I’m trying to host a vaultwarden instance through docker and failing miserably. This isn’t my first attempt either but I’ve got much further than before.

I’m using a DuckDNS domain with caddy as reverse proxy, but it appears that the domain is defaulting to port 80 no matter how I set up the config. I can’t specify a port number in DuckDNS as far as I can tell. If the simple solution is to just buy a domain name I will consider it. Otherwise could really use some help in sorting out why it’s not connecting.

I can’t access Vaultwarden on the internal IP as it’s not being served as SSL but both Vaultwarden and Caddy are running with no errors in logs. I’ve left out a bunch of admin env variables for the Vaultwarden service to truncate the code.

docker-compose:

`[___](services:

vaultwarden:

container_name: vaultwarden

image: vaultwarden/server:latest

restart: unless-stopped

ports:

  - 11808:80

  - 11443:443

volumes:

  - ./data/:/data/

environment:

  - ROCKET_PORT=11444

caddy:

image: caddy:2

container_name: caddy2

restart: always

ports:

  - 1808:11808

  - 1443:11443

volumes:

  - ./caddy:/usr/bin/caddy

  - ./Caddyfile:/etc/caddy/Caddyfile:ro

  - ./caddy-config:/config

  - ./caddy-data:/data

environment:

  DOMAIN: "https://example.duckdns.org"

  EMAIL: "[email protected]"
        
  DUCKDNS_TOKEN: "token"

  LOG_FILE: "/data/access.log")`

Caddyfile:

’ {$DOMAIN}:1443 {

log {

level INFO

output file {$LOG_FILE} {

  roll_size 10MB

  roll_keep 10

}

}

tls {

dns duckdns {$DUCKDNS_TOKEN}

}

encode gzip

Notifications redirected to the WebSocket server

reverse_proxy /notifications/hub vaultwarden:3012

Proxy everything else to Rocket

reverse_proxy vaultwarden:11444

}`

Any idea where I’m going wrong?

  • AbidanYre@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    5 days ago

    I think you can also use

    services:
      vaultwarden:
        expose: 
          - 80
    

    And use 80 instead of 11808 in the caddy file.

    Then the port will be available internally for caddy but not to the outside world. That may also need a network created in docker though. I’m on my phone so I can’t check the finer details at the moment.