I’m trying to host a vaultwarden instance through docker and failing miserably. This isn’t my first attempt either but I’ve got much further than before.

I’m using a DuckDNS domain with caddy as reverse proxy, but it appears that the domain is defaulting to port 80 no matter how I set up the config. I can’t specify a port number in DuckDNS as far as I can tell. If the simple solution is to just buy a domain name I will consider it. Otherwise could really use some help in sorting out why it’s not connecting.

I can’t access Vaultwarden on the internal IP as it’s not being served as SSL but both Vaultwarden and Caddy are running with no errors in logs. I’ve left out a bunch of admin env variables for the Vaultwarden service to truncate the code.

docker-compose:

`[___](services:

vaultwarden:

container_name: vaultwarden

image: vaultwarden/server:latest

restart: unless-stopped

ports:

  - 11808:80

  - 11443:443

volumes:

  - ./data/:/data/

environment:

  - ROCKET_PORT=11444

caddy:

image: caddy:2

container_name: caddy2

restart: always

ports:

  - 1808:11808

  - 1443:11443

volumes:

  - ./caddy:/usr/bin/caddy

  - ./Caddyfile:/etc/caddy/Caddyfile:ro

  - ./caddy-config:/config

  - ./caddy-data:/data

environment:

  DOMAIN: "https://example.duckdns.org/"

  EMAIL: "example@domain.com"
        
  DUCKDNS_TOKEN: "token"

  LOG_FILE: "/data/access.log")`

Caddyfile:

’ {$DOMAIN}:1443 {

log {

level INFO

output file {$LOG_FILE} {

  roll_size 10MB

  roll_keep 10

}

}

tls {

dns duckdns {$DUCKDNS_TOKEN}

}

encode gzip

Notifications redirected to the WebSocket server

reverse_proxy /notifications/hub vaultwarden:3012

Proxy everything else to Rocket

reverse_proxy vaultwarden:11444

}`

Any idea where I’m going wrong?

  • lorentz@feddit.itEnglish
    1·
    2 days ago

    You can configure caddy to use 80 and be a reverse proxy for both the services, serving one site or the other depending on the name (you will need a second DNS entry pointing to the same IP). about not exposing 443, I really doubt that caddy can automatically retrieve SSL certificates for you if not running on the default port. Check the documentation, if I’m right either you open an empty website on 443 just for the sake of getting SSL certs to run https, and manually configure the other port to do the same, or you get the certificates manually using the DNS verification (check let’s encrypt documentation) and configure caddy to use them.