Hello Friends,

I have a small ubuntu Server and I finally also want to transfer my Vaultwarden Instance to it. On this Server I have several services running (homeassistant, …) and Certbot via Dehydrated (right now I get a certificate for my duckdns address). In some directory I have the privkey and fullchain files.

Now my Problem is that when I start vaultwarden it wont load as https.

I believe, my Problem is telling Vaultwarden, where my certificate files are located so it can use them accordingly.

This is my Compose File right now:

  vaultwarden:
    container_name: vaultwarden
    image: vaultwarden/server:latest
    restart: unless-stopped
    volumes:
      - /home/vaultwarden:/data/
      - /home/(directory to my certificates):/usr/share/ca-certificates/
    ports:
      - 8129:80
    environment:
      - DOMAIN=https://hurrdurr.duckdns.org
      - LOGIN_RATELIMIT_MAX_BURST=10
      - LOGIN_RATELIMIT_SECONDS=60
      - ADMIN_RATELIMIT_MAX_BURST=10
      - ADMIN_RATELIMIT_SECONDS=60
      - ADMIN_TOKEN=token
      - SENDS_ALLOWED=true
      - EMERGENCY_ACCESS_ALLOWED=true
      - WEB_VAULT_ENABLED=true
      - SIGNUPS_ALLOWED=true

The Volume Mapping to the certificates was just me trying it out so maybe its working if I map it like that.

If I open the 8129 in my Browser it will just time out. I also managed it to start but it wouldnt let me register as theres not https certificate.

  • lemmyvore@feddit.nl
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    No need to get a certificate for ever subdomain, you can get a wildcard cert for *.your. domain.

    • Dandroid@dandroid.app
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      True. I did that for one of my domains, but it was really quite annoying to do with certbot, as you needed some sort of plugin.

      • Kangie@lemmy.srcfiles.zip
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        It’s fine with Let’sEncrypt via the DNS01 challenge; my lab typically only uses one wildcard certificate for all the services there unless I have a specific need to generate an indovidual cert for a service.