Skip to content

Instantly share code, notes, and snippets.

@fnord0

fnord0/vaultwarden.conf

Forked from eizedev/vaultwarden.conf
Created November 30, 2021 07:42
Show Gist options
  • Save fnord0/b9311ca5567a848dfd4b85398f328a19 to your computer and use it in GitHub Desktop.
Save fnord0/b9311ca5567a848dfd4b85398f328a19 to your computer and use it in GitHub Desktop.
Download ZIP
vaultwarden (bitwarden) nginx configuration on synology NAS using synology docker (Supporting bitwardens LiveSync with Websocket configuration)
Raw
vaultwarden.conf
server {
listen 4444 ssl http2;
listen [::]:4444 ssl http2;
server_name CHANGE_SERVERNAME;
ssl_certificate /usr/syno/etc/certificate/system/default/ECC-fullchain.pem;
ssl_certificate_key /usr/syno/etc/certificate/system/default/ECC-privkey.pem;
ssl_trusted_certificate /usr/syno/etc/certificate/system/default/ECC-fullchain.pem;
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload" always;
location / {
proxy_connect_timeout 15;
proxy_read_timeout 15;
proxy_send_timeout 15;
proxy_intercept_errors off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:5151;
}
location /notifications/hub {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:5152;
}
location /notifications/hub/negotiate {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:5151;
}
error_page 403 404 500 502 503 504 @error_page;
location @error_page {
root /usr/syno/share/nginx;
rewrite (.*) /error.html break;
allow all;
}
}
Raw
vaultwarden.md

Vaultwarden on synology

This example configuration, especially the docker run command, is intended for use on synology nas devices.

In this example, vaultwarden web will run on port 4444. Vaultwarden docker container will run on port 5151 and websocket (rocket) will run on port 5152. These ports will be mapped inside the container. Also the folder /volume1/docker/vaultwarden will be mapped to /data inside the container.

  • Nginx: Change Servername to your synology server name where vaultwarden should be accessible
  • Nginx: change the ssl_certificate options to your needs
  • Docker: Change Timezone (--env "TZ=Europe/Berlin") to your needs.

Vaultwarden nginx conf

  • Copy vaultwarden.conf to /usr/local/etc/nginx/sites-enabled/vaultwarden.conf
  • Restart nginx service synoservice -restart nginx
    • In case of errors, check logs located in /var/log/nginx/

Vaultwarden docker

docker run

docker run \
  --name "vaultwarden" \
  --privileged \
  --runtime "runc" \
  --volume "/volume1/docker/vaultwarden:/data:rw" \
  --log-driver "db" \
  --restart "always" \
  --publish "0.0.0.0:5152:3012/tcp" \
  --publish "0.0.0.0:5151:80/tcp" \
  --network "bridge" \
  --hostname "vaultwarden" \
  --expose "3012/tcp" \
  --expose "80/tcp" \
  --env "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" \
  --env "LOG_FILE=/data/bitwarden.log" \
  --env "TZ=Europe/Berlin" \
  --env "WEBSOCKET_ENABLED=true" \
  --detach \
  --tty \
  --interactive \
  "vaultwarden/server:latest" \
  "/start.sh"

Additional Info

LiveSync - WebSocket Configuration

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment