From 08e133331a19598e421207bacd2bda0801c264bc Mon Sep 17 00:00:00 2001
From: Thomas M <thomas@famm.name>
Date: Wed, 1 Apr 2026 08:44:42 +0000
Subject: [PATCH] vaultwarden/docker-compose.yml aktualisiert

---
 vaultwarden/docker-compose.yml | 43 +++++++---------------------------
 1 file changed, 8 insertions(+), 35 deletions(-)

diff --git a/vaultwarden/docker-compose.yml b/vaultwarden/docker-compose.yml
index 98df867..91edb32 100644
--- a/vaultwarden/docker-compose.yml
+++ b/vaultwarden/docker-compose.yml
@@ -1,29 +1,5 @@
-version: "3.9"
-
 services:
-  # 1️⃣ Zertifikat‑Generator
-# 1️⃣ Zertifikat‑Generator
-  certgen:
-    image: alpine:3.20
-    container_name: certgen
-    entrypoint: /bin/sh -c
-    command: |
-      "apk add --no-cache openssl &&
-      mkdir -p /certs/priv /certs/certs &&
-      if [ ! -f /certs/priv/privkey.pem ]; then
-        echo '🔒 Erzeuge Zertifikat...';
-        openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
-          -keyout /certs/priv/privkey.pem \
-          -out /certs/certs/fullchain.pem \
-          -subj '/CN=${DOMAIN:-localhost}' \
-          -addext 'subjectAltName = DNS:${DOMAIN:-localhost}, DNS:localhost';
-      else
-        echo '🔑 Zertifikat vorhanden.';
-      fi"
-    volumes:
-      - "${CERT_DIR:-./certs}:/certs"
-
-  # 2️⃣ PostgreSQL‑Server
+  # 1️⃣ PostgreSQL-Server
   postgres:
     image: postgres:16-alpine
     container_name: vaultwarden-postgres
@@ -40,32 +16,29 @@ services:
       timeout: 5s
       retries: 5
 
-  # 3️⃣ Vaultwarden‑Service
+  # 2️⃣ Vaultwarden-Service
   vaultwarden:
     image: vaultwarden/server:latest
     container_name: vaultwarden
     restart: unless-stopped
     depends_on:
-      certgen:
-        condition: service_completed_successfully
       postgres:
         condition: service_healthy
     environment:
       - DOMAIN=https://${DOMAIN:-localhost}
       - WEBSOCKET_ENABLED=true
-      - SIGNUPS_ALLOWED=${SIGNUPS_ALLOWED:-false} # Sicherheit: Standardmäßig false
+      - SIGNUPS_ALLOWED=${SIGNUPS_ALLOWED:-false}
       - ADMIN_TOKEN=${ADMIN_TOKEN}
-      # TLS KONFIGURATION (Wichtig!)
-      - ROCKET_TLS={certs='//etc/ssl/certs/fullchain.pem',key='//etc/ssl/private/privkey.pem'}
+      # TLS KONFIGURATION
+      - ROCKET_TLS={certs="/certs/fullchain.pem",key="/certs/privkey.pem"}
       - DATABASE_URL=postgresql://${POSTGRES_USER:-vaultwarden}:${POSTGRES_PASSWORD:-vaultwarden}@postgres:5432/${POSTGRES_DB:-vaultwarden}
     volumes:
       - "${VW_DATA:-./vw-data}:/data"
-      - "${CERT_DIR:-./certs}/priv/privkey.pem:/etc/ssl/private/privkey.pem:ro"
-      - "${CERT_DIR:-./certs}/certs/fullchain.pem:/etc/ssl/certs/fullchain.pem:ro"
+      # Wir mounten den lokalen certs-Ordner direkt in den Container
+      - "./certs:/certs:ro"
     ports:
-      - "${HOST_HTTP:-443}:80" 
+      - "${HOST_HTTP:-4430}:80"
     healthcheck:
-      # Da TLS aktiv ist, muss der Check gegen HTTPS laufen
       test: ["CMD", "curl", "-f", "-k", "https://localhost:80/health"]
       interval: 30s
       timeout: 10s