Hello Friends,

I have a small ubuntu Server and I finally also want to transfer my Vaultwarden Instance to it. On this Server I have several services running (homeassistant, …) and Certbot via Dehydrated (right now I get a certificate for my duckdns address). In some directory I have the privkey and fullchain files.

Now my Problem is that when I start vaultwarden it wont load as https.

I believe, my Problem is telling Vaultwarden, where my certificate files are located so it can use them accordingly.

This is my Compose File right now:

  vaultwarden:
    container_name: vaultwarden
    image: vaultwarden/server:latest
    restart: unless-stopped
    volumes:
      - /home/vaultwarden:/data/
      - /home/(directory to my certificates):/usr/share/ca-certificates/
    ports:
      - 8129:80
    environment:
      - DOMAIN=https://hurrdurr.duckdns.org
      - LOGIN_RATELIMIT_MAX_BURST=10
      - LOGIN_RATELIMIT_SECONDS=60
      - ADMIN_RATELIMIT_MAX_BURST=10
      - ADMIN_RATELIMIT_SECONDS=60
      - ADMIN_TOKEN=token
      - SENDS_ALLOWED=true
      - EMERGENCY_ACCESS_ALLOWED=true
      - WEB_VAULT_ENABLED=true
      - SIGNUPS_ALLOWED=true

The Volume Mapping to the certificates was just me trying it out so maybe its working if I map it like that.

If I open the 8129 in my Browser it will just time out. I also managed it to start but it wouldnt let me register as theres not https certificate.

  • GiddyEnglish
    11 year ago

    I use Nginx Proxy Manager to reverse proxy all my services including Vaultwarden -

    Setup in NPM -

    Open Nginx Proxy Manager Admin Portal
Click Proxy Hosts
Click Add Proxy Host
Fill in the details
    Details tab
        Domain Names - vault.your.domain
        Scheme - http
        Forward Hostname/IP - vaultwarden (this should be the name of your vw container)
        Forward Port - 80
        Tick Block Common Exploits
        Tick Websockets Support
        Access List - Publicly Accessible
    Custom locations tab
        Add the following locations
            location 1
                location - /notifications/hub
                Scheme - http
                Forward Hostname/IP - vaultwarden
                Forward Port - 3012
                Click the cog symbol and add the following to the textbox that appears
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header Connection "upgrade";
                    proxy_set_header X-Real-IP $remote_addr;
            location 2
                location - /notifications/hub/negotiate
                Scheme - http
                Forward Hostname/IP - vaultwarden
                Forward Port - 80
                Click the cog symbol and add the following to the textbox that appears
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header X-Forwarded-Proto $scheme;
            location 3
                location - /
                Scheme - http
                Forward Hostname/IP - vaultwarden
                Forward Port - 80
                Click the cog symbol and add the following to the textbox that appears
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header X-Forwarded-Proto $scheme;
    SSL tab
        SSL Certificate - Request a new SSL Certificate
        tick Use a DNS Challenge (or just expose port 80 if you accept the risk)
        DNS Provider - Dynu (this is my dyndns provider)
        Credentials File Content - replace YOUR_DYNU_AUTH_TOKEN with the API key from https://www.dynu.com/en-US/ControlPanel/APICredentials
        Email Address for Let's Encrypt - your email
        Tick I Agree to the Let's Encrypt Terms of Service
Click Save
Vaultwarden should now be accessible via https://vault.your.domain