I tried to set up the docker-compose.yml following the example here How to Install Vaultwarden with Docker on Ubuntu 22.04 - https://www.howtoforge.com/
The compose is as below …
version: '3'
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: always
environment:
WEBSOCKET_ENABLED: "true" # Enable WebSocket notifications.
DOMAIN: "https://dzung.duckdns.org"
SMTP_HOST: "<smtp.domain.tld>"
SMTP_FROM: "<vaultwarden@domain.tld>"
SMTP_PORT: "587"
SMTP_SECURITY: "starttls"
SMTP_USERNAME: "<username>"
SMTP_PASSWORD: "<password>"
volumes:
- ./vw-data:/data
caddy:
image: caddy:2
container_name: caddy
restart: always
ports:
- 80:80 # Needed for the ACME HTTP-01 challenge.
- 443:443
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- ./caddy-config:/config
- ./caddy-data:/data
environment:
DOMAIN: "https://dzung.duckdns.org" # Your domain.
EMAIL: "zung102@yahoo.com" # The email address to use for ACME registration.
LOG_FILE: "/data/access.log"
.... Caddyfile ...
dzung.duckdns.org:443 {
tls zung102@yahoo.com
reverse_proxy * vaultwarden:80
}
Caddy port ...
"Containers": {
"a7b10429973a53eaf4fde986f47db72c64ccbbbb817c82f8e2bb9e38e0ccc6c9": {
"Name": "caddy",
"EndpointID": "342a037aa2a4c82fa19b9709d4f069aaeb20384595c26c681c833412cd78d86d",
"MacAddress": "02:42:ac:17:00:03",
"IPv4Address": "172.23.0.3/16",
"IPv6Address": ""
},
Forwarding set up ...
Address Port Address Port
--------------- ---------- --------------- ----------
192.168.0.146 80 172.23.0.3 80
192.168.0.146 443 172.23.0.3 443
zung@Dzungabc:~/vaultwarden$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
a7b10429973a caddy:2 "caddy run --config …" 10 minutes ago Up 9 minutes 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 443/udp, 2019/tcp caddy
bd893ee9e444 vaultwarden/server:latest "/start.sh" 10 minutes ago Up 10 minutes (healthy) 80/tcp, 3012/tcp vaultwarden
and the Caddy log …
2023-01-13 12:03:00 {"level":"warn","ts":1673629380.0986068,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
2023-01-13 12:03:00 {"level":"info","ts":1673629380.1009479,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//127.0.0.1:2019","//localhost:2019","//[::1]:2019"]}
2023-01-13 12:03:00 {"level":"info","ts":1673629380.1015737,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
2023-01-13 12:03:00 {"level":"info","ts":1673629380.1016626,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
2023-01-13 12:03:00 {"level":"info","ts":1673629380.1017184,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0001070a0"}
2023-01-13 12:03:00 {"level":"info","ts":1673629380.1043591,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
2023-01-13 12:03:00 {"level":"info","ts":1673629380.1056013,"logger":"tls","msg":"finished cleaning storage units"}
2023-01-13 12:03:00 {"level":"info","ts":1673629380.1071653,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
2023-01-13 12:03:00 {"level":"info","ts":1673629380.112495,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
2023-01-13 12:03:00 {"level":"info","ts":1673629380.120813,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
2023-01-13 12:03:00 {"level":"info","ts":1673629380.1211336,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
2023-01-13 12:03:00 {"level":"info","ts":1673629380.1211956,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["dzung.duckdns.org"]}
2023-01-13 12:03:00 {"level":"info","ts":1673629380.1232693,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
2023-01-13 12:03:00 {"level":"info","ts":1673629380.123347,"msg":"serving initial configuration"}
Caddy appeared not getting certificate?
I did this …
zung@Dzungabc:~/vaultwarden$ curl -v --resolve dzung.duckdns.org:443:127.0.0.1 https://dzung.duckdns.org/
* Added dzung.duckdns.org:443:127.0.0.1 to DNS cache
* Hostname dzung.duckdns.org was found in DNS cache
* Trying 127.0.0.1:443...
* TCP_NODELAY set
* Connected to dzung.duckdns.org (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=dzung.duckdns.org
* start date: Jan 13 00:00:00 2023 GMT
* expire date: Apr 13 23:59:59 2023 GMT
* subjectAltName: host "dzung.duckdns.org" matched cert's "dzung.duckdns.org"
* issuer: C=AT; O=ZeroSSL; CN=ZeroSSL ECC Domain Secure Site CA
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x56466e8f5620)
> GET / HTTP/2
> Host: dzung.duckdns.org
> user-agent: curl/7.68.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
< HTTP/2 200
< alt-svc: h3=":443"; ma=2592000
< cache-control: public, max-age=600
< content-security-policy: default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'self' blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; img-src 'self' data: https://haveibeenpwned.com https://www.gravatar.com ; connect-src 'self' https://api.pwnedpasswords.com https://2fa.directory https://app.simplelogin.io/api/ https://app.anonaddy.com/api/ https://api.fastmail.com/ ;
< content-type: text/html; charset=utf-8
< date: Fri, 13 Jan 2023 17:18:31 GMT
< expires: Fri, 13 Jan 2023 17:28:31 GMT
< permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
< referrer-policy: same-origin
< server: Caddy
< server: Rocket
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< x-xss-protection: 0
< content-length: 1240
<
<!doctype html><html class="theme_light"><head><meta charset="utf-8"/><meta name="viewport" content="width=1010"/><meta name="theme-color" content="#175DDC"/><title page-title>Vaultwarden Web Vault</title><link rel="apple-touch-icon" sizes="180x180" href="images/apple-touch-icon.png"/><link rel="icon" type="image/png" sizes="32x32" href="images/favicon-32x32.png"/><link rel="icon" type="image/png" sizes="16x16" href="images/favicon-16x16.png"/><link rel="mask-icon" href="images/safari-pinned-tab.svg" color="#175DDC"/><link rel="manifest" href="ca8f66ed7fccfcd0809f.json"/><script defer="defer" src="theme_head.5f24ba8d7aa944e6f52b.js"></script><link href="app/main.82096a4e78d5d3f7b01b.css" rel="stylesheet"></head><body class="layout_frontend"><app-root><div class="mt-5 d-flex justify-content-center"><div><img class="mb-4 logo logo-themed" alt="Bitwarden"/><p class="text-center"><i class="bwi bwi-spinner bwi-spin bwi-2x text-muted" title="Loading" aria-hidden="true"></i></p></div></div></app-root><script defer="* Connection #0 to host dzung.duckdns.org left intact
defer" src="app/polyfills.428c25638840333a09ee.js"></script><script defer="defer" src="app/vendor.7c30c6e2b5ba56506ea9.js"></script><script defer="defer" src="app/main.5f8690f5c03a207c390a.js"></script></body></html>
Not sure the meanings of it …
Can you curl/telnet to dzung.duckdns.org and if you see any issue?
Thanks a lot