vaultwarden/docker-compose.yml aktualisiert

2026-04-01 08:44:42 +00:00
parent 9ca5dbff4f
commit 08e133331a
1 changed files with 8 additions and 35 deletions
--- a/vaultwarden/docker-compose.yml
+++ b/vaultwarden/docker-compose.yml
@@ -1,29 +1,5 @@
-version: "3.9"
-
 services:
-  # 1️⃣ Zertifikat‑Generator
-# 1️⃣ Zertifikat‑Generator
-  certgen:
-    image: alpine:3.20
-    container_name: certgen
-    entrypoint: /bin/sh -c
-    command: |
-      "apk add --no-cache openssl &&
-      mkdir -p /certs/priv /certs/certs &&
-      if [ ! -f /certs/priv/privkey.pem ]; then
-        echo '🔒 Erzeuge Zertifikat...';
-        openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
-          -keyout /certs/priv/privkey.pem \
-          -out /certs/certs/fullchain.pem \
-          -subj '/CN=${DOMAIN:-localhost}' \
-          -addext 'subjectAltName = DNS:${DOMAIN:-localhost}, DNS:localhost';
-      else
-        echo '🔑 Zertifikat vorhanden.';
-      fi"
-    volumes:
-      - "${CERT_DIR:-./certs}:/certs"
-
-  # 2️⃣ PostgreSQL‑Server
+  # 1️⃣ PostgreSQL-Server
  postgres:
    image: postgres:16-alpine
    container_name: vaultwarden-postgres
@@ -40,32 +16,29 @@ services:
      timeout: 5s
      retries: 5

-  # 3️⃣ Vaultwarden‑Service
+  # 2️⃣ Vaultwarden-Service
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: unless-stopped
    depends_on:
-      certgen:
-        condition: service_completed_successfully
      postgres:
        condition: service_healthy
    environment:
      - DOMAIN=https://${DOMAIN:-localhost}
      - WEBSOCKET_ENABLED=true
-      - SIGNUPS_ALLOWED=${SIGNUPS_ALLOWED:-false} # Sicherheit: Standardmäßig false
+      - SIGNUPS_ALLOWED=${SIGNUPS_ALLOWED:-false}
      - ADMIN_TOKEN=${ADMIN_TOKEN}
-      # TLS KONFIGURATION (Wichtig!)
-      - ROCKET_TLS={certs='//etc/ssl/certs/fullchain.pem',key='//etc/ssl/private/privkey.pem'}
+      # TLS KONFIGURATION
+      - ROCKET_TLS={certs="/certs/fullchain.pem",key="/certs/privkey.pem"}
      - DATABASE_URL=postgresql://${POSTGRES_USER:-vaultwarden}:${POSTGRES_PASSWORD:-vaultwarden}@postgres:5432/${POSTGRES_DB:-vaultwarden}
    volumes:
      - "${VW_DATA:-./vw-data}:/data"
-      - "${CERT_DIR:-./certs}/priv/privkey.pem:/etc/ssl/private/privkey.pem:ro"
-      - "${CERT_DIR:-./certs}/certs/fullchain.pem:/etc/ssl/certs/fullchain.pem:ro"
+      # Wir mounten den lokalen certs-Ordner direkt in den Container
+      - "./certs:/certs:ro"
    ports:
-      - "${HOST_HTTP:-443}:80" 
+      - "${HOST_HTTP:-4430}:80"
    healthcheck:
-      # Da TLS aktiv ist, muss der Check gegen HTTPS laufen
      test: ["CMD", "curl", "-f", "-k", "https://localhost:80/health"]
      interval: 30s
      timeout: 10s