59 lines
1.8 KiB
YAML
59 lines
1.8 KiB
YAML
# Vaultwarden - Password Manager (Bitwarden-compatible)
|
|
# Domain: vault.${DOMAIN}
|
|
# Database: None (SQLite, built-in)
|
|
# RAM: ~50MB (mem_limit: 256M) | Pi-compatible: Yes
|
|
#
|
|
# Environment variables:
|
|
# DOMAIN - Your domain (e.g., demo-felhom.eu)
|
|
# ADMIN_TOKEN - Admin panel token (auto-generated)
|
|
# SIGNUPS_ALLOWED - Set to "false" after creating your account(s)
|
|
#
|
|
# First-time setup:
|
|
# 1. Visit https://vault.${DOMAIN} and create an account
|
|
# 2. Set SIGNUPS_ALLOWED=false via the controller
|
|
# 3. Admin panel at https://vault.${DOMAIN}/admin (if ADMIN_TOKEN set)
|
|
#
|
|
# Clients:
|
|
# Use any Bitwarden client (desktop, mobile, browser extension)
|
|
# Set server URL to: https://vault.${DOMAIN}
|
|
|
|
services:
|
|
vaultwarden:
|
|
image: vaultwarden/server:1.33.2-alpine
|
|
container_name: vaultwarden
|
|
restart: unless-stopped
|
|
environment:
|
|
- DOMAIN=https://vault.${DOMAIN}
|
|
- SIGNUPS_ALLOWED=${SIGNUPS_ALLOWED:-true}
|
|
- ADMIN_TOKEN=${ADMIN_TOKEN:-}
|
|
- WEBSOCKET_ENABLED=true
|
|
- TZ=Europe/Budapest
|
|
volumes:
|
|
- vaultwarden_data:/data
|
|
networks:
|
|
- traefik-public
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
memory: 256M
|
|
healthcheck:
|
|
test: ["CMD", "wget", "--spider", "-q", "http://localhost:80/alive"]
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
start_period: 10s
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.vaultwarden.rule=Host(`vault.${DOMAIN}`)"
|
|
- "traefik.http.routers.vaultwarden.entrypoints=websecure"
|
|
- "traefik.http.routers.vaultwarden.tls=true"
|
|
- "traefik.http.routers.vaultwarden.tls.certresolver=letsencrypt"
|
|
- "traefik.http.services.vaultwarden.loadbalancer.server.port=80"
|
|
|
|
volumes:
|
|
vaultwarden_data:
|
|
|
|
networks:
|
|
traefik-public:
|
|
external: true
|