VaultWarden with Nginx Proxy Manager on Linode
Linode and Domain Set Up
You'll need to create a Docker Linode for this project. I used a "Shared CPU" Linode with 2GB of RAM.
I also preemptively went to my domain registrar and changed my DNS (Name Server) settings to the following:
- NS1.LINODE.COM
- NS2.LINODE.COM
- NS3.LINODE.COM
- NS4.LINODE.COM
- NS5.LINODE.COM
I did this at the beginning to give the domain time to propagate as it can take 24-48 hours to complete.
You can also create a CNAME record for the a subdomain by clicking the domain in the domain settings in Linode and then clicking the "Add a CNAME Record" button.
Fill in the "Hostname" with whatever you want your subdomain to be. I put in pw
Fill in the "Alias to" section with the @
symbol.
SSH Stuff
You're going to create a couple of folders for this setup. The folders will be for the 2 containers we're going to deploy: Nginx Proxy Manager and VaultWarden.
To create them run the following commands:
cd /home
mkdir docker
cd docker
mkdir npm
mkdir vw
Now that you've created the required folders you can run this command:
cd npm
And then run this command:
nano docker-compose.yml
Copy the following and paste it into the docker-compose.yml terminal window:
version: '3'
networks:
npm:
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
- '80:80'
- '81:81'
- '443:443'
volumes:
- /home/docker/nginxproxymanager/data:/data
- /home/docker/nginxproxymanager/letsencrypt:/etc/letsencrypt
networks:
npm:
Press CTRL+O and then Enter to save. Press CTRL+X to exit the editor.
Now we can start the container with this:
docker-compose up -d
Make note of the network that Nginx Proxy Manager makes by running this command:
docker network list
In the video, my setup created the network npm_npm
so that's what I'll use next.
Before we create the file for VaultWarden, we need to get to the correct directory.
Run this: cd /home/docker/vw
And then run this command:
nano docker-compose.yml
Copy the following and paste it into the docker-compose.yml terminal window:
version: "2"
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
networks:
- npm_npm
volumes:
- /home/docker/vaultwarden:/data/
ports:
- 8080:80
restart: unless-stopped
networks:
npm_npm:
external: true
Press CTRL+O and then Enter to save. Press CTRL+X to exit the editor.
Now we can start the container with this:
docker-compose up -d
To find the IP address of the VaultWarden container, we'll need to run this command:
docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' vaultwarden
That should return an IP address that looks like 172.18.0.3. Yours may be different. We'll use this when we set up the domain in Nginx Proxy Manager.
Go to your Linode's IP address and add port 81 to it so it will look something like:
You'll be asked to login. The credentials are:
Email: admin@example.com
Password: changeme
After you sign in, you'll be prompted to change the credentials.
Your next step will be to create an SSL and Proxy Host in Nginx Proxy Manager.
Click SSL Certificates in the top bar and then click "Add SSL Certificate" on the right side of the next screen. Then click the Let's Encrypt option.
Then click the option to test the domain. If it works, then you can move forward with generating the SSL. If not, you'll either have to make adjustments or wait for the DNS to finish doing its thing.
Once the SSL has completed, you can move over to the Hosts tab on the top of the page and the click Proxy Hosts. Click "Add Proxy Host" on the top right of the page as you did with the SSL page.
Put in your URL in the "Domain Names" line.
Leave the Scheme as http.
The Forward Hostname / IP will be the IP address we found earlier that looked like 172.18.0.3. Yours may be different.
The Forward Port will be 80.
Tick the boxes for Cache Assets, Block Common Exploits, and Websockets Support.
Click the SSL tab.
Select the SSL you generated earlier from the dropdown.
Check all 4 boxes uner the dropdown.
Click Save.
If things went well, you will be brought back a page and will see that URL you just set up and it should say "Online" on the right side of the page.
If it says "Online" then you can click the URL on the left side of the page and go to your newly set up VaultWarden container via the domain name.
If it says anything else, you'll need to fix any errors and try again.