Deploy Vaultwarden with Postgres (on your Synology)

<sub>(2024/10/09)</sub> #docker #sqlite #postgres #synology #vaultwarden ## Introduction Initially when you spin-up a Vaultwarden instance, the container itself deploys a SQLite database which works for the majority of use cases however in certain circumstances, such as a larger organization, it is more preferable to have a separate database that Vaultwarden connects to. Originally based on [the guide](https://github.com/dani-garcia/vaultwarden/wiki/Using-the-PostgreSQL-Backend) provided by the Vaultwarden team, my guide is more in-depth and designed for a beginner. ## How To My environment consists of my Synology that is utilizing Portainer to manager my containers. ### Deploy Portainer I highly recommend using Portainer to manage and deploy your containers on your Synology (instead of Container Manager) but you can skip this step if you are comfortable with the command line (we will be using a docker compose file). [Here is a quick guide on how to install Portainer on your Synology. ](https://www.portainer.io/blog/how-to-install-portainer-on-a-synology-nas) ### Create new folders on your Synology Create a new `vaultwarden` folder located in your docker shared folder, then create two subfolders: * `db` -> this folder will be used Postgres * `app` -> this folder will be used by Vaultwarden itself In my case, my folder path is `/docker/storage/vaultwarden` because I like having an additional sub-folder to store all of my container data instead of putting it in the root of `docker`: ![[vaultwarden-1.png]] ## Deploy Vaultwarden with Postgres Deploy the following compose file as a stack to Portainer: * FYI - my original Vaultwarden docker compose file was based on a guide [I followed from Marius hosting](https://mariushosting.com/how-to-install-vaultwarden-on-your-synology-nas/) (so check him out!) * Make sure to update the various `volumes` paths for each container with your own paths * Make sure to also update the following values with your own values: * For the Postgres `db` container, change the following -> `POSTGRES_PASSWORD` * For the Vaultwarden container, change the following: * I set the default port to port 4020 so feel free to change to it * I set new sign-ups to `SIGNUPS_ALLOWED: false` which means you have to use the admin portal to create new users so feel free to set this value to `SIGNUPS_ALLOWED: true` if you want to allow users to sign-up themselves * With the `DATABASE_URL`, it is based on the values from your compose file -> `DATABASE_URL=postgresql://user_name:user_password@db_host:5432/vaultwarden` * Create a new password for the `ADMIN_TOKEN:` as this will be used to access the admin portal * For the `DOMAIN:` value, use the URL you would like to access Vaultwarden (from via your proxy), so for example `https://vaultwarden.owltec.ca` * For the various `SMTP` values, provide your own -> if you do not have a SMTP account I recommend you signiup for a [free account with SMTP2GO](https://www.smtp2go.com/) ``` version: "3.9" services: db: image: postgres:16 container_name: Vaultwarden-DB hostname: vaultwarden-db security_opt: - no-new-privileges:true healthcheck: test: ["CMD", "pg_isready", "-q", "-d", "vaultwarden", "-U", "vaultwardenuser"] timeout: 45s interval: 10s retries: 10 volumes: - /volume1/docker/storage/[YOUR VAULTWARDEN FOLDER]/db:/var/lib/postgresql/data:rw environment: POSTGRES_DB: vaultwarden POSTGRES_USER: vaultwardenuser POSTGRES_PASSWORD: [CHANGE ME] restart: on-failure:5 vaultwarden: image: vaultwarden/server:latest container_name: Vaultwarden hostname: vaultwarden security_opt: - no-new-privileges:true ports: - 4020:4020 volumes: - /volume1/docker/storage/[YOUR VAULTWARDEN FOLDER]/app:/data:rw environment: ROCKET_PORT: 4020 SIGNUPS_ALLOWED: false DATABASE_URL: postgresql://vaultwardenuser:[POSTGRES_PASSWORD]@vaultwarden-db:5432/vaultwarden ADMIN_TOKEN: [CHANGE ME] DISABLE_ADMIN_TOKEN: false DOMAIN: [YOUR URL] SMTP_HOST: [CHANGE ME] SMTP_FROM: [CHANGE ME] SMTP_PORT: 587 SMTP_SECURITY: starttls SMTP_USERNAME: [CHANGE ME] SMTP_PASSWORD: [CHANGE ME] restart: on-failure:5 depends_on: db: condition: service_started ``` If you are successful with your deployment then you will be greeted with an login page at `HTTP://CONTAINER HOST IP:PORT`: ![[vaultwarden-2.png]] To being creating users and customizing your experience, navigate to the admin portal at `HTTP://CONTAINER HOST IP:PORT/admin` then use then use the previously created `ADMIN_TOKEN` value to sign-in: ![[Screenshot 2024-10-09 at 3.32.15 PM.png]]