Hey there
Selfhoster here running Ubuntu 20.04.4 LTS.
Cloudflare with a custom domain
Running it privately (not published to the internet) for now…
Trying to deploy everything via 1 docker compose file (docker stack deploy -c deploy.yml vaultwarden):
version: '3'
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: always
environment:
- WEBSOCKET_ENABLED=true # Enable WebSocket notifications.
volumes:
- /EVO500/AppsConfig/vaultwarden/vaultwarden_data:/data
caddy:
image: caddy:2
container_name: caddy
restart: always
ports:
- 80:80 # Needed for the ACME HTTP-01 challenge.
- 443:443
volumes:
- /EVO500/AppsConfig/vaultwarden/caddy_custombuildwithdns:/usr/bin/caddy
- /EVO500/AppsConfig/vaultwarden/caddy_data/Caddyfile:/etc/caddy/Caddyfile:ro
- /EVO500/AppsConfig/vaultwarden/caddy_data/config:/config
- /EVO500/AppsConfig/vaultwarden/caddy_data/data:/data
environment:
- DOMAIN=https://vault.mydomain.be # Your domain.
- EMAIL=hahalolno@gmail.com # The email address to use for ACME registration.
- LOG_FILE=/data/access.log
- DOMAIN=vault.mydomain.be
- CLOUDFLARE_API_TOKEN=yeahright:)
cloudflare-ddns:
image: oznu/cloudflare-ddns:latest
restart: always
environment:
- API_KEY=yeahright:)
- ZONE=mydomain.be
- SUBDOMAIN=vault
- PROXIED=false
The containers are coming up fine and when I browse to vault.mydomain.be I am greeted with a secured page but it’s blank.
Let’s Encrypt seems to work, I can see validation records getting created in the audit log on Cloudflare.
In the logging of the container for Caddy I am seeing:
{"level":"info","ts":1646427844.1201797,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1646427844.1224928,"msg":"input is not formatted with 'caddy fmt'","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1646427844.123523,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
{"level":"info","ts":1646427844.1237297,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1646427844.123745,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1646427844.124155,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["vault.mydomain.be"]}
{"level":"info","ts":1646427844.124939,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1646427844.1249516,"msg":"serving initial configuration"}
{"level":"info","ts":1646427844.1250691,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1646427844.1257076,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1646427844.125778,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000498690"}
{"level":"error","ts":1646427959.4079003,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8080: connect: connection refused","request":{"remote_addr":"10.0.0.2:53439","proto":"HTTP/2.0","method":"GET","host":"vault.mydomain.be","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Site":["none"],"Sec-Gpc":["1"],"Cache-Control":["max-age=0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Accept-Encoding":["gzip, deflate, br"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Dnt":["1"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"vault.mydomain.be"}},"duration":0.001146728,"status":502,"err_id":"7nejawrra","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}{"level":"info","ts":1646427844.1201797,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1646427844.1224928,"msg":"input is not formatted with 'caddy fmt'","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1646427844.123523,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
{"level":"info","ts":1646427844.1237297,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1646427844.123745,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1646427844.124155,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["vault.mydomain.be"]}
{"level":"info","ts":1646427844.124939,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1646427844.1249516,"msg":"serving initial configuration"}
{"level":"info","ts":1646427844.1250691,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1646427844.1257076,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1646427844.125778,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000498690"}
{"level":"error","ts":1646427959.4079003,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8080: connect: connection refused","request":{"remote_addr":"10.0.0.2:53439","proto":"HTTP/2.0","method":"GET","host":"vault.mydomain.be","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Site":["none"],"Sec-Gpc":["1"],"Cache-Control":["max-age=0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Accept-Encoding":["gzip, deflate, br"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Dnt":["1"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"vault.mydomain.be"}},"duration":0.001146728,"status":502,"err_id":"7nejawrra","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}