services: vaultwarden: image: vaultwarden/server:latest-alpine container_name: vaultwarden hostname: vaultwarden restart: unless-stopped dns: - 1.1.1.1 environment: #- ADMIN_TOKEN=$$argon2id$$v=19$$m=19456,t=2,p=1$$UUZxK1FZMkZoRHFQRlVrTXZvS0E3bHpNQW55c2dBN2NORzdsa0Nxd1JhND0$$cUoId+JBUsJutlG4rfDZayExfjq4TCt48aBc9qsc3UI # see https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token #- SIGNUPS_ALLOWED=false #- SIGNUPS_VERIFY=true #- INVITATIONS_ALLOWED=true # only admins and orga owners #- globalSettings__mail__replyToEmail=bitwarden@example.com #- globalSettings__mail__smtp__host=smtp.gmail.com #- globalSettings__mail__smtp__username=bitwarden@example.com #- globalSettings__mail__smtp__password=MyStrongSmtpLoginPassword #- globalSettings__mail__smtp__ssl=true #- globalSettings__mail__smtp__port=587 - LOG_FILE=/data/logs/access.log - WEBSOCKET_ENABLED=true - ROCKET_ENV=prod - ROCKET_WORKERS=10 - TZ=Europe/Berlin - LOG_LEVEL=error - EXTENDED_LOGGING=true ports: - 8888:80 expose: - 80 volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vaultwarden/data:/data - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vaultwarden/logs:/data/logs #networks: # - proxy #labels: # - com.centurylinklabs.watchtower.monitor-only=true # - traefik.enable=true # - traefik.docker.network=proxy # - traefik.http.routers.vaultwarden.rule=Host(`bitwarden.example.com`) # - traefik.http.routers.vaultwarden.service=vaultwarden # - traefik.http.services.vaultwarden.loadbalancer.server.port=80 ## Block access to the /admin dashboard from public ip ranges # - traefik.http.routers.vaultwarden-admin.rule=Host(`bitwarden.example.com`) && Path(`/admin`) # - traefik.http.routers.vaultwarden-admin.service=vaultwarden # - traefik.http.services.vaultwarden-admin.loadbalancer.server.port=80 # - traefik.http.routers.vaultwarden-admin.middlewares=local-ipwhitelist@file,authelia@file ## Block access to the /api/version endpoint from public ip ranges # - traefik.http.routers.vaultwarden-admin.rule=Host(`bitwarden.example.com`) && Path(`/api/version`) # - traefik.http.routers.vaultwarden-admin.service=vaultwarden # - traefik.http.services.vaultwarden-admin.loadbalancer.server.port=80 # - traefik.http.routers.vaultwarden-admin.middlewares=local-ipwhitelist@file,authelia@file # this service will backup your vaultwarden instance correctly # see https://github.com/Bruceforce/vaultwarden-backup for more information vaultwarden-backup: image: bruceforce/vaultwarden-backup:latest container_name: vaultwarden-backup hostname: vaultwarden-backup restart: always init: true depends_on: - vaultwarden volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vaultwarden/data:/data/ - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vaultwarden/backup:/myBackup - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro environment: - TIMESTAMP=true - DELETE_AFTER=30 - UID=0 - GID=1000 - TZ=Europe/Berlin - BACKUP_DIR=/myBackup - CRON_TIME=50 3 * * * # see https://crontab.guru/, define without quotes! #networks: # - proxy #networks: # proxy: # external: true