DAM/ts-vaultwarden
1
0
Fork 0
generated from DAM/ts-TEMPLATE
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ts-vaultwarden/README.md
Michael.McGuire e5a8c094b0 Update README.md 
added prereq - https cert enabled on ts admin page
2025-04-15 20:49:18 -05:00

113 lines
4.3 KiB
Markdown
Raw Permalink Blame History

# VaultWarden with Tailscale Integration
![VaultWarden with Tailscale](https://www.vaultwarden.net/assets/images/logo-dark.png "VaultWarden")
This project sets up a VaultWarden instance with Tailscale VPN integration using Docker Compose. It creates a secure, private network connection for your VaultWarden instance using Tailscale.
## Prerequisites
- Docker and Docker Compose installed on your system
- A Tailscale account and auth key (get one from https://login.tailscale.com/admin/authkeys)
- HTTPS Certificates enabled in the DNS tab of Tailscale admin page
- Basic understanding of Docker and networking concepts
## Project Structure
```
ts-vaultwarden/
├── docker-compose.yml
├── tailscale/
│ ├── tailscale-data/ # Persistent Tailscale state
│ └── config/ # Tailscale configuration files
└── vaultwarden/
└── data/ # VaultWarden data
```
## Setup Instructions
1. **Clone the Repository**
```bash
git clone https://gitea.damconsulting.llc/DAM/ts-vaultwarden
cd ts-vaultwarden
```
2. Create Required Directories
```bash
mkdir -p tailscale/tailscale-data vaultwarden/data
```
3. Configure Tailscale
- Replace `{{YOUR_TAILSCALE_AUTHKEY}}` in the docker-compose.yml with your actual Tailscale auth key
- Optionally, update the file in `tailscale/config/serve.json` if you need specific Tailscale serve configurations
- CAUTION: Changing `"${TS_CERT_DOMAIN}:443": false` to `true` will expose the service to the internet
4. Configure VaultWarden
- Replace `{{YOUR_DOMAIN}}` in the `docker-compose.yml`
- Configuring the Admin page (WebUI)
- For a basic configuration update the following `ADMIN_TOKEN: "an-incredibly-complex-password-is-required"` in the `docker-compose.yml` and change the password. This password permits access to your admin page
- For enterprise grade security follow these [directions](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token).
- **OPTIONAL** Vaultwarden's configuration is primarily managed through environment variables or a [.env file](https://github.com/dani-garcia/vaultwarden/blob/main/.env.template) for configuration options
- [Helpful Tutorial](https://www.techaddressed.com/tutorials/vaultwarden-docker-compose/#cost-features)
5. Start the Services
```bash
docker compose up -d
```
6. Wait for Certificate to propagate [~2m]
7. Login
- After starting the services your service should be available via tailnet at https://vaultwarden.{{YOUR_TAILNET_DOMAIN}}.ts.net ie https://vaultwarden.tail12345.ts.net/
## Services
### vaultwarden-ts (Tailscale)
- Runs Tailscale VPN client
- Image: tailscale/tailscale:latest
- Container name: vaultwarden-ts
- Hostname: vaultwarden
- Requires NET_ADMIN and SYS_MODULE capabilities
- Persists state in ./tailscale/tailscale-data
- Uses configuration from ./tailscale/config
### vaultwarden
- Depends on vaultwarden-ts service
## Usage
- After starting the services your service should be available via tailnet at `https://vaultwarden.{{YOUR_TAILNET_DOMAIN}}.ts.net` ie `https://vaultwarden.tail12345.ts.net/`
- To manually get the Tailscale IP/hostname of your container:
```bash
docker logs vaultwarden-ts
```
Look for the Tailscale IP address in the logs.
## Optional Features
- Add the port mapping if you need direct access (without Tailscale):
```yaml
ports:
- 80:80
```
- Stopping the Services
```bash
docker compose down
```
## Troubleshooting
- Check container logs:
```bash
docker logs vaultwarden-ts
docker logs vaultwarden
```
- Ensure your Tailscale auth key is valid and not expired
- Verify the configuration files have proper permissions
- Make sure required directories exist before starting
## Notes
- The VaultWarden service uses the Tailscale service's network stack via `network_mode: service:vaultwarden-ts`
- Direct port mapping is disabled by default as Tailscale handles the networking
- Services restart automatically unless explicitly stopped
- For more information:
- Tailscale documentation: https://tailscale.com/kb/
- VaultWarden documentation: https://github.com/dani-garcia/vaultwarden/wiki
- VaultWarden repository: https://github.com/dani-garcia/vaultwarden
Reference in New Issue View Git Blame Copy Permalink