68 lines
1.1 KiB
Markdown
68 lines
1.1 KiB
Markdown
# Basic Vaultwarden docker-compose config
|
|
* can be run on single node setup or in swarm
|
|
|
|
## howto
|
|
### single node
|
|
#### start container
|
|
```bash
|
|
docker compose up -d
|
|
```
|
|
|
|
#### stop container (and remove)
|
|
```bash
|
|
docker compose down
|
|
```
|
|
|
|
#### view logs
|
|
```bash
|
|
docker compose logs -f
|
|
```
|
|
|
|
#### reload config
|
|
```bash
|
|
docker compose restart
|
|
```
|
|
|
|
### swarm
|
|
#### start aka deploy
|
|
```bash
|
|
docker stack deploy -c docker-compose.yml caddy
|
|
```
|
|
|
|
#### stop container aka service
|
|
```bash
|
|
docker service rm caddy_caddy
|
|
```
|
|
|
|
#### view logs
|
|
```bash
|
|
docker service logs caddy_caddy -f
|
|
```
|
|
|
|
#### reload config (no downtime if replica 2 or more)
|
|
```bash
|
|
docker service update caddy_caddy --force
|
|
```
|
|
|
|
## example caddy config
|
|
```
|
|
vault.example.com {
|
|
header {
|
|
Strict-Transport-Security max-age=31536000;
|
|
X-XSS-Protection "1; mode=block"
|
|
X-Frame-Options DENY
|
|
X-Robots-Tag none
|
|
-Server
|
|
}
|
|
reverse_proxy vaultwarden:80 {
|
|
header_up X-Real-IP {remote_host}
|
|
}
|
|
|
|
# disable /admin page via domain (diable for inital config)
|
|
handle /admin {
|
|
respond 403
|
|
}
|
|
|
|
reverse_proxy 10.1.16.1:80
|
|
}
|
|
``` |