Tomster
/
Vaultwarden-Docker-Compose
mirror of https://github.com/tommytran732/Vaultwarden-Docker-Compose
1
0
Fork 0
Code

Run vaultwarden as nobody

This commit is contained in:
Tommy 2023-04-12 06:29:14 -04:00 committed by GitHub
parent 0847c5a9cb
commit ab46d85dbc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Caddyfile
View File

@ -25,7 +25,7 @@
reverse_proxy /notifications/hub vaultwarden:3012 reverse_proxy /notifications/hub vaultwarden:3012
# Proxy everything else to Rocket # Proxy everything else to Rocket
reverse_proxy vaultwarden:80 { reverse_proxy vaultwarden:8080 {
# Send the true remote IP to Rocket, so that vaultwarden can put this in the # Send the true remote IP to Rocket, so that vaultwarden can put this in the
# log, so that fail2ban can ban the correct IP. # log, so that fail2ban can ban the correct IP.
header_up X-Real-IP {remote_host} header_up X-Real-IP {remote_host}

4
docker-compose.yml
View File

@ -9,18 +9,18 @@ services:
- WEBSOCKET_ENABLED=true # Enable WebSocket notifications. - WEBSOCKET_ENABLED=true # Enable WebSocket notifications.
- DATABASE_URL=postgresql://vaultwarden:YOUR_POSTGRESQL_PASSWORD@postgres:5432/vaultwarden - DATABASE_URL=postgresql://vaultwarden:YOUR_POSTGRESQL_PASSWORD@postgres:5432/vaultwarden
- ADMIN_TOKEN=YOUR_ADMIN_PASSWORD - ADMIN_TOKEN=YOUR_ADMIN_PASSWORD
- ROCKET_PORT=8080
volumes: volumes:
- vaultwarden:/data - vaultwarden:/data
networks: networks:
- vaultwarden - vaultwarden
- postgres - postgres
user: nobody
read_only: true read_only: true
security_opt: security_opt:
- no-new-privileges:true - no-new-privileges:true
cap_drop: cap_drop:
- ALL - ALL
cap_add:
- NET_BIND_SERVICE
caddy: caddy:
image: caddy:alpine image: caddy:alpine