Vaultwarden with Cloudflare Zero Trust
Selfhosted Vaultwarden with Nginx and Cloudflare Zero Trust as reverse proxy and security
Google Cloud offers an 'always free' tier of their Compute Engine with one virtual core and ~600 MB of RAM (about 150 MB free depending on which OS you installed).
Go to Google Compute Engine and open a Cloud Shell. You may also create the instance manually following the constraints of the free tier. In the Cloud Shell enter the following command to build the properly spec'd machine:
gcloud compute instances create vaultwarden \
--machine-type e2-micro \
--zone us-central1-a \
--image-project cos-cloud \
--image-family cos-stable \
--boot-disk-size=30GB \
--scopes compute-rw
Enter a shell on the new instance and clone this repo:
git clone https://github.com/abdulaziz-git/vaultwarden-cloudflare-zero-trust.git
cd vaultwarden-cloudflare-zero-trust
Set up the docker-compose alias by using the included script:
sh utilities/install-alias.sh
source ~/.bashrc
docker-compose version
You should get reply similar to the following
docker-compose version 1.26.2, build eefe0d3
docker-py version: 4.2.2
CPython version: 3.7.7
OpenSSL version: OpenSSL 1.1.1g 21 Apr 2020
I provide .env.template
which should be copied to .env
and filled out; filling it out is self-explanitory and requires certain values such as a domain name, Cloudflare tokens, etc.
Add domain name to .env
, please make sure that your domain is already added to Cloudflare.
To get Zero Trust tunnel token, you need to register here https://www.cloudflare.com/products/zero-trust/.
After that create a tunnel in Zero Trust dashboard, copy tunnel tokens and add to CLOUDFLARED_TOKEN
in .env
file
To start up, use docker-compose
:
docker-compose up -d
After that go back to Cloudflare Zero Trust tunnel page.
- Go to
Public Hostname
and clickAdd a public hostname
button - Select domain you configure in
.env
file - Set Service Type to
HTTP
- Set URL to
proxy:80
- Click
Save hostname
Run the following command to install rclone
docker exec -it vaultwarden ash /backup.sh
Run the following command to configure rclone
docker exec -it vaultwarden ash -c 'rclone config --config $BACKUP_RCLONE_CONF'
Follow the prompts and instructions at https://rclone.org/remote_setup/ - you will most likely need to download a rclone on another computer (it is portable) to authorize.