Sign in Subscribe

Example docker-compose.yaml for Traefik + Vaultwarden with Sendgrid email

Don O'Neill

1 min read

I had a few folks ask me for this, so I'm sharing it here:

services:
  vaultwarden:
    image: vaultwarden/server:1.28.1
    security_opt:
      - no-new-privileges:true
    volumes:
      - ./data/:/data/
    environment:
      - WEBSOCKET_ENABLED=true
      - PASSWORD_ITERATIONS=600000
      - SIGNUPS_ALLOWED=true
      - LOG_FILE=/data/vaultwarden.log
      - LOG_LEVEL=warn
      - EXTENDED_LOGGING=true
      - TZ=America/Los_Angeles
      - SMTP_HOST=smtp.sendgrid.net
      - SMTP_FROM=vaultwarden@example.com
      - SMTP_FROM_NAME=Example
      - SMTP_SECURITY=starttls
      - SMTP_PORT=587
      - SMTP_USERNAME=apikey
      - SMTP_PASSWORD=<redacted>
      - SMTP_TIMEOUT=15
      - DOMAIN=https://vaultwarden.example.com
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=web"
      # Redirect to get the certs
      - "traefik.http.middlewares.redirect-https.redirectScheme.scheme=https"
      - "traefik.http.middlewares.redirect-https.redirectScheme.permanent=true"
      # routers & services
      - "traefik.http.routers.vaultwarden.rule=Host(`vaultwarden.example.com`)"
      - "traefik.http.routers.vaultwarden.service=vaultwarden"
      - "traefik.http.routers.vaultwarden.entrypoints=websecure"
      - "traefik.http.services.vaultwarden.loadbalancer.server.port=80"
      - "traefik.http.routers.vaultwarden.tls=true"
      - "traefik.http.routers.vaultwarden.tls.certresolver=lets-encrypt"
      - "traefik.http.services.vaultwarden.loadbalancer.passhostheader=true"
      - "traefik.http.routers.bitwarden-ui-https.rule=Host(`vaultwarden.example.com`)"
      - "traefik.http.routers.bitwarden-ui-https.entrypoints=websecure"
      - "traefik.http.routers.bitwarden-ui-https.tls=true"
      - "traefik.http.routers.bitwarden-ui-https.service=bitwarden-ui"
      - "traefik.http.routers.bitwarden-ui-http.rule=Host(`vaultwarden.example.com`)"
      - "traefik.http.routers.bitwarden-ui-http.entrypoints=web"
      - "traefik.http.routers.bitwarden-ui-http.middlewares=redirect-https"
      - "traefik.http.routers.bitwarden-ui-http.service=bitwarden-ui"
      - "traefik.http.services.bitwarden-ui.loadbalancer.server.port=80"
      - "traefik.http.routers.bitwarden-websocket-https.rule=Host(`vaultwarden.example.com`) && Path(`/notifications/hub`)"
      - "traefik.http.routers.bitwarden-websocket-https.entrypoints=websecure"
      - "traefik.http.routers.bitwarden-websocket-https.tls=true"
      - "traefik.http.routers.bitwarden-websocket-https.service=bitwarden-websocket"
      - "traefik.http.routers.bitwarden-websocket-http.rule=Host(`vaultwarden.example.com`) && Path(`/notifications/hub`)"
      - "traefik.http.routers.bitwarden-websocket-http.entrypoints=web"
      - "traefik.http.routers.bitwarden-websocket-http.middlewares=redirect-https"
      - "traefik.http.routers.bitwarden-websocket-http.service=bitwarden-websocket"
      - "traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012"
    networks:
      - internal
      - web

networks:
    web:
        external: true
    internal:
        external: false

Sign up for more like this.

Enter your email
Subscribe