-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvaultwarden-docker-compose.yml
99 lines (96 loc) · 4.14 KB
/
vaultwarden-docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
version: "3.9"
networks:
example-network:
name: example-network
driver: bridge
ipam:
driver: default
services:
nginx-proxy-manager:
env_file:
- path: ./.env
required: true
image: ${NPM_IMAGE_TAG}
container_name: ${NPM_CONTAINER_NAME}
volumes:
- "./nginx-proxy-manager/data:/data"
- "./nginx-proxy-manager/letsencrypt:/etc/letsencrypt"
environment:
# Uncomment this if you want to change the location of the SQLite DB file within the container
# - DB_SQLITE_FILE="/data/database.sqlite"
- DISABLE_IPV6=${DISABLE_IPV6}
- PUID=${PUID}
- PGID=${PGID}
restart: ${RESTART_STATUS}
networks:
- example-network
ports:
# These ports are in format <host-port>:<container-port>
- '80:80' # Public HTTP Port
- '443:443' # Public HTTPS Port
- '81:81' # Admin Web Port
# Add any other Stream port you want to expose
# - '21:21' # FTP
healthcheck:
test: ["CMD", "/usr/bin/check-health"]
interval: 10s
timeout: 3s
retries: 3
start_period: 90s
security_opt:
- no-new-privileges:${NO_NEW_PRIVILEGES}
vaultwarden:
env_file:
- path: ./.env
required: true
image: ${VAULTWARDEN_IMAGE_TAG}
container_name: ${VAULTWARDEN_CONTAINER_NAME}
volumes:
- "./vaultwarden/data/:/data/"
environment:
- PUID=${PUID}
- PGID=${PGID}
- ADMIN_TOKEN=${ADMIN_TOKEN} # Disable admin page by not issue any admin token
- SMTP_HOST=${SMTP_HOST}
- SMTP_FROM=${SMTP_FROM}
- SMTP_SECURITY=${SMTP_SECURITY} # The security method used by your SMTP server. Possible values: “starttls” / “force_tls” / “off”.
- SMTP_PORT=${SMTP_PORT}
- SMTP_USERNAME=${SMTP_USERNAME}
- SMTP_PASSWORD=${SMTP_PASSWORD}
- LOGIN_RATELIMIT_MAX_BURST=10
- LOGIN_RATELIMIT_SECONDS=60
- ADMIN_RATELIMIT_MAX_BURST=10
- ADMIN_RATELIMIT_SECONDS=60
- SENDS_ALLOWED=${SENDS_ALLOWED} # This setting determines whether users are allowed to create Bitwarden Sends – a form of credential sharing.
- SIGNUPS_ALLOWED = ${SIGNUPS_ALLOWED} # This setting controls whether or not new users can register for accounts without an invitation. Possible values: true / false. Can change to false to disable anyone create account - for better security
- SIGNUPS_VERIFY=${SIGNUPS_VERIFY} # This setting determines whether or not new accounts must verify their email address before being able to login to Vaultwarden. Possible values: true / false.
- SIGNUPS_VERIFY_RESEND_TIME=${SIGNUPS_VERIFY_RESEND_TIME}
- SIGNUPS_VERIFY_RESEND_LIMIT=${SIGNUPS_VERIFY_RESEND_LIMIT}
- SIGNUPS_DOMAINS_WHITELIST=${SIGNUPS_DOMAINS_WHITELIST}
- EMERGENCY_ACCESS_ALLOWED=${EMERGENCY_ACCESS_ALLOWED} # This setting controls whether users can enable emergency access to their accounts. This is useful, for example, so a spouse can access a password vault in the event of death so they can gain access to account credentials. Possible values: true / false.
- WEBSOCKET_ENABLED=${WEBSOCKET_ENABLED}
- WEB_VAULT_ENABLED=${WEB_VAULT_ENABLED} # This setting determines whether or not the web vault is accessible. Stopping your container then switching this value to false and restarting Vaultwarden could be useful once you’ve configured your accounts and clients to prevent unauthorized access. Possible values: true/false.
- DOMAIN=${DOMAIN}
- LOG_FILE=${LOG_FILE}
- INVITATIONS_ALLOWED=${INVITATIONS_ALLOWED}
- SHOW_PASSWORD_HINT=${SHOW_PASSWORD_HINT}
- PASSWORD_HINTS_ALLOWED=${PASSWORD_HINTS_ALLOWED}
- PUSH_ENABLED=${PUSH_ENABLED}
- PUSH_INSTALLATION_ID=${PUSH_INSTALLATION_ID}
- PUSH_INSTALLATION_KEY=${PUSH_INSTALLATION_KEY}
restart: ${RESTART_STATUS}
networks:
- example-network
ports:
- 8880:80
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:80/"]
interval: 10s
timeout: 5s
retries: 3
start_period: 90s
depends_on:
nginx-proxy-manager:
condition: service_healthy
security_opt:
- no-new-privileges:${NO_NEW_PRIVILEGES}