mirror of
https://github.com/dani-garcia/vaultwarden
synced 2024-09-30 06:29:00 +02:00
Created Enabling HTTPS (markdown)
parent
91ce668766
commit
9be5f97839
1 changed files with 38 additions and 0 deletions
38
Enabling-HTTPS.md
Normal file
38
Enabling-HTTPS.md
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
To enable HTTPS, you need to configure the `ROCKET_TLS`.
|
||||||
|
|
||||||
|
The values to the option must follow the format:
|
||||||
|
```
|
||||||
|
ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"}
|
||||||
|
```
|
||||||
|
Where:
|
||||||
|
- certs: a path to a certificate chain in PEM format
|
||||||
|
- key: a path to a private key file in PEM format for the certificate in certs
|
||||||
|
|
||||||
|
```sh
|
||||||
|
docker run -d --name bitwarden \
|
||||||
|
-e ROCKET_TLS='{certs="/ssl/certs.pem",key="/ssl/key.pem"}' \
|
||||||
|
-v /ssl/keys/:/ssl/ \
|
||||||
|
-v /bw-data/:/data/ \
|
||||||
|
-p 443:80 \
|
||||||
|
mprasil/bitwarden:latest
|
||||||
|
```
|
||||||
|
Note that you need to mount ssl files and you need to forward appropriate port.
|
||||||
|
|
||||||
|
Due to what is likely a certificate validation bug in Android, you need to make sure that your certificate includes the full chain of trust. In the case of certbot, this means using `fullchain.pem` instead of `cert.pem`.
|
||||||
|
|
||||||
|
Softwares used for getting certs are often using symlinks. If that is the case, both locations need to be accessible to the docker container.
|
||||||
|
|
||||||
|
Example: [certbot](https://certbot.eff.org/) will create a folder that contains the needed `fullchain.pem` and `privkey.pem` files in `/etc/letsencrypt/live/mydomain/`
|
||||||
|
|
||||||
|
These files are symlinked to `../../archive/mydomain/privkey.pem`
|
||||||
|
|
||||||
|
So to use from bitwarden container:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
docker run -d --name bitwarden \
|
||||||
|
-e ROCKET_TLS='{certs="/ssl/live/mydomain/fullchain.pem",key="/ssl/live/mydomain/privkey.pem"}' \
|
||||||
|
-v /etc/letsencrypt/:/ssl/ \
|
||||||
|
-v /bw-data/:/data/ \
|
||||||
|
-p 443:80 \
|
||||||
|
mprasil/bitwarden:latest
|
||||||
|
```
|
Loading…
Reference in a new issue