version: '3' services: db: image: postgres:15 restart: always container_name: db networks: - internal env_file: - .env volumes: - {{ server.work_dir }}/vaultwarden/db:/var/lib/postgresql/data vaultwarden: image: vaultwarden/server:latest restart: always container_name: vaultwarden networks: - proxy - internal env_file: - .env volumes: - {{ server.work_dir }}/vaultwarden/base:/data labels: - traefik.enable=true - traefik.docker.network=proxy - traefik.http.middlewares.redirect-https.redirectScheme.scheme=https - traefik.http.middlewares.redirect-https.redirectScheme.permanent=true - traefik.http.routers.bitwarden-ui-https.rule=Host(`pwds.{{ server.domain }}`) - traefik.http.routers.bitwarden-ui-https.entrypoints=https - traefik.http.routers.bitwarden-ui-https.tls=true - traefik.http.routers.bitwarden-ui-https.tls.certresolver=sslResolver - traefik.http.routers.bitwarden-ui-https.service=bitwarden-ui - traefik.http.routers.bitwarden-ui-http.rule=Host(`pwds.{{ server.domain }}`) - traefik.http.routers.bitwarden-ui-http.entrypoints=http - traefik.http.routers.bitwarden-ui-http.middlewares=redirect-https - traefik.http.routers.bitwarden-ui-http.service=bitwarden-ui - traefik.http.services.bitwarden-ui.loadbalancer.server.port=80 - traefik.http.routers.bitwarden-websocket-https.rule=Host(`pwds.{{ server.domain }}`) && Path(`/notifications/hub`) - traefik.http.routers.bitwarden-websocket-https.entrypoints=https - traefik.http.routers.bitwarden-websocket-https.tls=true - traefik.http.routers.bitwarden-websocket-https.tls.certresolver=sslResolver - traefik.http.routers.bitwarden-websocket-https.service=bitwarden-websocket - traefik.http.routers.bitwarden-websocket-http.rule=Host(`pwds.{{ server.domain }}`) && Path(`/notifications/hub`) - traefik.http.routers.bitwarden-websocket-http.entrypoints=http - traefik.http.routers.bitwarden-websocket-http.middlewares=redirect-https - traefik.http.routers.bitwarden-websocket-http.service=bitwarden-websocket - traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012 networks: internal: proxy: external: true