bf3ed29434
- Docker Compose setup with Traefik integration - Amazon SES SMTP configuration (credentials in .env - not committed) - Email verification and testing scripts - Security: .gitignore excludes sensitive data (.env, data/, emailproxy-config/) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
61 lines
2.6 KiB
YAML
61 lines
2.6 KiB
YAML
services:
|
|
vaultwarden:
|
|
image: vaultwarden/server:latest
|
|
container_name: vaultwarden
|
|
restart: always
|
|
networks:
|
|
- traefik
|
|
volumes:
|
|
- ./data:/data
|
|
- /etc/localtime:/etc/localtime:ro
|
|
environment:
|
|
- DATABASE_URL=${DATABASE_URL}
|
|
- ADMIN_TOKEN=${ADMIN_TOKEN}
|
|
- SIGNUPS_ALLOWED=false
|
|
- DOMAIN=https://${DOMAIN}
|
|
- SMTP_HOST=${SMTP_HOST}
|
|
- SMTP_FROM=${SMTP_FROM}
|
|
- SMTP_PORT=${SMTP_PORT}
|
|
- SMTP_SECURITY=${SMTP_SECURITY}
|
|
- SMTP_USERNAME=${SMTP_USERNAME}
|
|
- SMTP_PASSWORD=${SMTP_PASSWORD}
|
|
labels:
|
|
- "traefik.enable=true"
|
|
|
|
# HTTP to HTTPS redirect
|
|
- "traefik.http.routers.vaultwarden-http.rule=Host(`${DOMAIN}`)"
|
|
- "traefik.http.routers.vaultwarden-http.entrypoints=http"
|
|
- "traefik.http.routers.vaultwarden-http.service=vaultwarden"
|
|
- "traefik.http.routers.vaultwarden-http.priority=100"
|
|
- "traefik.http.routers.vaultwarden-http.middlewares=redirect-to-https@docker"
|
|
|
|
# Main HTTP/HTTPS router
|
|
- "traefik.http.routers.vaultwarden.rule=Host(`${DOMAIN}`)"
|
|
- "traefik.http.routers.vaultwarden.entrypoints=https"
|
|
- "traefik.http.routers.vaultwarden.tls=true"
|
|
- "traefik.http.routers.vaultwarden.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.vaultwarden.service=vaultwarden"
|
|
- "traefik.http.services.vaultwarden.loadbalancer.server.port=80"
|
|
- "traefik.http.routers.vaultwarden.middlewares=geoblock@file,secure-headers@file,crowdsec-bouncer@file"
|
|
|
|
# WebSocket router (required for real-time sync)
|
|
- "traefik.http.routers.vaultwarden-ws.rule=Host(`${DOMAIN}`) && Path(`/notifications/hub`)"
|
|
- "traefik.http.routers.vaultwarden-ws.entrypoints=https"
|
|
- "traefik.http.routers.vaultwarden-ws.tls=true"
|
|
- "traefik.http.routers.vaultwarden-ws.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.vaultwarden-ws.service=vaultwarden-ws"
|
|
- "traefik.http.services.vaultwarden-ws.loadbalancer.server.port=3012"
|
|
- "traefik.http.routers.vaultwarden-ws.middlewares=geoblock@file,crowdsec-bouncer@file"
|
|
|
|
# Admin panel router (restricted to internal IPs)
|
|
- "traefik.http.routers.vaultwarden-admin.rule=Host(`${DOMAIN}`) && PathPrefix(`/admin`)"
|
|
- "traefik.http.routers.vaultwarden-admin.entrypoints=https"
|
|
- "traefik.http.routers.vaultwarden-admin.tls=true"
|
|
- "traefik.http.routers.vaultwarden-admin.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.vaultwarden-admin.service=vaultwarden"
|
|
- "traefik.http.routers.vaultwarden-admin.middlewares=internal-whitelist@file,crowdsec-bouncer@file"
|
|
|
|
networks:
|
|
traefik:
|
|
external: true
|