This is by far the easiest method to run a Vaultwarden instance in private network. All steps could be found in official wiki.
- Docker installed
- Domain name
- Cloudflare free account
Just follow the official guide here to setup your domain and get the API token.
FROM caddy:2.6.4-builder-alpine AS builder
RUN xcaddy build --with github.com/caddy-dns/cloudflare
FROM caddy:2.6.4-alpine
COPY --from=builder /usr/bin/caddy /usr/bin/caddyBuild docker image
docker build -t caddy:2.6.4-alpine-cf .{$DOMAIN}:443 {
log {
output file /data/access.log {
roll_size 10MB
roll_keep 10
}
}
tls {
dns cloudflare {$CLOUDFLARE_API_TOKEN}
}
encode gzip
reverse_proxy /notifications/hub vaultwarden:3012
reverse_proxy vaultwarden:80 {
header_up X-Real-IP {remote_host}
}
}---
services:
vaultwarden:
image: vaultwarden/server:1.28.0-alpine
container_name: vaultwarden
restart: unless-stopped
environment:
- ADMIN_TOKEN=THE_ADMIN_TOKEN # The admin token to use for administration tasks.
- WEBSOCKET_ENABLED=true # Enable WebSocket notifications.
volumes:
- //d/vaultwarden/data:/data
caddy:
image: caddy:2.6.4-alpine-cf
container_name: caddy
restart: unless-stopped
environment:
- DOMAIN=THE_DOMAIN_NAME_TO_USE
- EMAIL=THE_EMAIL_TO_USE
- CLOUDFLARE_API_TOKEN=THE_CLOUDFLARE_API_TOKEN
ports:
- 80:80
- 443:443
volumes:
- //d/docker/vaultwarden/caddy/Caddyfile:/etc/caddy/Caddyfile:ro
- //d/docker/vaultwarden/caddy/config:/config
- //d/docker/vaultwarden/caddy/data:/data
...
Run containers
docker-compose up -dSince the app is running in private network, the Bitwarden app will refuse to connect to private ip address unless Local Network is enabled.
Settings / Bitwarden / Local Network
