1
0
mirror of https://github.com/tommytran732/Vaultwarden-Docker-Compose synced 2024-11-21 12:51:34 -05:00

Run vaultwarden as nobody

This commit is contained in:
Tommy 2023-04-12 06:29:14 -04:00 committed by GitHub
parent 0847c5a9cb
commit ab46d85dbc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 3 deletions

View File

@ -25,7 +25,7 @@
reverse_proxy /notifications/hub vaultwarden:3012
# Proxy everything else to Rocket
reverse_proxy vaultwarden:80 {
reverse_proxy vaultwarden:8080 {
# Send the true remote IP to Rocket, so that vaultwarden can put this in the
# log, so that fail2ban can ban the correct IP.
header_up X-Real-IP {remote_host}

View File

@ -9,18 +9,18 @@ services:
- WEBSOCKET_ENABLED=true # Enable WebSocket notifications.
- DATABASE_URL=postgresql://vaultwarden:YOUR_POSTGRESQL_PASSWORD@postgres:5432/vaultwarden
- ADMIN_TOKEN=YOUR_ADMIN_PASSWORD
- ROCKET_PORT=8080
volumes:
- vaultwarden:/data
networks:
- vaultwarden
- postgres
user: nobody
read_only: true
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- NET_BIND_SERVICE
caddy:
image: caddy:alpine