SETUPvAULTwARDEN DOCKER

docker-compose.yml

@@ -0,0 +1,16 @@
+version: "3"
+
+services:
+  vaultwarden:
+    image: vaultwarden/server:latest
+    container_name: vaultwarden
+    restart: always
+    volumes:
+      - ./data:/data
+    ports:
+      - "8080:80"
+    environment:
+      WEBAUTHN_ENABLED: "true"
+      WEBSOCKET_ENABLED: "true"
+      ADMIN_TOKEN: ${VAULTWARDEN_ADMIN_TOKEN}
+

setup-vaultwarden-https.sh

@@ -0,0 +1,56 @@
+#!/bin/bash
+
+DOMAIN="vault"
+CERT_DIR="/etc/ssl/vaultwarden"
+NGINX_SITE="/etc/nginx/sites-available/vaultwarden"
+NGINX_LINK="/etc/nginx/sites-enabled/vaultwarden"
+
+echo "🔧 Création du certificat auto-signé..."
+
+# Créer le dossier pour les certificats
+sudo mkdir -p $CERT_DIR
+
+# Générer la clé privée et le certificat auto-signé
+sudo openssl req -x509 -nodes -days 365 \
+  -subj "/CN=$DOMAIN" \
+  -newkey rsa:2048 \
+  -keyout $CERT_DIR/vaultwarden.key \
+  -out $CERT_DIR/vaultwarden.crt
+
+echo "✅ Certificat généré dans $CERT_DIR"
+
+echo "🧾 Configuration NGINX pour $DOMAIN..."
+
+# Créer la config nginx
+sudo tee $NGINX_SITE > /dev/null <<EOF
+server {
+    listen 443 ssl;
+    server_name $DOMAIN;
+
+    ssl_certificate     $CERT_DIR/vaultwarden.crt;
+    ssl_certificate_key $CERT_DIR/vaultwarden.key;
+
+    location / {
+        proxy_pass http://localhost:8080;
+        proxy_set_header Host \$host;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+    }
+}
+
+server {
+    listen 80;
+    server_name $DOMAIN;
+    return 301 https://\$host\$request_uri;
+}
+EOF
+
+# Activer le site
+sudo ln -sf $NGINX_SITE $NGINX_LINK
+
+# Redémarrer nginx
+sudo nginx -t && sudo systemctl reload nginx
+
+echo "✅ NGINX configuré avec HTTPS pour https://$DOMAIN"
+