Easy setup for Vaultwarden: an unofficial reinterpretation of Bitwarden in Rust
This project assumes that you have the following:
- Docker installed: Follow this tutorial if you do not have this requirement fulfilled
- caddy binary in your working directory: To work with this repository, you must install caddy here. Include your platform and the DuckDNS plugin in your binary
- firewall rules that allow ingress traffic to ports 80/443
- you should also have a duckdns account with your account's admin token
Make sure to follow the instructions in the docker-compose file to edit the appropriate labels. For a quick instance using docker compose, run the following command:
docker compose up -d
I recommend you use a container orchestration technology if you plan on using this project as a template for production. Docker swarm is able to use docker-compose files using the following command:
docker network create -d overlay test-network && docker stack deploy --compose-file docker-compose.yml test-network
This deployment is not recommended for public use. Note the following issues with using this repository in production
- Caddy container is running as root
- Vaultwarden container is running as root
- Several offline backups should be taken and stored securely
- 24/7 Availability should be ensured when self-hosting your own password manager
- translate this project such that it can be used with podman. This would allow the containers to be run under a user's namespace (as opposed to root) which is more secure
- incorporate dockerfiles to allow the containers to be run as a user (inside the container)
- create distroless images to reduce the attack surface of the containers