Setting Up Vaultwarden with Docker
Introduction
Vaultwarden is an open-source alternative to Bitwarden that allows you to host your own password management service with minimal resource usage. This guide will help you set up Vaultwarden using Docker and configure it to be accessed securely via a reverse proxy.
Prerequisites
- Docker and Docker Compose: Ensure Docker and Docker Compose are installed on your system.
- Domain Configuration: Make sure your domain (e.g.,
vaultwarden.clintmasden.duckdns.org
) is properly configured to point to your server.
Setting Up Vaultwarden
1. Create a Docker Compose File
Create your docker-compose.yml
with the necessary service definitions:
version: "3"
services:
vaultwarden:
restart: unless-stopped
image: "vaultwarden/server:latest"
container_name: vaultwarden
environment:
- TZ=America/Chicago
- LOG_FILE=/data/bitwarden.log
- EXTENDED_LOGGING=true
- LOG_LEVEL=warn
- ROCKET_WORKERS=20
- WEBSOCKET_ENABLED=true
- SIGNUPS_ALLOWED=false
- DISABLE_ADMIN_TOKEN=false
- ADMIN_TOKEN=********
- SHOW_PASSWORD_HINT=false
- DISABLE_ICON_DOWNLOAD=true
- DOMAIN=https://vaultwarden.clintmasden.duckdns.org
ports:
- 8003:80
- 8004:3012
volumes:
- ./data:/data
Sensitive Data Removed: Admin token for security purposes.
2. Launch Vaultwarden
Deploy your Vaultwarden instance using the following command:
docker-compose up -d
This command will start the Vaultwarden container, making your password management service available online.
3. Accessing Vaultwarden
Once the container is running, access Vaultwarden by navigating to:
https://vaultwarden.clintmasden.duckdns.org
Here you can log in to the admin panel and configure further settings.
Extended Setup and Configuration
Configuring Reverse Proxy
For secure access, configure a reverse proxy using Caddy or another suitable web server. This will enable HTTPS and provide an additional layer of security for your Vaultwarden instance.
Example Caddyfile
Here's an example configuration for Caddy as a reverse proxy for Vaultwarden:
vaultwarden.clintmasden.duckdns.org {
reverse_proxy localhost:8003
respond /admin* "404"
}
Security Enhancements
- Set strong passwords and admin tokens using a reliable hash generator.
- Limit login attempts and enable logging to monitor for unauthorized access attempts.
Resources and References
Conclusion
Setting up Vaultwarden with Docker provides a secure, self-hosted environment for managing passwords. The Docker deployment ensures easy setup and scalability, while the reverse proxy setup adds an essential layer of security for remote access. As your needs grow, consider integrating additional security features and monitoring tools to maintain the integrity and safety of your password management service.