From 5437d96e3441a099a25dbc190ea1bf8641351c87 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 28 Aug 2025 14:16:32 +0330 Subject: [PATCH] Vaultwarden Doc --- Password Manager/Vaultwarden/Setup.md | 114 ++++++++++++++++++ .../Traefik/1-Information.md | 83 ------------- 2 files changed, 114 insertions(+), 83 deletions(-) create mode 100644 Password Manager/Vaultwarden/Setup.md delete mode 100644 Web Servers & Reverse Proxies/Traefik/1-Information.md diff --git a/Password Manager/Vaultwarden/Setup.md b/Password Manager/Vaultwarden/Setup.md new file mode 100644 index 0000000..76428ad --- /dev/null +++ b/Password Manager/Vaultwarden/Setup.md @@ -0,0 +1,114 @@ +# πŸš€ Vaultwarden Setup Guide (with Docker & Nginx SSL) + +This guide walks you through deploying Vaultwarden (a lightweight Bitwarden server alternative) using Docker Compose, Nginx as a reverse proxy, and a self-signed SSL certificate for secure HTTPS access. + +--- + +## πŸ“¦ Step 1: Docker Compose Configuration + +Create a file named docker-compose.yml with the following content: + +services: + vaultwarden: + image: vaultwarden/server:latest + container_name: vaultwarden + restart: unless-stopped + environment: + DOMAIN: "https://" + ADMIN_TOKEN: "" + volumes: + - ./vw-data/:/data/ + ports: + - 8000:80 + + nginx: + image: nginx:alpine + container_name: nginx + restart: unless-stopped + volumes: + - ./nginx-config:/etc/nginx/conf.d + - ./nginx-certs/vault.local.key:/etc/ssl/private/vault.local.key + - ./nginx-certs/vault.local.crt:/etc/ssl/certs/vault.local.crt + ports: + - 80:80 + - 443:443 + + +πŸ”Ή Notes: +- Vaultwarden runs on port 8000 internally (proxied by Nginx). +- Persistent data is stored in ./vw-data/. +- Replace DOMAIN and ADMIN_TOKEN with your values. + +--- + +## 🌐 Step 2: Nginx Reverse Proxy Configuration + +Inside your nginx-config directory, create a file named vaultwarden.conf with: + +server { + listen 443 ssl; + server_name domain_name; + + ssl_certificate /etc/ssl/certs/vault.local.crt; + ssl_certificate_key /etc/ssl/private/vault.local.key; + + location / { + proxy_pass http://vaultwarden:80; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + + +πŸ”Ή This configuration: +- Forces HTTPS on your domain. +- Proxies requests to the Vaultwarden container. + +--- + +## πŸ” Step 3: Generate a Self-Signed SSL Certificate + +If you don’t already have an SSL certificate, generate one for local testing: + +openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ +-keyout ./nginx-certs/vault.local.key \ +-out ./nginx-certs/vault.local.crt + + +πŸ”Ή Fill in the required details (CN should match domain_name). +πŸ”Ή Place the generated files inside ./nginx-certs/. + +--- + +## ▢️ Step 4: Start the Services + +Run: + +docker compose up -d + + +Check containers: + +docker ps + + +- Vaultwarden should be running on port 8000 internally. +- Nginx should be serving HTTPS on https://domain_name. + +--- + +## βœ… Step 5: Access Vaultwarden + +- Open: https://domain_name +- Admin portal: https://domain_name/admin (use your ADMIN_TOKEN) + +--- + +## 🎯 Summary + +You now have: +- Vaultwarden running in Docker. +- Nginx reverse proxy with HTTPS enabled. +- Secure, self-hosted password manager ready for use. diff --git a/Web Servers & Reverse Proxies/Traefik/1-Information.md b/Web Servers & Reverse Proxies/Traefik/1-Information.md deleted file mode 100644 index 4f2c538..0000000 --- a/Web Servers & Reverse Proxies/Traefik/1-Information.md +++ /dev/null @@ -1,83 +0,0 @@ -# 🚦 **Traefik Overview** - -**Traefik** is a **modern reverse proxy** and load balancer that makes deploying, securing, and managing microservices easier. - ---- - -## πŸ”„ **Core Concepts** - -### 1️⃣ **Entrypoint** πŸ›¬ - -* The starting point for **incoming requests**. -* Example: `:80` for HTTP or `:443` for HTTPS. - -### 2️⃣ **Router** 🚏 - -* Decides **where a request should go** based on rules. -* Connects **entrypoints** to **services**. - -### 3️⃣ **Service** πŸ› οΈ - -* The actual application or backend that processes the request. - ---- - -## 🧩 **Routers Details** - -**Routers** can have: - -1. **Middleware** 🧱 - - * Modify requests/responses before reaching the service. - * Examples: - - * `StripPrefix` ➑️ Remove part of the URL path. - * `RateLimit` ➑️ Limit request rate. - * `Auth` ➑️ Add authentication. - -2. **Rules** πŸ“œ - - * Define **how to match a request**. - * Examples: - - * `Host("example.com")` - * `PathPrefix("/api")` - ---- - -## βš™οΈ **Traefik Configuration Types** - -1. **Static Configuration** πŸ—‚οΈ - - * Defines **Traefik’s own behavior**. - * Example: entrypoints, providers, log level. - * Set in `traefik.yml` or CLI args. - -2. **Dynamic Configuration** πŸ“‘ - - * Defines **how Traefik routes requests**. - * Example: routers, services, middlewares. - * Comes from files, Kubernetes CRDs, or Docker labels. - ---- - -## πŸ”— **Request Flow** - -``` -Request - ⬇️ - Entrypoint πŸ›¬ - ⬇️ - Router 🚏 - ⬇️ - Middleware 1 🧱 β†’ Middleware 2 🧱 - ⬇️ - Service πŸ› οΈ -``` - ---- - -## 🌟 **Summary** - -Traefik acts like a **smart traffic cop** πŸš“ for your microservices, ensuring that requests go exactly where they should, with the right rules and transformations applied along the way. -