0

I have installed Openlitespeed on my ubuntu 20.04 server, which works with http on port 80.

I ran a vaultwarden docker-compose.yml with caddy with HTTP Challenge which uses port 443 for https. I used the docker-compose.yml and Caddyfile which was documented here https://github.com/dani-garcia/vaultwarden/wiki/Using-Docker-Compose.

Vaultwarden runs perfectly with my domain with https, but the caddy:2 container is now blocking port 443, which I need for https on my openlitespeed web server.

I tried to change the port in the docker-compose.yml for caddy to something other than 443, but then my web interface fails to load.

How can I run both my docker-compose and my web server with https? Can I use openlitespeed instead of caddy? What would be the best approach for this?

Prajna Rai T
  • 1,666
  • 3
  • 15
Nowak
  • 135
  • 2
  • 14

1 Answers1

0

We can take advantage of openlitespeed docker solution, but we still need to manually set up proxy settings since there's no existing OpenLiteSpeed as a Proxy Docker image for vaultwarden.

Docker Setup

1.Download the ols-docker-env

git clone https://github.com/litespeedtech/ols-docker-env.git;
cd ols-docker-env

2.Edit the docker-compose.yml file to

version: '3'
services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: always
    environment:
      - WEBSOCKET_ENABLED=true
    volumes:
      - ./vw-data:/data

  litespeed:
    image: litespeedtech/openlitespeed:${OLS_VERSION}-${PHP_VERSION}
    env_file:
      - .env
    volumes:
        - ./lsws/conf:/usr/local/lsws/conf
        - ./lsws/admin-conf:/usr/local/lsws/admin/conf
        - ./bin/container:/usr/local/bin
        - ./sites:/var/www/vhosts/
        - ./acme:/root/.acme.sh/
        - ./logs:/usr/local/lsws/logs/
    ports:
      - 80:80
      - 443:443
      - 443:443/udp
      - 7080:7080
    restart: always
    environment:
      TZ: ${TimeZone}

3.Run the following command to start containers

docker-compose up -d

4.Set password for OpenLiteSpeed

bash bin/webadmin.sh my_password

Access the Web Admin at port 7080 from your browser and log in with the password you set.

Follow OLS as a reverse proxy setup to set up OLS as a revere proxy

1.Go to Virtual Host Example > External App, create 2 Web Servers, enter image description here

2.Go to Virtual Host Example > Rewrite Set Enable Rewrite to Yes
Add following Rewrite Rules

RewriteRule /notifications/hub/ http://vaultwarden3012/ [P,L]
RewriteRule ^(.*)$ http://vaultwarden80/$1 [P,L]

3.Go to Virtual Host Templates and remove un-used docker Template

4.Go to Listener > HTTP > Add Virtual Host Mappings
5.Go to Listener > HTTPS > Add Virtual Host Mappings
enter image description here

6.SSL Apply example Access into the litespeedtech container and apply cert,

/root/.acme.sh/acme.sh --issue -d example.com -w /usr/local/lsws/Example/html

7.Add SSL key and cert to Virtual Host Example > SSL

  • Private Key File: /root/.acme.sh/certs/example.com/example.com.key
  • Certificate File: /root/.acme.sh/certs/example.com/fullchain.cer
  • Chained Certificate: Yes

Result

enter image description here

Note: I have no experience with the vaultwarden app, feel free to let me know if I missed anything.

Eric
  • 732
  • 4
  • 13