version: "3" services: pass: image: vaultwarden/server container_name: vaultwarden hostname: pass restart: unless-stopped volumes: - /root/vaultwarden/data:/data environment: - WEBSOCKET_ENABLED=true - WEB_VAULT_ENABLED=true - DOMAIN=http://pass.office.kh3group.com - SIGNUPS_ALLOWED=false - SIGNUPS_DOMAINS_WHITELIST=kh3group.com,office.kh3group.com # Comment admin token to disable admin interface - ADMIN_TOKEN=${ADMIN_TOKEN} - SMTP_HOST=smtp.gmail.com - SMTP_FROM=alerts@kh3group.com - SMTP_PORT=587 - SMTP_SSL=true - SMTP_USERNAME=alerts@kh3group.com - SMTP_PASSWORD=anruflwtglalnjto networks: - proxy labels: - "traefik.enable=true" - "traefik.http.routers.vaultwarden.entrypoints=http" - "traefik.http.routers.vaultwarden.rule=Host(`pass.office.kh3group.com`)" - "traefik.http.middlewares.vaultwarden-https-redirect.redirectscheme.scheme=https" - "traefik.http.routers.vaultwarden.middlewares=vaultwarden-https-redirect" - "traefik.http.routers.vaultwarden-secure.entrypoints=https" - "traefik.http.routers.vaultwarden-secure.rule=Host(`pass.office.kh3group.com`)||Host(`pass.kh3group.com`)" - "traefik.http.routers.vaultwarden-secure.tls=true" - "traefik.http.routers.vaultwarden-secure.service=vaultwarden" - "traefik.http.services.vaultwarden.loadbalancer.server.port=80" - "traefik.docker.network=proxy" # Watchtower Update - "com.centurylinklabs.watchtower.enable=true" # Ip filtering #- "traefik.http.routers.bitwarden.middlewares=whitelist@file" logging: driver: "syslog" options: tag: "Bitwarden" networks: proxy: external: true