# Vaultwarden **🔴 Security Service** ## 📋 Service Overview | Property | Value | |----------|-------| | **Service Name** | vaultwarden | | **Host** | Atlantis | | **Category** | Security | | **Difficulty** | 🔴 | | **Docker Image** | `vaultwarden/server:latest` | | **Compose File** | `Atlantis/vaultwarden.yaml` | | **Directory** | `Atlantis` | ## 🎯 Purpose Vaultwarden is an alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients. ## 🚀 Quick Start ### Prerequisites - Docker and Docker Compose installed - Basic understanding of REDACTED_APP_PASSWORD - Access to the host system (Atlantis) ### Deployment ```bash # Navigate to service directory cd Atlantis # Start the service docker-compose up -d # Check service status docker-compose ps # View logs docker-compose logs -f vaultwarden ``` ## 🔧 Configuration ### Docker Compose Configuration ```yaml container_name: Vaultwarden cpu_shares: 1024 depends_on: db: condition: service_started environment: ADMIN_TOKEN: "REDACTED_TOKEN" DATABASE_URL: postgresql://vaultwardenuser:REDACTED_PASSWORD@vaultwarden-db:5432/vaultwarden DISABLE_ADMIN_TOKEN: false DOMAIN: https://pw.vish.gg ROCKET_PORT: 4020 SMTP_FROM: your-email@example.com SMTP_HOST: smtp.gmail.com SMTP_PASSWORD: "REDACTED_PASSWORD" SMTP_PORT: 587 SMTP_SECURITY: starttls SMTP_USERNAME: your-email@example.com hostname: vaultwarden image: vaultwarden/server:latest mem_limit: 256m mem_reservation: 96m ports: - 4080:4020 restart: on-failure:5 security_opt: - no-new-privileges:true user: 1026:100 volumes: - /volume1/docker/vaultwarden/data:/data:rw ``` ### Environment Variables | Variable | Value | Description | |----------|-------|-------------| | `ROCKET_PORT` | `4020` | Configuration variable | | `DATABASE_URL` | `postgresql://vaultwardenuser:REDACTED_PASSWORD@vaultwarden-db:5432/vaultwarden` | Database connection string | | `ADMIN_TOKEN` | `***MASKED***` | Configuration variable | | `DISABLE_ADMIN_TOKEN` | `***MASKED***` | Configuration variable | | `DOMAIN` | `https://pw.vish.gg` | Service domain name | | `SMTP_HOST` | `smtp.gmail.com` | Configuration variable | | `SMTP_FROM` | `your-email@example.com` | Configuration variable | | `SMTP_PORT` | `587` | Configuration variable | | `SMTP_SECURITY` | `starttls` | Configuration variable | | `SMTP_USERNAME` | `your-email@example.com` | Configuration variable | | `SMTP_PASSWORD` | `***MASKED***` | Configuration variable | ### Port Mappings | Host Port | Container Port | Protocol | Purpose | |-----------|----------------|----------|----------| | 4080 | 4020 | TCP | Service port | ### Volume Mappings | Host Path | Container Path | Type | Purpose | |-----------|----------------|------|----------| | `/volume1/docker/vaultwarden/data` | `/data` | bind | Application data | ## 🌐 Access Information Service ports: 4080:4020 ## 🔒 Security Considerations - ✅ Security options configured - ✅ Non-root user configured - 🔒 Enable HTTPS with reverse proxy - 🔒 Disable user registration after setup - 🔒 Enable 2FA for all accounts - 🔒 Regular database backups ## 📊 Resource Requirements No resource limits configured ### Recommended Resources - **Minimum RAM**: 512MB - **Recommended RAM**: 1GB+ - **CPU**: 1 core minimum - **Storage**: Varies by usage ### Resource Monitoring Monitor resource usage with: ```bash docker stats ``` ## 🔍 Health Monitoring ⚠️ No health check configured Consider adding a health check: ```yaml healthcheck: test: ["CMD", "curl", "-f", "http://localhost:PORT/health"] interval: 30s timeout: 10s retries: 3 ``` ### Manual Health Checks ```bash # Check container health docker inspect --format='{{.State.Health.Status}}' CONTAINER_NAME # View health check logs docker inspect --format='{{range .State.Health.Log}}{{.Output}}{{end}}' CONTAINER_NAME ``` ## 🚨 Troubleshooting ### Common Issues **Service won't start** - Check Docker logs: `docker-compose logs service-name` - Verify port availability: `netstat -tulpn | grep PORT` - Check file permissions on mounted volumes **Can't access web interface** - Verify service is running: `docker-compose ps` - Check firewall settings - Confirm correct port mapping **Performance issues** - Monitor resource usage: `docker stats` - Check available disk space: `df -h` - Review service logs for errors **Authentication issues** - Verify credentials are correct - Check LDAP/SSO configuration - Review authentication logs ### Useful Commands ```bash # Check service status docker-compose ps # View real-time logs docker-compose logs -f vaultwarden # Restart service docker-compose restart vaultwarden # Update service docker-compose pull vaultwarden docker-compose up -d vaultwarden # Access service shell docker-compose exec vaultwarden /bin/bash # or docker-compose exec vaultwarden /bin/sh ``` ## 📚 Additional Resources - **Official Documentation**: Check the official docs for vaultwarden - **Docker Hub**: [vaultwarden/server:latest](https://hub.docker.com/r/vaultwarden/server:latest) - **Community Forums**: Search for community discussions and solutions - **GitHub Issues**: Check the project's GitHub for known issues ## 🔗 Related Services Services REDACTED_APP_PASSWORD vaultwarden: - Vaultwarden - Authelia - Pi-hole - WireGuard --- *This documentation is auto-generated from the Docker Compose configuration. For the most up-to-date information, refer to the official documentation and the actual compose file.* **Last Updated**: 2025-11-17 **Configuration Source**: `Atlantis/vaultwarden.yaml`