In order to setup Vaultwarden in a docker-compose & SQLite based configuration (e.g. on CoreOS), first we need to create a directory. I recommend using /opt/vaultwarden.
Run all the following commands and place all the following files in the /opt/vaultwarden directory!
First, we’ll create a .env file with random passwords (I recommend using pwgen 30). Not using a unique, random password here is a huge security risk since it will allow full admin access to Vaultwarden!
ADMIN_TOKEN=iqueingufo3LohshoohoG3tha2zou6 SIGNUPS_ALLOWED=true
Now place your docker-compose.yml:
version: '3.4'
services:
vaultwarden:
image: vaultwarden/server:latest
environment:
- ADMIN_TOKEN=${ADMIN_TOKEN}
- SIGNUPS_ALLOWED=${SIGNUPS_ALLOWED}
volumes:
- ./vw_data:/data
ports:
- 17881:80
Next, we’ll create a systemd service to autostart docker-compose:
curl -fsSL https://techoverflow.net/scripts/create-docker-compose-service.sh | sudo bash /dev/stdin
This will automatically start vaultwarden.
Now you need to configure your reverse proxy server to point https://vaultwarden.mydomain.com . You need to use https, http won’t work due to some browser limitations.
Now we need to configure vaultwarden using the admin interface.
Go to https://vaultwarden.mydomain.com/admin and enter the ADMIN_TOKEN from .env.
There are two things that you need to configure here:
- The Domain Name under General settings
- The email server settings under SMTP email settings
With these settings configured, Vaultwarden should be up and running and you can access it using https://vaultwarden.mydomain.com .
After the first user has been setup and tested, you can uncheck the Allow new signups in General settings in the admin interface. This is recommended since everyone who will be able to guess your domain name would be able to create a Vaultwarden account otherwise.