I’m trying to host a vaultwarden instance through docker and failing miserably. This isn’t my first attempt either but I’ve got much further than before.

I’m using a DuckDNS domain with caddy as reverse proxy, but it appears that the domain is defaulting to port 80 no matter how I set up the config. I can’t specify a port number in DuckDNS as far as I can tell. If the simple solution is to just buy a domain name I will consider it. Otherwise could really use some help in sorting out why it’s not connecting.

I can’t access Vaultwarden on the internal IP as it’s not being served as SSL but both Vaultwarden and Caddy are running with no errors in logs. I’ve left out a bunch of admin env variables for the Vaultwarden service to truncate the code.

docker-compose:

`[___](services:

vaultwarden:

container_name: vaultwarden

image: vaultwarden/server:latest

restart: unless-stopped

ports:

  - 11808:80

  - 11443:443

volumes:

  - ./data/:/data/

environment:

  - ROCKET_PORT=11444

caddy:

image: caddy:2

container_name: caddy2

restart: always

ports:

  - 1808:11808

  - 1443:11443

volumes:

  - ./caddy:/usr/bin/caddy

  - ./Caddyfile:/etc/caddy/Caddyfile:ro

  - ./caddy-config:/config

  - ./caddy-data:/data

environment:

  DOMAIN: "https://example.duckdns.org/"

  EMAIL: "example@domain.com"
        
  DUCKDNS_TOKEN: "token"

  LOG_FILE: "/data/access.log")`

Caddyfile:

’ {$DOMAIN}:1443 {

log {

level INFO

output file {$LOG_FILE} {

  roll_size 10MB

  roll_keep 10

}

}

tls {

dns duckdns {$DUCKDNS_TOKEN}

}

encode gzip

Notifications redirected to the WebSocket server

reverse_proxy /notifications/hub vaultwarden:3012

Proxy everything else to Rocket

reverse_proxy vaultwarden:11444

}`

Any idea where I’m going wrong?

  • terraborra@lemmy.nzOPEnglish
    3·
    2 days ago

    I should have said in the main text, I have something else on port 80 and I though best practice was not to expose 80 or 443?

    • lorentz@feddit.itEnglish
      1·
      1 day ago

      You can configure caddy to use 80 and be a reverse proxy for both the services, serving one site or the other depending on the name (you will need a second DNS entry pointing to the same IP). about not exposing 443, I really doubt that caddy can automatically retrieve SSL certificates for you if not running on the default port. Check the documentation, if I’m right either you open an empty website on 443 just for the sake of getting SSL certs to run https, and manually configure the other port to do the same, or you get the certificates manually using the DNS verification (check let’s encrypt documentation) and configure caddy to use them.

    • just_another_person@lemmy.worldEnglish
      35·
      2 days ago

      If you don’t want to expose port 80 or 443, then just change the ports they are running on. Right now you’re mapping 80/443 in docker, so just change those numbers to something else if you don’t want to use them. The number on the right is the internal service port, and the left of the colon is the port you’re opening to proxy to the port on the left. Adding Caddy does exactly the same thing and serves no purpose except another layer of obfuscation you don’t need.