Hello Friends,

I have a small ubuntu Server and I finally also want to transfer my Vaultwarden Instance to it. On this Server I have several services running (homeassistant, …) and Certbot via Dehydrated (right now I get a certificate for my duckdns address). In some directory I have the privkey and fullchain files.

Now my Problem is that when I start vaultwarden it wont load as https.

I believe, my Problem is telling Vaultwarden, where my certificate files are located so it can use them accordingly.

This is my Compose File right now:

  vaultwarden:
    container_name: vaultwarden
    image: vaultwarden/server:latest
    restart: unless-stopped
    volumes:
      - /home/vaultwarden:/data/
      - /home/(directory to my certificates):/usr/share/ca-certificates/
    ports:
      - 8129:80
    environment:
      - DOMAIN=https://hurrdurr.duckdns.org
      - LOGIN_RATELIMIT_MAX_BURST=10
      - LOGIN_RATELIMIT_SECONDS=60
      - ADMIN_RATELIMIT_MAX_BURST=10
      - ADMIN_RATELIMIT_SECONDS=60
      - ADMIN_TOKEN=token
      - SENDS_ALLOWED=true
      - EMERGENCY_ACCESS_ALLOWED=true
      - WEB_VAULT_ENABLED=true
      - SIGNUPS_ALLOWED=true

The Volume Mapping to the certificates was just me trying it out so maybe its working if I map it like that.

If I open the 8129 in my Browser it will just time out. I also managed it to start but it wouldnt let me register as theres not https certificate.

  • emhl@feddit.de
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    Using traefik as your first reverse proxy might be a bit daunting. Caddy or “nginx reverse proxy” are much easier to configure.

    • 7Sea_Sailor@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      If you want it beginner friendly, I can recommend nginx proxy Manager, which is basically a web ui frontend for nginx. This has its own drawbacks, but makes setup very uncomplicated.

      • 子犬です@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I agree, very beginner friendly. But also, it’s what most people are gonna need.

        I actually started with Traefik because I didn’t know any better, and I kinda wanna go back to be honest because with Traefik I was able to configure a Minecraft server, without having to expose the port. But not with NGINX Proxy Manager.l, since it only does http and shit. But I REALLY like being able to do everything via a webUI since I only have a phone to manage my server .

        So, I find myself stuck between functionality and ease of use. :(

        • lemmyvore@feddit.nl
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Nginx Proxy Manager can do stream hosts, which are encrypted tunnels where you can put any kind of traffic not just HTTP.

          • 子犬です@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I’ve tried, but I wasn’t able to get it working. I’ll look into it again though, cuz I’d love to do it all through NPM.

        • Kangie@lemmy.srcfiles.zip
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          At the end of the day Traefik isn’t that hard, especially if you know the core concepts; if you know both and have a need for Traefik I’d just use that everywhere.

        • 7Sea_Sailor@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          You should look into NPM Streams, they’re built exactly for this purpose. It’s included by default, just another type of host.

          • 子犬です@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I’ve tried, but I wasn’t able to get it working. I’ll look into it again though, cuz I’d love to do it all through NPM.