# Example: Vaultwarden (Bitwarden RS) with LemonSec version: "3.8" networks: services: external: true volumes: vaultwarden-data: services: vaultwarden: image: vaultwarden/server:latest container_name: vaultwarden restart: unless-stopped networks: - services environment: - WEBSOCKET_ENABLED=true - SIGNUPS_ALLOWED=false # Disable after creating your account - ADMIN_TOKEN=${VAULTWARDEN_ADMIN_TOKEN} - DOMAIN=https://vault.lemonlink.eu - SMTP_HOST=${SMTP_HOST} - SMTP_FROM=${SMTP_FROM} - SMTP_PORT=587 - SMTP_SECURITY=starttls - SMTP_USERNAME=${SMTP_USERNAME} - SMTP_PASSWORD=${SMTP_PASSWORD} volumes: - vaultwarden-data:/data labels: - "traefik.enable=true" # Main Vaultwarden interface - "traefik.http.routers.vaultwarden.rule=Host(`vault.lemonlink.eu`)" - "traefik.http.routers.vaultwarden.entrypoints=websecure" - "traefik.http.routers.vaultwarden.tls.certresolver=letsencrypt" - "traefik.http.routers.vaultwarden.service=vaultwarden" - "traefik.http.routers.vaultwarden.middlewares=authelia@docker" # WebSocket for real-time sync - "traefik.http.routers.vaultwarden-ws.rule=Host(`vault.lemonlink.eu`) && Path(`/notifications/hub`)" - "traefik.http.routers.vaultwarden-ws.entrypoints=websecure" - "traefik.http.routers.vaultwarden-ws.tls.certresolver=letsencrypt" - "traefik.http.routers.vaultwarden-ws.service=vaultwarden-ws" # Admin panel (separate router for different middleware) - "traefik.http.routers.vaultwarden-admin.rule=Host(`vault.lemonlink.eu`) && PathPrefix(`/admin`)" - "traefik.http.routers.vaultwarden-admin.entrypoints=websecure" - "traefik.http.routers.vaultwarden-admin.tls.certresolver=letsencrypt" - "traefik.http.routers.vaultwarden-admin.service=vaultwarden" - "traefik.http.routers.vaultwarden-admin.middlewares=authelia@docker,rate-limit-strict@file" # Services - "traefik.http.services.vaultwarden.loadbalancer.server.port=80" - "traefik.http.services.vaultwarden-ws.loadbalancer.server.port=3012"