Initial commit

Author: erkenes

.env

@@ -0,0 +1,8 @@
+NGINX_PORT=80
+VIRTUAL_HOST=vaultwarden.wsl
+
+ROOT_PATH=.
+
+WEBSOCKET_ENABLED=true
+SIGNUPS_ALLOWED=true
+ADMIN_TOKEN=admin123

.gitignore

@@ -0,0 +1,6 @@
+/.idea/*
+/Data/Vaultwarden/*
+/Data/Vaultwarden-Backup/*
+
+!/Data/Vaultwarden/.gitkeep
+!/Data/Vaultwarden-Backup/.gitkeep

Data/Vaultwarden-Backup/.gitkeep

@@ -0,0 +1,6 @@
+FROM nginx:1.21.4-alpine
+
+ADD default.conf.template /default.conf.template
+ADD run_nginx.sh /run_nginx.sh
+
+RUN chmod +x /run_nginx.sh

Data/Vaultwarden/.gitkeep

@@ -0,0 +1,25 @@
+server {
+    listen ${NGINX_PORT};
+    server_name localhost;
+
+    client_body_temp_path /tmp/nginx;
+    client_max_body_size 128M;
+
+    location / {
+        proxy_pass http://vaultwarden;
+	    proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+    }
+
+    location /notifications/hub {
+        proxy_pass http://vaultwarden:3012;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+
+    location /notifications/hub/negotiate {
+        proxy_pass http://vaultwarden:80;
+    }
+}

Docker/nginx/Dockerfile

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+set -e
+set -u
+
+envsubst '${NGINX_PORT}' < /default.conf.template > /etc/nginx/conf.d/default.conf
+
+nginx -g "daemon off;"

Docker/nginx/default.conf.template

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 Enes Erk
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Docker/nginx/run_nginx.sh

@@ -0,0 +1,19 @@
+# vaultwarden-server
+
+This repository helps to host your own [vaultwarden](https://github.com/dani-garcia/vaultwarden) instance on your server or a raspberry-pi.
+
+## Usage
+
+Edit your settings in the `.env` file.
+
+Start the containers with
+
+```shell
+docker-compose up -d --build nginx
+```
+
+:warning: You have to install a custom [nginx-proxy](https://github.com/erkenes/nginx-proxy) as well. 
+
+## Settings
+
+In the docker-compose.yml file the admin-token is disabled. If this setting is disabled you are not able to open the admin page (`yourhost.local/admin`).

LICENSE

@@ -0,0 +1,60 @@
+version: '3.5'
+
+services:
+  vaultwarden:
+    image: vaultwarden/server:latest #swap tag to raspberry to run on a raspberry pi
+    container_name: vaultwarden
+    expose:
+      - "80"
+      - "3012"
+    volumes:
+      - ${ROOT_PATH}/Data/Vaultwarden:/data
+    restart: on-failure
+    environment:
+      WEBSOCKET_ENABLED: ${WEBSOCKET_ENABLED}
+      SIGNUPS_ALLOWED: ${SIGNUPS_ALLOWED}
+#      ADMIN_TOKEN: ${ADMIN_TOKEN}
+    networks:
+      - "vaultwarden"
+ 
+  nginx:
+    build: './Docker/nginx'
+    container_name: nginx
+    links:
+      - "vaultwarden"
+      - "vw_backup"
+    environment:
+      NGINX_PORT: "${NGINX_PORT}"
+      VIRTUAL_HOST: "${VIRTUAL_HOST}"
+    command: /bin/sh -c "/run_nginx.sh"
+    restart: on-failure
+    networks:
+      - "vaultwarden"
+      - "nginx-proxy"
+
+  vw_backup:
+    image: bruceforce/bw_backup:latest #swap tag to rpi3 to run on a raspberry pi
+    container_name: vw_backup
+    restart: on-failure
+    depends_on:
+      - vaultwarden
+    volumes:
+      - ${ROOT_PATH}/Data/Vaultwarden:/data
+      - ${ROOT_PATH}/Data/Vaultwarden-Backup:/backup
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      - DB_FILE=/data/db.sqlite3
+      - BACKUP_FILE=/backup/backup.sqlite3
+      - BACKUP_FILE_PERMISSIONS=700
+      - CRON_TIME=0 1 * * *
+      - TIMESTAMP=false
+      - UID=0
+      - GID=0
+
+networks:
+  nginx-proxy:
+    external: true
+    name: "nginx-proxy"
+  vaultwarden:
+    driver: bridge