docker-compose/vault/compose.yaml

services:
  vaultwarden:
    image: ${VAULT_IMAGE:-vaultwarden/server:latest}
    container_name: ${VAULT_COMPOSE_PROJECT_NAME}_app
    restart: unless-stopped
    volumes:
      - vaultwarden_data:/data
    environment:
      TZ: ${TIMEZONE:-Europe/Berlin}
      DOMAIN: https://${VAULT_TRAEFIK_HOST}
      WEBSOCKET_ENABLED: ${VAULT_WEBSOCKET_ENABLED:-true}
      SIGNUPS_ALLOWED: ${VAULT_SIGNUPS_ALLOWED:-false}
      INVITATIONS_ALLOWED: ${VAULT_INVITATIONS_ALLOWED:-true}
      SHOW_PASSWORD_HINT: ${VAULT_SHOW_PASSWORD_HINT:-false}
    networks:
      - compose_network
    labels:
      - 'traefik.enable=${VAULT_TRAEFIK_ENABLED}'
      - 'traefik.http.middlewares.${VAULT_COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https'
      - 'traefik.http.routers.${VAULT_COMPOSE_PROJECT_NAME}-web.middlewares=${VAULT_COMPOSE_PROJECT_NAME}-redirect-web-secure'
      - 'traefik.http.routers.${VAULT_COMPOSE_PROJECT_NAME}-web.rule=Host(`${VAULT_TRAEFIK_HOST}`)'
      - 'traefik.http.routers.${VAULT_COMPOSE_PROJECT_NAME}-web.entrypoints=web'
      - 'traefik.http.routers.${VAULT_COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${VAULT_TRAEFIK_HOST}`)'
      - 'traefik.http.routers.${VAULT_COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver'
      - 'traefik.http.routers.${VAULT_COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure'
      - 'traefik.http.middlewares.${VAULT_COMPOSE_PROJECT_NAME}-web-secure-compress.compress=true'
      - 'traefik.http.routers.${VAULT_COMPOSE_PROJECT_NAME}-web-secure.middlewares=${VAULT_COMPOSE_PROJECT_NAME}-web-secure-compress'
      - 'traefik.http.services.${VAULT_COMPOSE_PROJECT_NAME}-web-secure.loadbalancer.server.port=80'
      - 'traefik.docker.network=${NETWORK_NAME}'
      - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'

volumes:
  vaultwarden_data:
    name: ${VAULT_COMPOSE_PROJECT_NAME}_data

networks:
  compose_network:
    name: ${NETWORK_NAME}
    external: true