Vaultwarden on docker with caddy to reverse proxy

lctl83 · February 14, 2022, 4:23pm

1. Caddy version (`caddy version`):

Caddy Version 2.4.6 (docker version)

2. How I run Caddy:

Caddy is installed on Docker (docker-compose)

docker-compose version 1.25.3, build d4d1b42b

a. System environment:

Caddy is installed on an VM running Docker.
VaultWarden is installed as a separate container in Docker too.

b. Command:

Paste command here.

c. Service/unit/compose file:

version: '3'

services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: always
    environment:
      - WEBSOCKET_ENABLED=true  # Enable WebSocket notifications.
    volumes:
      - vw-data:/data

  caddy:
    image: caddy:2
    container_name: caddy
    restart: always
    ports:
      - 443:443
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - ./ssl:/etc/ssl
      - caddy-config:/config
      - caddy-data:/data
      - caddy-logs:/logs
    environment:
      - DOMAIN=https://vault.test.local

volumes:
  vw-data:
  caddy-config:
  caddy-data:
  caddy-logs:

d. My complete Caddyfile or JSON config:

{vault.test.local}:443 {

  tls /etc/ssl/vault.cer /etc/ssl/vault.key}

  encode gzip

  reverse_proxy /notifications/hub vaultwarden:3012

  reverse_proxy vaultwarden:80
}

3. The problem I’m having:

I can’t launch the Caddy container I have this error and I don’t understand why.

4. Error messages and/or full log output:

{"level":"info","ts":1644855254.3671026,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
caddy | run: Adapt configuration using caddyfile: subject is not eligible for certificate: '{vault.test.local}'
Cart exited with code 1

5. What I already tried:

6. Links to relevant resources:

francislavoie · February 14, 2022, 8:46pm

Remove the braces from the domain name. That’s not valid syntax.

Also remove the extra brace at the end of this line.

Try this:

vault.test.local {
	tls /etc/ssl/vault.cer /etc/ssl/vault.key

	encode gzip
	reverse_proxy /notifications/hub vaultwarden:3012
	reverse_proxy vaultwarden:80
}

lctl83 · February 22, 2022, 10:38am

Ok thanks for your help.

system · March 16, 2022, 4:24pm

This topic was automatically closed after 30 days. New replies are no longer allowed.