Installation
docker-compose.yml
version: '2'
services:
vaultwarden:
image: ghcr.io/dani-garcia/vaultwarden
container_name: vaultwarden
restart: unless-stopped
volumes:
- ./data/:/data/
environment:
WEBSOCKET_ENABLED: "true" # Enable WebSocket notifications.
ADMIN_TOKEN: ${VAULTWARDEN_ADMIN_TOKEN}
PASSWORD_ITERATIONS: 500000
labels:
traefik.enable: true
traefik.http.services.vaultwarden-service.loadbalancer.server.port: 80
traefik.http.services.vaultwarden-ws-service.loadbalancer.server.port: 3012
traefik.http.routers.vaultwarden-admin.entrypoints: websecure
traefik.http.routers.vaultwarden-admin.middlewares: secured@file
traefik.http.routers.vaultwarden-admin.rule: Host(`vaultwarden.${SITE}`) && PathPrefix(`/admin`)
traefik.http.routers.vaultwarden-admin.service: vaultwarden-service
traefik.http.routers.vaultwarden-user.entrypoints: websecure
traefik.http.routers.vaultwarden-user.rule: Host(`vaultwarden.${SITE}`) && !PathPrefix(`/admin`)
traefik.http.routers.vaultwarden-user.service: vaultwarden-service
traefik.http.routers.vaultwarden-ws.entrypoints: websecure
traefik.http.routers.vaultwarden-ws.rule: Host(`vaultwarden.${SITE}`) && Path(`/notifications/hub`)
traefik.http.routers.vaultwarden-ws.service: vaultwarden-ws-service
Getting the admin token
See here.
- Run the following command and choose a password.
docker exec -it vwcontainer /vaultwarden hash - Although the documentation states that it is not necessary, replace all
$with$$in the string. - Put the string into the
.envfile. For example:VAULTWARDEN_ADMIN_TOKEN=$$argon2id$$v=19$$m=19456,t=2,p=1$$UUZxK1FZMkZoRHFQRlVrTXZvS0E3bHpNQW55c2dBN2NORzdsa0Nxd1JhND0$$cUoId+JBUsJutlG4rfDZayExfjq4TCt48aBc9qsc3UI
- You can test if websockets are working by opening vaultwarden in two different browsers/devices and creating an entry in one of them. It should automatically sync over to the other.