Can’t access Vaultwarden
fedilink
18
Can’t access Vaultwarden
fedilink

I’m trying to host a vaultwarden instance through docker and failing miserably. This isn’t my first attempt either but I’ve got much further than before.

I’m using a DuckDNS domain with caddy as reverse proxy, but it appears that the domain is defaulting to port 80 no matter how I set up the config. I can’t specify a port number in DuckDNS as far as I can tell. If the simple solution is to just buy a domain name I will consider it. Otherwise could really use some help in sorting out why it’s not connecting.

I can’t access Vaultwarden on the internal IP as it’s not being served as SSL but both Vaultwarden and Caddy are running with no errors in logs. I’ve left out a bunch of admin env variables for the Vaultwarden service to truncate the code.

docker-compose:

`[___](services:

vaultwarden:

container_name: vaultwarden

image: vaultwarden/server:latest

restart: unless-stopped

ports:

  - 11808:80

  - 11443:443

volumes:

  - ./data/:/data/

environment:

  - ROCKET_PORT=11444

caddy:

image: caddy:2

container_name: caddy2

restart: always

ports:

  - 1808:11808

  - 1443:11443

volumes:

  - ./caddy:/usr/bin/caddy

  - ./Caddyfile:/etc/caddy/Caddyfile:ro

  - ./caddy-config:/config

  - ./caddy-data:/data

environment:

  DOMAIN: "https://example.duckdns.org"

  EMAIL: "example@domain.com"
        
  DUCKDNS_TOKEN: "token"

  LOG_FILE: "/data/access.log")`

Caddyfile:

’ {$DOMAIN}:1443 {

log {

level INFO

output file {$LOG_FILE} {

  roll_size 10MB

  roll_keep 10

}

}

tls {

dns duckdns {$DUCKDNS_TOKEN}

}

encode gzip

Notifications redirected to the WebSocket server

reverse_proxy /notifications/hub vaultwarden:3012

Proxy everything else to Rocket

reverse_proxy vaultwarden:11444

}`

Any idea where I’m going wrong?

@gray@pawb.social
link
fedilink
English
102M

idk what nonsense the other commenter is posting but essentially your network flow should look like this:

internet user -> your IP (found via dynamic DNS) -> firewall/router DNAT port 443 -> proxy (nginx/caddy) listening on 443, backend set to port 80 -> vaultwarden port 80

You’d load your SSL certificate into the reverse proxy, I’m not familiar with caddy but I use nginx for this purpose.

@terraborra@lemmy.nz
creator
link
fedilink
English
02M

Yup wouldn’t work over any other ports. Had to move the other service off of it but it now works.

Create a post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

  1. Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

  • 1 user online
  • 188 users / day
  • 592 users / week
  • 1.56K users / month
  • 4.17K users / 6 months
  • 1 subscriber
  • 4.28K Posts
  • 89.1K Comments
  • Modlog