Deploy Bitwarden with Docker and Traefik - V2

I wrote a post about deploying Bitwarden a few months back. At the time, global configuration has not been introduced to Traefik 2. I’ve also changed the way of deploying services with Traefik since Traefik 2.2. I guess it is time to revisit my previous post and write an updated version to match my current set up.

As always,let me post my docker-compose.yml file first.

Please note, my docker-compose.yml is meant to be used with my Traefik configurations. It might not work with your set ups. You can find my Traefik configuration at this link

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
version: '3.7'

services:
bitwarden:
image: bitwardenrs/server:latest
container_name: bitwarden
restart: always
volumes:
- ./bw-data:/data
environment:
- ADMIN_TOKEN=
- WEBSOCKET_ENABLED=true
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
# Entry Point for https
- "traefik.http.routers.bitwarden-secure.entrypoints=websecure"
- "traefik.http.routers.bitwarden-secure.rule=Host(`bw.yourdomain`)"
- "traefik.http.routers.bitwarden-secure.service=bitwarden-service"
- "traefik.http.services.bitwarden-service.loadbalancer.server.port=80"
# websocket
- "traefik.http.routers.bitwarden-ws.entrypoints=websecure"
- "traefik.http.routers.bitwarden-ws.rule=Host(`bw.yourdomain`) && Path(`/notifications/hub`)"
- "traefik.http.middlewares.bitwarden-ws=bw-stripPrefix@file"
- "traefik.http.routers.bitwarden-ws.service=bitwarden-websocket"
- "traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012"

networks:
proxy:
external: true

As you can see I’ve added a bw-stripPrefix middleware for Websocket. This middle ware will be added in dynamic.yml as below:

1
2
3
4
5
6
7
8
9
10
11
12
# Dynamic configuration
...
stsSeconds: 31536000

bw-stripPrefix:
stripPrefix:
prefixes:
- "/notifications/hub"
forceSlash: false

user-auth:
...

There are a lot of settings you can use on official wiki. In my set up, I’ve set WebSocket, Admin Page, Disable registration and Disable invitations. You can add/remove features to suit your needs. I want to mention Admin Page specially because a lot of setting like SMTP can be set on Admin page. You don’t have to usea config.json file or a lot of environment variables on your docker-compose.yml file.

Admin Page is relatively easy to set up. All you need is a ADMIN_TOKEN environment variable. On the official document, they provided command openssl rand -base64 48 to generate a 48 bit random token with OpenSSL.

I will update this post with a video later. If you have any questions, please feel free to contact me.

Thank you for reading, see you next time.