Hello Friends,

I have a small ubuntu Server and I finally also want to transfer my Vaultwarden Instance to it. On this Server I have several services running (homeassistant, …) and Certbot via Dehydrated (right now I get a certificate for my duckdns address). In some directory I have the privkey and fullchain files.

Now my Problem is that when I start vaultwarden it wont load as https.

I believe, my Problem is telling Vaultwarden, where my certificate files are located so it can use them accordingly.

This is my Compose File right now:

  vaultwarden:
    container_name: vaultwarden
    image: vaultwarden/server:latest
    restart: unless-stopped
    volumes:
      - /home/vaultwarden:/data/
      - /home/(directory to my certificates):/usr/share/ca-certificates/
    ports:
      - 8129:80
    environment:
      - DOMAIN=https://hurrdurr.duckdns.org
      - LOGIN_RATELIMIT_MAX_BURST=10
      - LOGIN_RATELIMIT_SECONDS=60
      - ADMIN_RATELIMIT_MAX_BURST=10
      - ADMIN_RATELIMIT_SECONDS=60
      - ADMIN_TOKEN=token
      - SENDS_ALLOWED=true
      - EMERGENCY_ACCESS_ALLOWED=true
      - WEB_VAULT_ENABLED=true
      - SIGNUPS_ALLOWED=true

The Volume Mapping to the certificates was just me trying it out so maybe its working if I map it like that.

If I open the 8129 in my Browser it will just time out. I also managed it to start but it wouldnt let me register as theres not https certificate.

  • Dandroid@dandroid.app
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    Seconding a reverse proxy. Once you have it set up, it’s trivial to add a subdomain, forward it to your internal port that your container is exposing, then use certbot or whatever to get a new certificate for that subdomain.

    I just use apache because I heavily use it for work, so I already know it well. But lots of people swear by nginx as well. There are lots of other options as well.

    • lemmyvore@feddit.nl
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      No need to get a certificate for ever subdomain, you can get a wildcard cert for *.your. domain.

      • Dandroid@dandroid.app
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        True. I did that for one of my domains, but it was really quite annoying to do with certbot, as you needed some sort of plugin.

        • Kangie@lemmy.srcfiles.zip
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          It’s fine with Let’sEncrypt via the DNS01 challenge; my lab typically only uses one wildcard certificate for all the services there unless I have a specific need to generate an indovidual cert for a service.

    • klangcola@reddthat.com
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Thirding a reverse proxy. Probably Nginx Proxy Manager (NPM) is the easiest reverse proxy to get started with, if you don’t want to deal with plain nginx config files