Vaultwarden Doc
This commit is contained in:
114
Password Manager/Vaultwarden/Setup.md
Normal file
114
Password Manager/Vaultwarden/Setup.md
Normal file
@@ -0,0 +1,114 @@
|
||||
# 🚀 Vaultwarden Setup Guide (with Docker & Nginx SSL)
|
||||
|
||||
This guide walks you through deploying Vaultwarden (a lightweight Bitwarden server alternative) using Docker Compose, Nginx as a reverse proxy, and a self-signed SSL certificate for secure HTTPS access.
|
||||
|
||||
---
|
||||
|
||||
## 📦 Step 1: Docker Compose Configuration
|
||||
|
||||
Create a file named docker-compose.yml with the following content:
|
||||
|
||||
services:
|
||||
vaultwarden:
|
||||
image: vaultwarden/server:latest
|
||||
container_name: vaultwarden
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
DOMAIN: "https://<your-domain>"
|
||||
ADMIN_TOKEN: "<ADMIN_TOKEN>"
|
||||
volumes:
|
||||
- ./vw-data/:/data/
|
||||
ports:
|
||||
- 8000:80
|
||||
|
||||
nginx:
|
||||
image: nginx:alpine
|
||||
container_name: nginx
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ./nginx-config:/etc/nginx/conf.d
|
||||
- ./nginx-certs/vault.local.key:/etc/ssl/private/vault.local.key
|
||||
- ./nginx-certs/vault.local.crt:/etc/ssl/certs/vault.local.crt
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
|
||||
|
||||
🔹 Notes:
|
||||
- Vaultwarden runs on port 8000 internally (proxied by Nginx).
|
||||
- Persistent data is stored in ./vw-data/.
|
||||
- Replace DOMAIN and ADMIN_TOKEN with your values.
|
||||
|
||||
---
|
||||
|
||||
## 🌐 Step 2: Nginx Reverse Proxy Configuration
|
||||
|
||||
Inside your nginx-config directory, create a file named vaultwarden.conf with:
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name domain_name;
|
||||
|
||||
ssl_certificate /etc/ssl/certs/vault.local.crt;
|
||||
ssl_certificate_key /etc/ssl/private/vault.local.key;
|
||||
|
||||
location / {
|
||||
proxy_pass http://vaultwarden:80;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
🔹 This configuration:
|
||||
- Forces HTTPS on your domain.
|
||||
- Proxies requests to the Vaultwarden container.
|
||||
|
||||
---
|
||||
|
||||
## 🔐 Step 3: Generate a Self-Signed SSL Certificate
|
||||
|
||||
If you don’t already have an SSL certificate, generate one for local testing:
|
||||
|
||||
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
|
||||
-keyout ./nginx-certs/vault.local.key \
|
||||
-out ./nginx-certs/vault.local.crt
|
||||
|
||||
|
||||
🔹 Fill in the required details (CN should match domain_name).
|
||||
🔹 Place the generated files inside ./nginx-certs/.
|
||||
|
||||
---
|
||||
|
||||
## ▶️ Step 4: Start the Services
|
||||
|
||||
Run:
|
||||
|
||||
docker compose up -d
|
||||
|
||||
|
||||
Check containers:
|
||||
|
||||
docker ps
|
||||
|
||||
|
||||
- Vaultwarden should be running on port 8000 internally.
|
||||
- Nginx should be serving HTTPS on https://domain_name.
|
||||
|
||||
---
|
||||
|
||||
## ✅ Step 5: Access Vaultwarden
|
||||
|
||||
- Open: https://domain_name
|
||||
- Admin portal: https://domain_name/admin (use your ADMIN_TOKEN)
|
||||
|
||||
---
|
||||
|
||||
## 🎯 Summary
|
||||
|
||||
You now have:
|
||||
- Vaultwarden running in Docker.
|
||||
- Nginx reverse proxy with HTTPS enabled.
|
||||
- Secure, self-hosted password manager ready for use.
|
||||
@@ -1,83 +0,0 @@
|
||||
# 🚦 **Traefik Overview**
|
||||
|
||||
**Traefik** is a **modern reverse proxy** and load balancer that makes deploying, securing, and managing microservices easier.
|
||||
|
||||
---
|
||||
|
||||
## 🔄 **Core Concepts**
|
||||
|
||||
### 1️⃣ **Entrypoint** 🛬
|
||||
|
||||
* The starting point for **incoming requests**.
|
||||
* Example: `:80` for HTTP or `:443` for HTTPS.
|
||||
|
||||
### 2️⃣ **Router** 🚏
|
||||
|
||||
* Decides **where a request should go** based on rules.
|
||||
* Connects **entrypoints** to **services**.
|
||||
|
||||
### 3️⃣ **Service** 🛠️
|
||||
|
||||
* The actual application or backend that processes the request.
|
||||
|
||||
---
|
||||
|
||||
## 🧩 **Routers Details**
|
||||
|
||||
**Routers** can have:
|
||||
|
||||
1. **Middleware** 🧱
|
||||
|
||||
* Modify requests/responses before reaching the service.
|
||||
* Examples:
|
||||
|
||||
* `StripPrefix` ➡️ Remove part of the URL path.
|
||||
* `RateLimit` ➡️ Limit request rate.
|
||||
* `Auth` ➡️ Add authentication.
|
||||
|
||||
2. **Rules** 📜
|
||||
|
||||
* Define **how to match a request**.
|
||||
* Examples:
|
||||
|
||||
* `Host("example.com")`
|
||||
* `PathPrefix("/api")`
|
||||
|
||||
---
|
||||
|
||||
## ⚙️ **Traefik Configuration Types**
|
||||
|
||||
1. **Static Configuration** 🗂️
|
||||
|
||||
* Defines **Traefik’s own behavior**.
|
||||
* Example: entrypoints, providers, log level.
|
||||
* Set in `traefik.yml` or CLI args.
|
||||
|
||||
2. **Dynamic Configuration** 📡
|
||||
|
||||
* Defines **how Traefik routes requests**.
|
||||
* Example: routers, services, middlewares.
|
||||
* Comes from files, Kubernetes CRDs, or Docker labels.
|
||||
|
||||
---
|
||||
|
||||
## 🔗 **Request Flow**
|
||||
|
||||
```
|
||||
Request
|
||||
⬇️
|
||||
Entrypoint 🛬
|
||||
⬇️
|
||||
Router 🚏
|
||||
⬇️
|
||||
Middleware 1 🧱 → Middleware 2 🧱
|
||||
⬇️
|
||||
Service 🛠️
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## 🌟 **Summary**
|
||||
|
||||
Traefik acts like a **smart traffic cop** 🚓 for your microservices, ensuring that requests go exactly where they should, with the right rules and transformations applied along the way.
|
||||
|
||||
Reference in New Issue
Block a user