Migrating from passbolt and traefik to bitwarden and traefik

AmScholmes · January 30, 2025, 1:02pm

Hello. I wanted to migrate from passbolt to bitwarden, so i found the post about one user who couldn’t access it. So i copied his docker compose but i can’t acess it. it shows me 404 page not found.

version: "3.9"

services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    env_file:
     - .env
    restart: unless-stopped
    environment:
      DOMAIN: "https://${DOMAIN}"
      WEBSOCKET_ENABLED: "true"
      SIGNUPS_ALLOWED: "false"  # Set to true if you want to allow new users to sign up
    volumes:
      - vw_data:/data
    labels:
      traefik.enable: "true"
      traefik.docker.network: "passbolt_default"
      traefik.http.routers.vaultwarden-http.rule: "Host(`${DOMAIN}`)"
      traefik.http.routers.vaultwarden.service: "vaultwarden"
      traefik.http.routers.vaultwarden-http.tls: "true"
      traefik.http.routers.vaultwarden-http.entrypoints: "websecure"
      traefik.http.routers.vaultwarden-http.tls.certresolver: "letsencrypt"
      traefik.http.services.vaultwarden.loadbalancer.server.port: "80"
      # WebSocket support
      traefik.http.routers.vaultwarden-ws.entrypoints: "websecure"
      traefik.http.routers.vaultwarden-ws.rule: "Host(`${DOMAIN}`) && Path(`/notifications/hub`)"
      traefik.http.routers.vaultwarden-ws.tls: "true"
      traefik.http.services.vaultwarden-ws.loadbalancer.server.port: "3012"
    networks:
      - passbolt_default

  traefik:
    image: traefik:2.6
    container_name: traefik
    restart: always
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    extra_hosts:
      - "host.docker.internal:host-gateway"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik.yaml:/traefik.yaml:ro
      - ./conf/:/etc/traefik/conf:ro
      - ./shared/:/shared
    networks:
      - passbolt_default

volumes:
  vw_data:

networks:
  passbolt_default:
    external: true

I am using the passbolt_default network as i have other services that work only when they all are on the same network. Nevermind I fixed it.

Updated docker compose:

version: '3.8'

services:
  traefik:
    image: traefik:2.6
    container_name: traefik
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik.yaml:/etc/traefik/traefik.yaml
      # - ./conf/headers.yaml:/etc/traefik/conf/headers.yaml
      # - ./conf/tls.yaml:/etc/traefik/conf/tls.yaml
      - ./conf/:/etc/traefik/conf:ro
      - ./shared/:/shared
    networks:
      - passbolt_default
      - traefik_public
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.rule=Host(`traefik.vinetaerentraute.id.lv`)"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.tls=true"
      - "traefik.http.routers.traefik.tls.certresolver=letsencrypt"

  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: unless-stopped
    environment:
      - WEBSOCKET_ENABLED=true
      - SIGNUPS_ALLOWED=true
      - DOMAIN=https://vault.vinetaerentraute.id.lv    
volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik.yaml:/etc/traefik/traefik.yaml
      # - ./conf/headers.yaml:/etc/traefik/conf/headers.yaml
      # - ./conf/tls.yaml:/etc/traefik/conf/tls.yaml
      - ./conf/:/etc/traefik/conf:ro
      - ./shared/:/shared
    networks:
      - passbolt_default
      - traefik_public
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.rule=Host(`traefik.vinetaerentraute.id.lv`)"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.tls=true"
      - "traefik.http.routers.traefik.tls.certresolver=letsencrypt"

  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: unless-stopped
    environment:
      - WEBSOCKET_ENABLED=true
      - SIGNUPS_ALLOWED=true
      - DOMAIN=https://vault.vinetaerentraute.id.lv
    volumes:
      - ./vaultwarden-data:/data
    networks:
      - passbolt_default
      - traefik_public
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.vaultwarden.rule=Host(`vault.vinetaerentraute.id.lv`)"
      - "traefik.http.routers.vaultwarden.entrypoints=websecure"
      - "traefik.http.routers.vaultwarden.tls=true"
      - "traefik.http.routers.vaultwarden.tls.certresolver=letsencrypt"
      - "traefik.http.services.vaultwarden.loadbalancer.server.port=80"

networks:
  passbolt_default:
    external: true
  traefik_public:
    name: traefik_public

You need to wait a minute before the configs refresh but this works.

Topic		Replies	Views
Vaultwarden with Traefik on Docker swarm Help	1	691	March 20, 2024
Getting 502 after new Update Help	4	188	January 2, 2025
Can't access Vaultwarden behind traefik Help	7	2380	September 20, 2023
Vaultwarden not reachable after update to latest version	1	396	March 5, 2024
Vaultwarden + ModSecurity websockets 502 Bad Gateway	1	1122	March 9, 2023

Migrating from passbolt and traefik to bitwarden and traefik

Related topics