Vaultwarden Doc

2025-08-28 14:16:32 +03:30
parent 1bc79e6f58
commit 5437d96e34
2 changed files with 114 additions and 83 deletions
--- a/Manager/Vaultwarden/Setup.md
+++ b/Manager/Vaultwarden/Setup.md
@@ -0,0 +1,114 @@
 # 🚀 Vaultwarden Setup Guide (with Docker & Nginx SSL)
 This guide walks you through deploying Vaultwarden (a lightweight Bitwarden server alternative) using Docker Compose, Nginx as a reverse proxy, and a self-signed SSL certificate for secure HTTPS access.
 ---
 ## 📦 Step 1: Docker Compose Configuration
 Create a file named docker-compose.yml with the following content:
 services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: unless-stopped
    environment:
      DOMAIN: "https://<your-domain>"
      ADMIN_TOKEN: "<ADMIN_TOKEN>"
    volumes:
      - ./vw-data/:/data/
    ports:
      - 8000:80
  nginx:
    image: nginx:alpine
    container_name: nginx
    restart: unless-stopped
    volumes:
      - ./nginx-config:/etc/nginx/conf.d
      - ./nginx-certs/vault.local.key:/etc/ssl/private/vault.local.key
      - ./nginx-certs/vault.local.crt:/etc/ssl/certs/vault.local.crt
    ports:
      - 80:80
      - 443:443
 🔹 Notes:
 - Vaultwarden runs on port 8000 internally (proxied by Nginx).  
 - Persistent data is stored in ./vw-data/.  
 - Replace DOMAIN and ADMIN_TOKEN with your values.  
 ---
 ## 🌐 Step 2: Nginx Reverse Proxy Configuration
 Inside your nginx-config directory, create a file named vaultwarden.conf with:
 server {
    listen 443 ssl;
    server_name domain_name;
    ssl_certificate     /etc/ssl/certs/vault.local.crt;
    ssl_certificate_key /etc/ssl/private/vault.local.key;
    location / {
        proxy_pass http://vaultwarden:80;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
 }
 🔹 This configuration:  
 - Forces HTTPS on your domain.  
 - Proxies requests to the Vaultwarden container.  
 ---
 ## 🔐 Step 3: Generate a Self-Signed SSL Certificate
 If you don’t already have an SSL certificate, generate one for local testing:
 openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
 -keyout ./nginx-certs/vault.local.key \
 -out ./nginx-certs/vault.local.crt
 🔹 Fill in the required details (CN should match domain_name).  
 🔹 Place the generated files inside ./nginx-certs/.  
 ---
 ## ▶️ Step 4: Start the Services
 Run:
 docker compose up -d
 Check containers:
 docker ps
 - Vaultwarden should be running on port 8000 internally.  
 - Nginx should be serving HTTPS on https://domain_name.  
 ---
 ## ✅ Step 5: Access Vaultwarden
 - Open: https://domain_name  
 - Admin portal: https://domain_name/admin (use your ADMIN_TOKEN)  
 ---
 ## 🎯 Summary
 You now have:
 - Vaultwarden running in Docker.  
 - Nginx reverse proxy with HTTPS enabled.  
 - Secure, self-hosted password manager ready for use.
--- a/Proxies/Traefik/1-Information.md
+++ b/Proxies/Traefik/1-Information.md
@@ -1,83 +0,0 @@
 # 🚦 **Traefik Overview**
 **Traefik** is a **modern reverse proxy** and load balancer that makes deploying, securing, and managing microservices easier.
 ---
 ## 🔄 **Core Concepts**
 ### 1️⃣ **Entrypoint** 🛬
 * The starting point for **incoming requests**.
 * Example: `:80` for HTTP or `:443` for HTTPS.
 ### 2️⃣ **Router** 🚏
 * Decides **where a request should go** based on rules.
 * Connects **entrypoints** to **services**.
 ### 3️⃣ **Service** 🛠️
 * The actual application or backend that processes the request.
 ---
 ## 🧩 **Routers Details**
 **Routers** can have:
 1. **Middleware** 🧱
   * Modify requests/responses before reaching the service.
   * Examples:
     * `StripPrefix` ➡️ Remove part of the URL path.
     * `RateLimit` ➡️ Limit request rate.
     * `Auth` ➡️ Add authentication.
 2. **Rules** 📜
   * Define **how to match a request**.
   * Examples:
     * `Host("example.com")`
     * `PathPrefix("/api")`
 ---
 ## ⚙️ **Traefik Configuration Types**
 1. **Static Configuration** 🗂️
   * Defines **Traefik’s own behavior**.
   * Example: entrypoints, providers, log level.
   * Set in `traefik.yml` or CLI args.
 2. **Dynamic Configuration** 📡
   * Defines **how Traefik routes requests**.
   * Example: routers, services, middlewares.
   * Comes from files, Kubernetes CRDs, or Docker labels.
 ---
 ## 🔗 **Request Flow**
 ```
 Request  
   ⬇️  
 Entrypoint 🛬  
   ⬇️  
 Router 🚏  
   ⬇️  
 Middleware 1 🧱 → Middleware 2 🧱  
   ⬇️  
 Service 🛠️  
 ```
 ---
 ## 🌟 **Summary**
 Traefik acts like a **smart traffic cop** 🚓 for your microservices, ensuring that requests go exactly where they should, with the right rules and transformations applied along the way.