I’m trying to host a vaultwarden instance through docker and failing miserably. This isn’t my first attempt either but I’ve got much further than before.

I’m using a DuckDNS domain with caddy as reverse proxy, but it appears that the domain is defaulting to port 80 no matter how I set up the config. I can’t specify a port number in DuckDNS as far as I can tell. If the simple solution is to just buy a domain name I will consider it. Otherwise could really use some help in sorting out why it’s not connecting.

I can’t access Vaultwarden on the internal IP as it’s not being served as SSL but both Vaultwarden and Caddy are running with no errors in logs. I’ve left out a bunch of admin env variables for the Vaultwarden service to truncate the code.

docker-compose:

`[___](services:

vaultwarden:

container_name: vaultwarden

image: vaultwarden/server:latest

restart: unless-stopped

ports:

  - 11808:80

  - 11443:443

volumes:

  - ./data/:/data/

environment:

  - ROCKET_PORT=11444

caddy:

image: caddy:2

container_name: caddy2

restart: always

ports:

  - 1808:11808

  - 1443:11443

volumes:

  - ./caddy:/usr/bin/caddy

  - ./Caddyfile:/etc/caddy/Caddyfile:ro

  - ./caddy-config:/config

  - ./caddy-data:/data

environment:

  DOMAIN: "https://example.duckdns.org"

  EMAIL: "example@domain.com"
        
  DUCKDNS_TOKEN: "token"

  LOG_FILE: "/data/access.log")`

Caddyfile:

’ {$DOMAIN}:1443 {

log {

level INFO

output file {$LOG_FILE} {

  roll_size 10MB

  roll_keep 10

}

}

tls {

dns duckdns {$DUCKDNS_TOKEN}

}

encode gzip

Notifications redirected to the WebSocket server

reverse_proxy /notifications/hub vaultwarden:3012

Proxy everything else to Rocket

reverse_proxy vaultwarden:11444

}`

Any idea where I’m going wrong?

  • k4j8@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    10 days ago

    I host Caddy and Vaultwarden using Docker. The traffic into the reverse proxy, Caddy, works over port 443, not 1808 or 1443. Using the Caddyfile, you can tell Caddy which port to send the traffic over.

    Caddy docker-compose.yml

    services:
      caddy:
        ports:
          - "80:80"
          - "443:443"
    

    Caddyfile, although there are other ways to do this

    *.example.com {
            @vaultwarden host vaultwarden.example.com
            handle @vaultwarden {
                    reverse_proxy :11808
            }
    

    Vaultwarden docker-compose.yml

    services:
      vaultwarden:
        ports:
          - 11808:80
    
    • AbidanYre@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      9 days ago

      I think you can also use

      services:
        vaultwarden:
          expose: 
            - 80
      

      And use 80 instead of 11808 in the caddy file.

      Then the port will be available internally for caddy but not to the outside world. That may also need a network created in docker though. I’m on my phone so I can’t check the finer details at the moment.