thomas/container
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

vaultwarden/docker-compose.yml aktualisiert

Browse Source
This commit is contained in:
Thomas M
2026-04-01 08:44:42 +00:00
parent 9ca5dbff4f
commit 08e133331a
1 changed files with 8 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
vaultwarden/docker-compose.yml
View File

@@ -1,29 +1,5 @@
version: "3.9"
services: services:
# 1ZertifikatGenerator # 1PostgreSQL-Server
# 1⃣ ZertifikatGenerator
certgen:
image: alpine:3.20
container_name: certgen
entrypoint: /bin/sh -c
command: |
"apk add --no-cache openssl &&
mkdir -p /certs/priv /certs/certs &&
if [ ! -f /certs/priv/privkey.pem ]; then
echo '🔒 Erzeuge Zertifikat...';
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
-keyout /certs/priv/privkey.pem \
-out /certs/certs/fullchain.pem \
-subj '/CN=${DOMAIN:-localhost}' \
-addext 'subjectAltName = DNS:${DOMAIN:-localhost}, DNS:localhost';
else
echo '🔑 Zertifikat vorhanden.';
fi"
volumes:
- "${CERT_DIR:-./certs}:/certs"
# 2⃣ PostgreSQLServer
postgres: postgres:
image: postgres:16-alpine image: postgres:16-alpine
container_name: vaultwarden-postgres container_name: vaultwarden-postgres
@@ -40,32 +16,29 @@ services:
timeout: 5s timeout: 5s
retries: 5 retries: 5
# 3️⃣ VaultwardenService # 2️⃣ Vaultwarden-Service
vaultwarden: vaultwarden:
image: vaultwarden/server:latest image: vaultwarden/server:latest
container_name: vaultwarden container_name: vaultwarden
restart: unless-stopped restart: unless-stopped
depends_on: depends_on:
certgen:
condition: service_completed_successfully
postgres: postgres:
condition: service_healthy condition: service_healthy
environment: environment:
- DOMAIN=https://${DOMAIN:-localhost} - DOMAIN=https://${DOMAIN:-localhost}
- WEBSOCKET_ENABLED=true - WEBSOCKET_ENABLED=true
- SIGNUPS_ALLOWED=${SIGNUPS_ALLOWED:-false} # Sicherheit: Standardmäßig false - SIGNUPS_ALLOWED=${SIGNUPS_ALLOWED:-false}
- ADMIN_TOKEN=${ADMIN_TOKEN} - ADMIN_TOKEN=${ADMIN_TOKEN}
# TLS KONFIGURATION (Wichtig!) # TLS KONFIGURATION
- ROCKET_TLS={certs='//etc/ssl/certs/fullchain.pem',key='//etc/ssl/private/privkey.pem'} - ROCKET_TLS={certs="/certs/fullchain.pem",key="/certs/privkey.pem"}
- DATABASE_URL=postgresql://${POSTGRES_USER:-vaultwarden}:${POSTGRES_PASSWORD:-vaultwarden}@postgres:5432/${POSTGRES_DB:-vaultwarden} - DATABASE_URL=postgresql://${POSTGRES_USER:-vaultwarden}:${POSTGRES_PASSWORD:-vaultwarden}@postgres:5432/${POSTGRES_DB:-vaultwarden}
volumes: volumes:
- "${VW_DATA:-./vw-data}:/data" - "${VW_DATA:-./vw-data}:/data"
- "${CERT_DIR:-./certs}/priv/privkey.pem:/etc/ssl/private/privkey.pem:ro" # Wir mounten den lokalen certs-Ordner direkt in den Container
- "${CERT_DIR:-./certs}/certs/fullchain.pem:/etc/ssl/certs/fullchain.pem:ro" - "./certs:/certs:ro"
ports: ports:
- "${HOST_HTTP:-443}:80" - "${HOST_HTTP:-4430}:80"
healthcheck: healthcheck:
# Da TLS aktiv ist, muss der Check gegen HTTPS laufen
test: ["CMD", "curl", "-f", "-k", "https://localhost:80/health"] test: ["CMD", "curl", "-f", "-k", "https://localhost:80/health"]
interval: 30s interval: 30s
timeout: 10s timeout: 10s