Hey guys,
I’m trying to run BW as non-root in docker, but not quite sure if I’m missing something?
################
##Bitwarden_rs##
################bitwarden:
container_name: Bitwarden
image: bitwardenrs/server
restart: always
volumes:
# - $USERDIR/Bitwarden/Data:/data
# - $USERDIR/Bitwarden/SSL:/ssl
- $USERDIR/Bitwarden2/Data:/data
- $USERDIR/Bitwarden2/SSL:/ssl
networks:
pihole:
ipv4_address: ‘172.22.0.109’
ports:
- 8089:8089
- 3012:3012
environment:
- DUO_IKEY=$DUO_IKEY
- DUO_SKEY=$DUO_SKEY
- DUO_HOST=$DUO_HOST
- LOG_FILE=/data/bitwarden.log
- PUID=$PUID
- PGID=$PGID
- TZ=$TZ
#- SIGNUPS_ALLOWED=true
- SIGNUPS_ALLOWED=false
- INVITATIONS_ALLOWED=true
- USER=‘$PUID:$PGID’
- LOG_LEVEL=warn
- EXTENDED_LOGGING=true
- DOMAIN=‘https://bitwarden.$DOMAINNAME’
- ROCKET_WORKERS=20
- ROCKET_PORT=8089
- WEBSOCKET_ENABLE=true
- ADMIN_TOKEN=$BW_ADMIN_TOKEN
- SMTP_HOST=$BW_SMTP_HOST
- SMTP_FROM=$BW_SMTP_FROM
- SMTP_PORT=$BW_SMTP_PORT
- SMTP_SSL=true
- SMTP_USERNAME=$BW_SMTP_USERNAME
- SMTP_PASSWORD=$BW_SMTP_PASSWORD
labels:
- autoheal=true
- “traefik.enable=true”
## HTTP Routers
- “traefik.http.routers.bitwarden-rtr.entrypoints=https”
- “traefik.http.routers.bitwarden-websocket.entrypoints=https”
- “traefik.http.routers.bitwarden-admin.entrypoints=https”
- “traefik.http.routers.bitwarden-rtr.rule=Host(bitwarden.$DOMAINNAME
)”
- “traefik.http.routers.bitwarden-websocket.rule=Host(bitwarden.$DOMAINNAME
) && Path(/notifications/hub
)”
- “traefik.http.routers.bitwarden-admin.rule=Host(bitwarden.$DOMAINNAME
) && Path(/admin
)”
- “traefik.http.routers.bitwarden-rtr.tls=true”
- “traefik.http.routers.bitwarden-admin.tls=true”
- “traefik.http.routers.bitwarden-websocket.tls=true”
## Middlewares
# - “traefik.http.routers.bitwarden-rtr.middlewares=chain-oauth@file”
# - “traefik.http.routers.bitwarden-rtr.middlewares=chain-authelia@file” # Authelia
- “traefik.http.routers.bitwarden-admin.middlewares=chain-authelia@file” # Authelia
- “traefik.http.routers.bitwarden-rtr.middlewares=chain-no-auth@file”
- “traefik.http.routers.bitwarden-websocket.middlewares=chain-no-auth@file”
## HTTP Services
- “traefik.http.routers.bitwarden-rtr.service=bitwarden-svc”
- “traefik.http.routers.bitwarden-websocket.service=bitwarden-websocket-svc”
- “traefik.http.routers.bitwarden-admin.service=bitwarden-admin-svc”
- “traefik.http.services.bitwarden-svc.loadbalancer.server.port=8089”
- “traefik.http.services.bitwarden-admin-svc.loadbalancer.server.port=8089”
- “traefik.http.services.bitwarden-websocket-svc.loadbalancer.server.port=3012”
# Healthcheck
- “traefik.http.services.bitwarden-svc.loadbalancer.healthcheck.interval=5s”
- “traefik.http.services.bitwarden-svc.loadbalancer.healthcheck.timeout=3s”
- “traefik.http.services.bitwarden-svc.loadbalancer.healthcheck.path=/”
restart: always
The PUID and PGID are correct in the .env file as well (have checked by replacing the variables with static values just in case it wasn’t picking up the variables.
$USERDIR/Bitwarden2 is a clone of the data + SSL directories chowned with the correct UID and GID.
Have I missed something and am I being a muppet?
Thanks!