- docker-compose
yaml
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: unless-stopped
ports:
- "6666:80"
- "3012:3012"
volumes:
- /data/tools/bitwarden/vaultwarden:/data
- /data/nginx/certs:/ssl:ro
environment:
- ADMIN_TOKEN=Y3x6DXZ82CKqksC54iP8
- WEBSOCKET_ENABLED=true
- PUSH_RELAY_URI=https://api.bitwarden.eu
- PUSH_IDENTITY_URI=https://identity.bitwarden.eu
- SIGNUPS_ALLOWED=false
- ROOT_URL=https://www.camellia.ac.cn
- DOMAIN=https://www.camellia.ac.cn- nginx
cfg
# Bitwarden/Vaultwarden Configuration
# Domain: www.camellia.ac.cn
# Service: Vaultwarden (Password Manager)
# Backend: 127.0.0.1:6666
# HTTP to HTTPS redirect
server {
listen 80;
listen [::]:80;
server_name www.camellia.ac.cn;
return 301 https://$host$request_uri;
}
# HTTPS configuration
server {
listen 443 ssl http2;
server_name www.camellia.ac.cn;
# SSL certificates
ssl_certificate /data/nginx/certs/fullchain.pem;
ssl_certificate_key /data/nginx/certs/camellia.ac.cn.key;
# Main application
location / {
proxy_pass http://127.0.0.1:6666/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# WebSocket for notifications
location /notifications/hub/ {
proxy_pass http://127.0.0.1:3012;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}