Skip to main content

VaultWarden with Nginx Proxy Manager on Linode

Linode and Domain Set Up

You'll need to create a Docker Linode for this project. I used a "Shared CPU" Linode with 2GB of RAM.

I also preemptively went to my domain registrar and changed my DNS (Name Server) settings to the following:

  • NS1.LINODE.COM
  • NS2.LINODE.COM
  • NS3.LINODE.COM
  • NS4.LINODE.COM
  • NS5.LINODE.COM

I did this at the beginning to give the domain time to propagate as it can take 24-48 hours to complete.

You can also create a CNAME record for the a subdomain by clicking the domain  in the domain settings in Linode and then clicking the "Add a CNAME Record" button.

Fill in the "Hostname" with whatever you want your subdomain to be. I put in pw

Fill in the "Alias to" section with the @ symbol.

SSH Stuff

You're going to create a couple of folders for this setup. The folders will be for the 2 containers we're going to deploy: Nginx Proxy Manager and VaultWarden.

To create them run the following commands:

cd /home

mkdir docker

cd docker

mkdir npm

mkdir vw

Now that you've created the required folders you can run this command:

cd npm

And then run this command:

nano docker-compose.yml

Copy the following and paste it into the docker-compose.yml terminal window:

version: '3'

networks:
  npm:

services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped	
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    volumes:
      - /home/docker/nginxproxymanager/data:/data
      - /home/docker/nginxproxymanager/letsencrypt:/etc/letsencrypt
    networks:
      npm:

Press CTRL+O and then Enter to save. Press CTRL+X to exit the editor.

Now we can start the container with this:

docker-compose up -d

Make note of the network that Nginx Proxy Manager makes by running this command:

docker network list

In the video, my setup created the network npm_npm so that's what I'll use next.

Before we create the file for VaultWarden, we need to get to the correct directory.

Run this: cd /home/docker/vw

And then run this command:

nano docker-compose.yml

Copy the following and paste it into the docker-compose.yml terminal window:

version: "2"
services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    networks:
      - npm_npm
    volumes:
      - /home/docker/vaultwarden:/data/
    ports:
      - 8080:80
    restart: unless-stopped

networks:
  npm_npm:
    external: true

Press CTRL+O and then Enter to save. Press CTRL+X to exit the editor.

Now we can start the container with this:

docker-compose up -d

To find the IP address of the VaultWarden container, we'll need to run this command:

docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' vaultwarden

That should return an IP address that looks like 172.18.0.3. Yours may be different. We'll use this when we set up the domain in Nginx Proxy Manager.

Go to your Linode's IP address and add port 81 to it so it will look something like:

http://198.85.54.24:81

You'll be asked to login. The credentials are:

Email:    admin@example.com
Password: changeme

After you sign in, you'll be prompted to change the credentials.

Your next step will be to create an SSL and Proxy Host in Nginx Proxy Manager. 

Click SSL Certificates in the top bar and then click "Add SSL Certificate" on the right side of the next screen. Then click the Let's Encrypt option.

Then click the option to test the domain. If it works, then you can move forward with generating the SSL. If not, you'll either have to make adjustments or wait for the DNS to finish doing its thing.

Once the SSL has completed, you can move over to the Hosts tab on the top of the page and the click Proxy Hosts. Click "Add Proxy Host" on the top right of the page as you did with the SSL page.

Put in your URL in the "Domain Names" line.

Leave the Scheme as http.

The Forward Hostname / IP will be the IP address we found earlier that looked like 172.18.0.3. Yours may be different.

The Forward Port will be 80.

Tick the boxes for Cache Assets, Block Common Exploits, and Websockets Support.

Click the SSL tab.

Select the SSL you generated earlier from the dropdown.

Check all 4 boxes uner the dropdown. 

Click Save.

If things went well, you will be brought back a page and will see that URL you just set up and it should say "Online" on the right side of the page. 

If it says "Online" then you can click the URL on the left side of the page and go to your newly set up VaultWarden container via the domain name.

If it says anything else, you'll need to fix any errors and try again.

Back to top