Giters

86c5868a / docker-vaultwarden-server

Docker-compose files to host a vaultwarden server (formerly known as bitwarden_rs) with nginx

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Vaultwarden with Traefik

This repository helps to host your own Vaultwarden instance on your server or a raspberry-pi.

Usage

Edit your settings in the .env file.

Start the containers with

docker-compose up -d

⚠️ You have to install Traefik as well.

Settings

In the docker-compose.yml file the admin-token is disabled. If this setting is disabled you are not able to open the admin page (yourhost.local/admin).

Configuration for environment variables

SIGNUPS_ALLOWED

By default, anyone who can access your instance can register for a new account. To disable this, set the SIGNUPS_ALLOWED env variable to false.

More information

SIGNUPS_DOMAINS_WHITELIST

You can restrict registration to email addresses from certain domains by setting SIGNUPS_DOMAINS_WHITELIST accordingly.

More information

SIGNUPS_VERIFY

Require email verification to finish the registration.

INVITATIONS_ALLOWED

Even when registration is disabled (SIGNUPS_ALLOWED), organization administrators or owners can invite users to join organization.

More information

ADMIN_TOKEN

Activated the admin page. This page allows server administrators to view all the registered users and to delete them. It also shows inviting new users, even when registration is disabled.

More information

DISABLE_ADMIN_TOKEN

If you have another method to authenticate the admin page then you can set the DISABLE_ADMIN_TOKEN variable to true.

More information

WEBSOCKET_ENABLED

Informs the browser and desktop Bitwarden clients that some event of interest has occurred, such as when an entry in the password database has been modified or deleted.

This setting is not applicable to mobile Bitwarden clients (Android/iOS) because these use the native push notification service instead.

More information

DOMAIN

The domain of your vaultwarden instance (should be the same as VIRTUAL_HOST).

This is required for U2F and FIDO2 WebAuthn authentication.

More information

YubiKey OTP Authentication

You need a YUBICO_CLIENT_ID and YUBICO_SECRET_KEY to allow authentication with a Yubikey.

If YUBICO_SERVER is not set the default YubiCloud servers are used.

More information

SMTP Configuration

  • SMTP_HOST: The host server of the mail server
  • SMTP_FROM: the mail address which should be used for sending mails
  • SMTP_PORT: the port of the smtp server
  • SMTP_SECURITY: the protocol that should be used (default: starttls, options: force_tls, off, starttls)
  • SMTP_USERNAME: the username of the smtp user
  • SMTP_PASSWORD: the password of the smtp user

This requires to set the DOMAIN variable.

More information

SHOW_PASSWORD_HINT

Usually, password hints are sent by email. But as vaultwarden is made with small or personal deployment in mind, hints are also available from the password hint page, so you don't have to configure an email service.

More information

Logging

  • LOG_LEVEL: options are: "trace", "debug", "info", "warn", "error" or "off". NOTE: Using the log level "warn" or "error" still allows Fail2Ban to work properly.
  • USE_SYSLOG
  • EXTENDED_LOGGING

More information

Syncing users from LDAP

More information

About

Docker-compose files to host a vaultwarden server (formerly known as bitwarden_rs) with nginx

License:MIT License

Languages

Language:Shell 83.2%Language:Dockerfile 16.8%