# Vaultwarden with Traefik This repository helps to host your own [Vaultwarden](https://github.com/dani-garcia/vaultwarden) instance on your server or a raspberry-pi. ## Usage Edit your settings in the `.env` file. Start the containers with ```shell docker-compose up -d ``` :warning: You have to install [Traefik](https://github.com/erkenes/docker-traefik) as well. ## Settings In the docker-compose.yml file the admin-token is disabled. If this setting is disabled you are not able to open the admin page (`yourhost.local/admin`). ## Configuration for environment variables ### SIGNUPS_ALLOWED By default, anyone who can access your instance can register for a new account. To disable this, set the `SIGNUPS_ALLOWED` env variable to false. [More information](https://github.com/dani-garcia/vaultwarden/wiki/Disable-registration-of-new-users) ### SIGNUPS_DOMAINS_WHITELIST You can restrict registration to email addresses from certain domains by setting `SIGNUPS_DOMAINS_WHITELIST` accordingly. [More information](https://github.com/dani-garcia/vaultwarden/wiki/Disable-registration-of-new-users#restricting-registrations-to-certain-email-domains) ### SIGNUPS_VERIFY Require email verification to finish the registration. ### INVITATIONS_ALLOWED Even when registration is disabled (`SIGNUPS_ALLOWED`), organization administrators or owners can invite users to join organization. [More information](https://github.com/dani-garcia/vaultwarden/wiki/Disable-invitations) ### ADMIN_TOKEN Activated the admin page. This page allows server administrators to view all the registered users and to delete them. It also shows inviting new users, even when registration is disabled. [More information](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page) ### DISABLE_ADMIN_TOKEN If you have another method to authenticate the admin page then you can set the `DISABLE_ADMIN_TOKEN` variable to true. [More information](https://github.com/dani-garcia/vaultwarden/wiki/Disable-admin-token) ### WEBSOCKET_ENABLED Informs the browser and desktop Bitwarden clients that some event of interest has occurred, such as when an entry in the password database has been modified or deleted. This setting is not applicable to mobile Bitwarden clients (Android/iOS) because these use the native push notification service instead. [More information](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-WebSocket-notifications) ### DOMAIN The domain of your vaultwarden instance (should be the same as `VIRTUAL_HOST`). This is required for U2F and FIDO2 WebAuthn authentication. [More information](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-U2F-%28and-FIDO2-WebAuthn%29-authentication) ### YubiKey OTP Authentication You need a `YUBICO_CLIENT_ID` and `YUBICO_SECRET_KEY` to allow authentication with a Yubikey. If `YUBICO_SERVER` is not set the default YubiCloud servers are used. [More information](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-Yubikey-OTP-authentication) ### SMTP Configuration - `SMTP_HOST`: The host server of the mail server - `SMTP_FROM`: the mail address which should be used for sending mails - `SMTP_PORT`: the port of the smtp server - `SMTP_SECURITY`: the protocol that should be used (default: starttls, options: force_tls, off, starttls) - `SMTP_USERNAME`: the username of the smtp user - `SMTP_PASSWORD`: the password of the smtp user This requires to set the `DOMAIN` variable. [More information](https://github.com/dani-garcia/vaultwarden/wiki/SMTP-Configuration) ### SHOW_PASSWORD_HINT Usually, password hints are sent by email. But as vaultwarden is made with small or personal deployment in mind, hints are also available from the password hint page, so you don't have to configure an email service. [More information](https://github.com/dani-garcia/vaultwarden/wiki/Password-hint-display) ### Logging - `LOG_LEVEL`: options are: "trace", "debug", "info", "warn", "error" or "off". NOTE: Using the log level "warn" or "error" still allows Fail2Ban to work properly. - `USE_SYSLOG` - `EXTENDED_LOGGING` [More information](https://github.com/dani-garcia/vaultwarden/wiki/Logging) ### Syncing users from LDAP [More information](https://github.com/dani-garcia/vaultwarden/wiki/Syncing-users-from-LDAP)