version: "3.5"
services:
bitwardenrs:
image: bitwardenrs/server
container_name: bitwardenrs
security_opt:
- no-new-privileges:true
ports:
- "127.0.0.1:8000:80"
- "127.0.0.1:3012:3012"
environment:
- WEBSOCKET_ENABLED=true
- WEB_VAULT_ENABLED=true
- DOMAIN=https://你的域名
#- LOG_FILE=data/bitwarden.log
#- LOG_LEVEL=error
- EXTENDED_LOGGING=true
- ADMIN_TOKEN= 你的TOKEN
volumes:
- ./data:/data
restart: unless-stopped
networks:
- mybridge
labels:
- traefik.enable=true
- traefik.docker.network=mybridge
# bitwarden-ui
- traefik.http.middlewares.redirect-https.redirectScheme.scheme=https
- traefik.http.middlewares.redirect-https.redirectScheme.permanent=true
- traefik.http.routers.bitwarden-ui-https.rule=Host(`你的域名`)
- traefik.http.routers.bitwarden-ui-https.entrypoints=websecure
- traefik.http.routers.bitwarden-ui-https.tls=true
#- traefik.http.routers.bitwarden-ui-https.tls.certresolver=cloudflare
- traefik.http.routers.bitwarden-ui-https.service=bitwarden-ui
- traefik.http.routers.bitwarden-ui-http.rule=Host(`你的域名`)
- traefik.http.routers.bitwarden-ui-http.entrypoints=web
- traefik.http.routers.bitwarden-ui-http.middlewares=redirect-https
- traefik.http.routers.bitwarden-ui-http.service=bitwarden-ui
- traefik.http.services.bitwarden-ui.loadbalancer.server.port=80
# bitwarden-websocket
- traefik.http.routers.bitwarden-websocket-https.rule=Host(`你的域名`) && Path(`/notifications/hub`)
- traefik.http.routers.bitwarden-websocket-https.entrypoints=websecure
- traefik.http.routers.bitwarden-websocket-https.tls=true
- traefik.http.routers.bitwarden-websocket-https.service=bitwarden-websocket
#- traefik.http.routers.bitwarden-websocket-https.tls.certresolver=cloudflare
- traefik.http.routers.bitwarden-websocket-http.rule=Host(`你的域名`) && Path(`/notifications/hub`)
- "traefik.http.middlewares.bitwarden-websocket-strip.stripprefix.prefixes=/notifications/hub"
- traefik.http.routers.bitwarden-websocket-http.entrypoints=web
- traefik.http.routers.bitwarden-websocket-http.middlewares=redirect-https
- traefik.http.routers.bitwarden-websocket-http.service=bitwarden-websocket
- traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012
networks:
mybridge:
external: true
TOKEN生成方法
openssl rand -base64 48
注意traefik和bitwarden要在一个网络