|
caddy:
|
||||||
|
image: caddy:alpine
|
||||||
|
container_name: caddy
|
||||||
|
restart: unless-stopped
|
||||||
|
ports:
|
||||||
|
- 80:80 # Needed for the ACME HTTP-01 challenge.
|
||||||
|
- 443:443
|
||||||
|
volumes:
|
||||||
|
- ./Caddyfile:/etc/caddy/Caddyfile:Z
|
||||||
|
- ./caddy-config:/config:Z
|
||||||
|
- ./caddy-data:/data:Z
|
||||||
|
environment:
|
||||||
|
- DOMAIN=YOUR_DOMAIN # Your domain.
|
||||||
|
- EMAIL=YOUR_EMAIL # The email address to use for ACME registration.
|
||||||
|
- LOG_FILE=/data/access.log
|
||||||
|
networks:
|
||||||
|
- vaultwarden
|
||||||
|
security_opt:
|
||||||
|
- no-new-privileges:true
|
||||||
|
cap_drop:
|
||||||
|
- ALL
|
||||||
|
cap_add:
|
||||||
|
- CAP_NET_BIND_SERVICE
|
||||||
|
|
||||||
|
postgres:
|
||||||
|
image: postgres:alpine
|
||||||
|
container_name: postgres
|
||||||
|
volumes:
|
||||||
|
- postgres:/var/lib/postgresql/data
|
||||||
|
environment:
|
||||||
|
- POSTGRES_USER=vaultwarden
|
||||||
|
- POSTGRES_PASSWORD=YOUR_POSTGRESQL_PASSWORD
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- vaultwarden
|
||||||
|
security_opt:
|
||||||
|
- no-new-privileges:true
|
||||||
|
cap_drop:
|
||||||
|
- ALL
|
||||||
|
cap_add:
|
||||||
|
- CHOWN
|
||||||
|
- DAC_READ_SEARCH
|
||||||
|
- SETGID
|
||||||
|
- SETUID
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
postgres:
|
||||||
|
vaultwarden:
|
||||||
|
|
||||||
|
networks:
|
||||||
|
vaultwarden:
|
Loading…
Reference in New Issue
Block a user