Skip to main content

Vaultwarden

Vaultwarden

Information

Vaultwarden is a self hosted password manager and generator similar to Last Pass or Google Password

  • Just Vaultwarden Commands
TypeCommand
Startdocker compose up vaultwarden -d
Shutdowndocker compose down vaultwarden
vaultwarden
  • Once started, vaultwarden should be hit from this url:
URL
Non-SSL (Web UI)http://localhost:9445
Imagevaultwarden/server(Docker Hub)

Vaultwarden Example Docker Compose

services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: ${VAULTWARDEN_CONTAINER_NAME:-vaultwarden}
    restart: unless-stopped
    ports:
      - 9445:80 #map any custom port to use (replace 8445 not 80)
    volumes:
      - ${DEFAULT_CONTAINER_DATA_LOCATION}/Vaultwarden:/data:rw
    environment:
      #     - ROCKET_TLS={certs="/ssl/certs/certs.pem",key="/ssl/private/key.pem"}  // Environment variable is specific to the Rocket web server
      - ADMIN_TOKEN=${ADMIN_TOKEN}
      - WEBSOCKET_ENABLED=true
      - SIGNUPS_ALLOWED=true
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_FROM=${SMTP_FROM}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_SSL=${SMTP_SSL}
      - SMTP_USERNAME=${SMTP_USERNAME}
      - SMTP_PASSWORD=${SMTP_PASSWORD}
      - DOMAIN=${DOMAIN}
    env_file:
      - ./.env
      - ../../.env
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.${VAULTWARDEN_CONTAINER_NAME:-vaultwarden}.rule=Host(`${VAULTWARDEN_CONTAINER_NAME:-vaultwarden}.${PROJECT_HOSTNAME}`)"
      - "traefik.http.routers.${VAULTWARDEN_CONTAINER_NAME:-vaultwarden}.entrypoints=https"
      - "traefik.http.routers.${VAULTWARDEN_CONTAINER_NAME:-vaultwarden}.tls=true"
      - "traefik.http.services.${VAULTWARDEN_CONTAINER_NAME:-vaultwarden}.loadbalancer.server.port=80"
      ## Middlewares
      - ${VAULTWARDEN_AUTHENTIK_MIDDLEWARE:-}
    profiles:
      - all
      - vaultwarden
    networks:
      - homelab

Vaultwarden Example .env file

ADMIN_TOKEN= # randomly generated string of characters, for example running openssl rand -base64 48
WEBSOCKET_ENABLED=true
SIGNUPS_ALLOWED=true ##change to false once create the admin account
SMTP_HOST=smtp-relay.sendinblue.com
SMTP_FROM=user@example.com ##replace example.com with your domain
SMTP_PORT=587
SMTP_SSL=true
SMTP_USERNAME=user@example.com ##sendinblue user
SMTP_PASSWORD=sendinblue password
DOMAIN=https://bitwarden.example.com #replace example.com with your domain
VAULTWARDEN_CONTAINER_NAME=vaultwarden