2025-08-08 15:08:10 -04:00
|
|
|
version: "3.8"
|
|
|
|
|
services:
|
|
|
|
|
bitwarden:
|
|
|
|
|
image: vaultwarden/server
|
|
|
|
|
container_name: bitwarden
|
|
|
|
|
command:
|
|
|
|
|
- /start.sh
|
|
|
|
|
environment:
|
|
|
|
|
- TZ=America/Montreal
|
|
|
|
|
- WEBSOCKET_ENABLED=true
|
|
|
|
|
- SIGNUPS_ALLOWED=false
|
2026-05-20 14:20:44 -04:00
|
|
|
# Vaultwarden env var DOMAIN — the ${DOMAIN} on the RHS is expanded
|
|
|
|
|
# by docker compose before the env var is set, so this resolves to
|
|
|
|
|
# DOMAIN=https://pass.lazyworkhorse.net in production.
|
|
|
|
|
- DOMAIN=https://pass.${DOMAIN}
|
2025-08-08 15:08:10 -04:00
|
|
|
volumes:
|
|
|
|
|
- /mnt/HoardingCow_docker_data/BitWarden/data:/data:rw
|
|
|
|
|
networks:
|
2026-04-27 05:47:46 -04:00
|
|
|
- passman_net
|
|
|
|
|
restart: always
|
2025-08-08 15:08:10 -04:00
|
|
|
labels:
|
|
|
|
|
- "traefik.enable=true"
|
|
|
|
|
|
2026-02-22 18:35:22 -05:00
|
|
|
# HTTP → HTTPS
|
2026-05-20 14:20:44 -04:00
|
|
|
- "traefik.http.routers.pass-http.rule=Host(`pass.${DOMAIN}`)"
|
2026-02-22 18:35:22 -05:00
|
|
|
- "traefik.http.routers.pass-http.entrypoints=web"
|
|
|
|
|
- "traefik.http.routers.pass-http.middlewares=redirect-to-https"
|
2025-08-08 15:08:10 -04:00
|
|
|
|
2026-02-22 18:35:22 -05:00
|
|
|
# HTTPS
|
2026-05-20 14:20:44 -04:00
|
|
|
- "traefik.http.routers.pass-https.rule=Host(`pass.${DOMAIN}`)"
|
2026-02-22 18:35:22 -05:00
|
|
|
- "traefik.http.routers.pass-https.entrypoints=websecure"
|
|
|
|
|
- "traefik.http.routers.pass-https.tls=true"
|
|
|
|
|
- "traefik.http.routers.pass-https.tls.certresolver=njalla"
|
2025-08-08 15:08:10 -04:00
|
|
|
|
2026-02-22 18:35:22 -05:00
|
|
|
# Internal service
|
|
|
|
|
- "traefik.http.services.pass.loadbalancer.server.port=80"
|
2025-08-08 15:08:10 -04:00
|
|
|
networks:
|
2026-04-27 05:47:46 -04:00
|
|
|
passman_net:
|
2025-08-08 15:08:10 -04:00
|
|
|
external: true
|
