1
0
mirror of https://github.com/tommytran732/Vaultwarden-Docker-Compose synced 2024-11-22 11:21:33 -05:00

/admin configurations

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2022-09-15 23:58:51 -04:00
parent 3cef449bea
commit 4b66b6e7b6
No known key found for this signature in database
GPG Key ID: 060B29EB996BD9F2
3 changed files with 18 additions and 9 deletions

View File

@ -15,18 +15,24 @@
# if you encounter issues. # if you encounter issues.
encode gzip encode gzip
# Uncomment if you want to block access to /admin
#@blocked {
# path /admin /admin/*
#}
#respond @blocked 403
# Notifications redirected to the WebSocket server # Notifications redirected to the WebSocket server
reverse_proxy /notifications/hub vaultwarden:3012 reverse_proxy /notifications/hub vaultwarden:3012
# Proxy everything else to Rocket # Proxy everything else to Rocket
reverse_proxy vaultwarden:80 { reverse_proxy vaultwarden:80 {
# Send the true remote IP to Rocket, so that vaultwarden can put this in the # Send the true remote IP to Rocket, so that vaultwarden can put this in the
# log, so that fail2ban can ban the correct IP. # log, so that fail2ban can ban the correct IP.
header_up X-Real-IP {remote_host} header_up X-Real-IP {remote_host}
header_down Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" header_down Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
header_down Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()" header_down Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()"
header_down Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://haveibeenpwned.com/ https://www.gravatar.com; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; connect-src 'self' https://api.pwnedpasswords.com/range/ https://2fa.directory/api/ https://app.simplelogin.io/api/https://app.anonaddy.com/api/ https://api.fastmail.com/; object-src 'self' blob:; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://*; block-all-mixed-content; base-uri 'none'" header_down Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://haveibeenpwned.com/ https://www.gravatar.com; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; connect-src 'self' https://api.pwnedpasswords.com/range/ https://2fa.directory/api/ https://app.simplelogin.io/api/https://app.anonaddy.com/api/ https://api.fastmail.com/; object-src 'self' blob:; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://*; block-all-mixed-content; base-uri 'none'"
header_down X-XSS-Protection "0" header_down X-XSS-Protection "0"
header_down Expect-CT: "enforce, max-age=63072000" header_down Expect-CT: "enforce, max-age=63072000"
} }
} }

View File

@ -2,4 +2,5 @@
Vaultwarden Docker-Compose Vaultwarden Docker-Compose
1. Update `docker-compose.yml` 1. Update `docker-compose.yml`
2. Run `docker-compose up` and make sure nothing errors out. You can use `docker-compose up -d` to start it in the background if you want. 2. Run `docker-compose up` and make sure nothing errors out. You can use `docker-compose up -d` to start it in the background if you want.
3. Uncomment the approprieate lines in `Caddyfile` to block access to `/admin` after you finish configuring your server.

View File

@ -13,6 +13,7 @@ services:
- vaultwarden:/data - vaultwarden:/data
networks: networks:
- vaultwarden - vaultwarden
read_only: true
security_opt: security_opt:
- no-new-privileges:true - no-new-privileges:true
cap_drop: cap_drop:
@ -35,6 +36,7 @@ services:
- LOG_FILE=/data/access.log - LOG_FILE=/data/access.log
networks: networks:
- vaultwarden - vaultwarden
read_only: true
security_opt: security_opt:
- no-new-privileges:true - no-new-privileges:true
cap_drop: cap_drop: