saltyming/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-08-01 16:49:09 +00:00
Code Activity

Create Installation Procedure Vaultwarden on Docker.md

Browse source
This commit is contained in:
NicolasW-7 2024-07-09 15:44:45 +02:00 committed by GitHub
commit 021a3f74d7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 277 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

277
docker/Installation Procedure Vaultwarden on Docker.md Normal file
View file

@ -0,0 +1,277 @@
# Vaultwarden Installation
The goal of this procedure is to simplify the installation of Vaultwarden using Docker.
Prerequisites:
A Debian machine virtual or physique; *the method works on multiple distributions, but commands may need to be adapted for Docker installation.*
## Docker Installation
### Configure the Docker Repository
*Source: <https://github.com/NicolasW-7/AIS-Brief-et-TIPS/blob/main/Procedure/Docker/Installation%20Docker.md?plain=1>*
1. Update the package list:
```sh
sudo apt-get update
```
2. Install the necessary packages:
```sh
sudo apt-get install ca-certificates curl gnupg
```
3. Create the directory for the repository keys:
```sh
sudo install -m 0755 -d /etc/apt/keyrings
```
4. Download and add the Docker GPG key:
```sh
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
```
5. Change the permissions of the GPG key:
```sh
sudo chmod a+r /etc/apt/keyrings/docker.gpg
```
6. Add the Docker repository to the APT sources list:
```sh
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo $VERSION_CODENAME) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
```
7. Update the package list to include the Docker repository:
```sh
sudo apt-get update
```
8. Install the necessary Docker packages:
```sh
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
```
### Verify Docker Installation
9. Check the status of the Docker service:
```sh
systemctl status docker
```
10. If Docker is "active (running)", enable the Docker service to start automatically after the machine reboots:
```sh
sudo systemctl enable docker
```
### Useful Docker Commands
- `docker ps -a`: Shows all containers, including their status, creation date, age, name, and ID.
- `docker stop <container_id>` / `docker rm <container_id>`: Stops (`stop`) and removes (`rm`) a container by adding its ID.
- `docker compose up -d`: Runs the `docker-compose.yml` file to start the containers in detached mode (`-d`).
#### Command Details
##### `docker ps -a`
Displays all containers, whether running or stopped, with information such as:
- Container ID
- Image used
- Command executed
- Creation date
- Status (running, stopped, etc.)
- Exposed ports
- Container names
##### `docker stop <container_id>` / `docker rm <container_id>`
- `docker stop <container_id>`: Stops a running container.
- `docker rm <container_id>`: Removes a stopped container.
**Example:**
```sh
docker stop 1a2b3c4d5e6f
docker rm 1a2b3c4d5e6f
```
## Creating Self-Signed Certificates with OpenSSL
*For this part, we will use self-signed certificates. In production, we will reproduce this step by copying the certificates.*
1. Once Docker is installed, we will need certificates for connecting to the VaultWarden web interface. To do this, create the `/ssl` and `/docker` directories at the root of our Debian machine if they don't already exist:
```sh
mkdir /ssl
mkdir /docker
```
*/ssl will be used to store the .csr, .crt, and .key files we will create, and /docker will contain the configuration files for our containers.*
2. Continue by generating the self-signed certificates. Move to the `/ssl` directory:
```sh
cd /ssl
```
3. Create the following four files: .pem, .key, .crt, and .csr:
```sh
openssl genrsa -des3 -out vaultwarden.key 2048
openssl req -x509 -new -nodes -key vaultwarden.key -sha256 -days 10000 -out vaultwarden.pem
openssl genrsa -out vaultwarden.key 2048
openssl req -new -key vaultwarden.key -out vaultwarden.csr
openssl x509 -req -days 10000 -in vaultwarden.csr -signkey vaultwarden.key -out vaultwarden.crt
```
*Note: The generated certificate is valid for 10,000 days (about 27 years). This variable can be adjusted as needed. If necessary, a new certificate can be reissued on the machine using the CA created above.*
## Creating Docker-Compose.yml and CaddyFile Configuration Files for Deploying Containers
### A. Creating the Caddyfile
1. Access the `/docker` directory and create the files necessary for deploying the Caddy and Vaultwarden containers via Docker. Start with the Caddyfile:
```sh
nano Caddyfile
```
2. Copy the following content into it:
*The first line corresponds to the title of our vaultwarden page, which will be accessible via a web browser.*
```sh
*your domain name* {
tls internal
encode gzip
reverse_proxy /notifications/hub vaultwarden:3012
reverse_proxy vaultwarden:80
}
```
*To save, simply press Ctrl+X and then O.*
3. With the CaddyFile created, proceed to the docker-compose.yml file:
### B. Creating the Docker-Compose.yml File
```sh
nano docker-compose.yml
```
Copy the following content:
```sh
version: '3.7'
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: always
environment:
WEBSOCKET_ENABLED: true
ADMIN_TOKEN: #YourAdminToken
DOMAIN: "YourDomain" # Your domain; vaultwarden needs to know it's https to work properly with attachments
volumes:
- vw-data:/data
caddy:
image: caddy:2
container_name: caddy
restart: always
ports:
# Needed for the ACME HTTP-01 challenge.
- 443:443
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- ./ssl:/ssl
- caddy-config:/config
- caddy-data:/data
- caddy-logs:/logs
environment:
- DOMAIN= # Your domain.
#EMAIL: "YOUR EMAIL" # The email address to use for ACME registration.
#LOG_FILE: "/data/access.log"
volumes:
vw-data:
caddy-config:
caddy-data:
caddy-logs:
```
### C. Enabling the Admin Console
These lines enable the admin console:
```sh
WEBSOCKET_ENABLED: true
ADMIN_TOKEN: YourAdminToken
```
**They can be omitted or modified to hide the admin console token (password).**
4. To hide the token, add these lines:
```sh
WEBSOCKET_ENABLED: true
# Reference the secret
ADMIN_TOKEN_FILE: "/run/secrets/admin_token"
secrets:
admin_token:
file: ./admin_token.txt
```
5. Next, create the `/run/secrets` directory and the `admin_token.txt` file. Enter the following into this file:
```sh
echo "*OurVaultWardenAdminToken*" > admin_token.txt
```
### Starting the Docker Containers
1. To start our containers, run the following command:
```sh
docker compose up -d
```
To verify the containers are running properly, use the command:
```sh
docker ps -a
```
Then, open a browser and enter your Vaultwarden domain here: <http://YourDomain>
To access the admin console, simply go to <http://YourDomain/admin>
Although the connection is established via HTTP, it will be automatically redirected to HTTPS by accepting the risks associated with self-signed certificates.
**Vaultwarden needs to be run in HTTPS for account creation.**
VaultWarden is now operational.
You need to set up DNS autorization for your Vaultwarden with your <http://YourDomain>
2. Useful Docker Commands
```sh
• docker ps -a : #View running containers, creation date, container age, name, and ID.
• docker stop /rm *container id*: #Stop (stop) and remove (rm) a container by adding its ID.
• docker compose up -d : #Launch docker-compose.yml to run the containers.
```