-
-
Notifications
You must be signed in to change notification settings - Fork 266
/
docker-compose.yml
83 lines (80 loc) · 3.38 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
services:
vaultwarden:
image: vaultwarden/server:latest-alpine
container_name: vaultwarden
hostname: vaultwarden
restart: unless-stopped
dns:
- 1.1.1.1
environment:
#- ADMIN_TOKEN=$$argon2id$$v=19$$m=19456,t=2,p=1$$UUZxK1FZMkZoRHFQRlVrTXZvS0E3bHpNQW55c2dBN2NORzdsa0Nxd1JhND0$$cUoId+JBUsJutlG4rfDZayExfjq4TCt48aBc9qsc3UI # see https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token
#- SIGNUPS_ALLOWED=false
#- SIGNUPS_VERIFY=true
#- INVITATIONS_ALLOWED=true # only admins and orga owners
#- globalSettings__mail__smtp__host=smtp.gmail.com
#- globalSettings__mail__smtp__password=MyStrongSmtpLoginPassword
#- globalSettings__mail__smtp__ssl=true
#- globalSettings__mail__smtp__port=587
- LOG_FILE=/data/logs/access.log
- WEBSOCKET_ENABLED=true
- ROCKET_ENV=prod
- ROCKET_WORKERS=10
- TZ=Europe/Berlin
- LOG_LEVEL=error
- EXTENDED_LOGGING=true
ports:
- 8888:80
expose:
- 80
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vaultwarden/data:/data
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vaultwarden/logs:/data/logs
#networks:
# - proxy
#labels:
# - com.centurylinklabs.watchtower.monitor-only=true
# - traefik.enable=true
# - traefik.docker.network=proxy
# - traefik.http.routers.vaultwarden.rule=Host(`bitwarden.example.com`)
# - traefik.http.routers.vaultwarden.service=vaultwarden
# - traefik.http.services.vaultwarden.loadbalancer.server.port=80
## Block access to the /admin dashboard from public ip ranges
# - traefik.http.routers.vaultwarden-admin.rule=Host(`bitwarden.example.com`) && Path(`/admin`)
# - traefik.http.routers.vaultwarden-admin.service=vaultwarden
# - traefik.http.services.vaultwarden-admin.loadbalancer.server.port=80
# - traefik.http.routers.vaultwarden-admin.middlewares=local-ipwhitelist@file
## Block access to the /api/version endpoint from public ip ranges
# - traefik.http.routers.vaultwarden-admin.rule=Host(`bitwarden.example.com`) && Path(`/api/version`)
# - traefik.http.routers.vaultwarden-admin.service=vaultwarden
# - traefik.http.services.vaultwarden-admin.loadbalancer.server.port=80
# - traefik.http.routers.vaultwarden-admin.middlewares=local-ipwhitelist@file
# this service will backup your vaultwarden instance correctly
# see https://github.com/Bruceforce/vaultwarden-backup for more information
vaultwarden-backup:
image: bruceforce/vaultwarden-backup:latest
container_name: vaultwarden-backup
hostname: vaultwarden-backup
restart: always
init: true
depends_on:
- vaultwarden
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vaultwarden/data:/data/
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vaultwarden/backup:/myBackup
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
environment:
- TIMESTAMP=true
- DELETE_AFTER=30
- UID=0
- GID=1000
- TZ=Europe/Berlin
- BACKUP_DIR=/myBackup
- CRON_TIME=50 3 * * * # see https://crontab.guru/, define without quotes!
#networks:
# - proxy
#networks:
# proxy:
# external: true