Category: Linux Server

🚀 How to Set Up VaultWarden with MariaDB, Portainer, and Nginx Proxy Manager
VaultWarden is a lightweight, open-source Bitwarden server. Deploying it on Docker with Portainer and securing it via Nginx Proxy Manager ensures easy access, security, and maintenance for your password manager. While MariaDB isn’t officially supported instead of SQLite, experienced users can try it. This guide explains the full Docker setup.

Prerequisites
- Docker & Portainer installed and running.
- Nginx Proxy Manager installed (as a Docker container).
- A domain or subdomain (e.g., vault.yourdomain.com) pointed to your server’s IP.
- Open TCP ports 80, 443 on your server.
- Again: For stables, production setups, use SQLite/Postgres/MySQL 8.
Step 1: Create VaultWarden + MariaDB Stack in Portainer

1.1 Access Portainer

Visit http://YOUR.SERVER.IP:9000 and log in.

1.2 Add a New Stack
- Go to Stacks > + Add stack.
- Name it, e.g., vaultwarden-mariadb.
1.3 Paste in the Stack YAML (docker-compose format)
```
version: '3.8'

services:
  mariadb:
    image: mariadb:11.4
    container_name: vaultwarden-mariadb
    restart: unless-stopped
    environment:
      - MARIADB_DATABASE=vaultwarden
      - MARIADB_USER=vaultwarden
      - MARIADB_PASSWORD=supersecurepassword
      - MARIADB_ROOT_PASSWORD=superrootpassword
    volumes:
      - vw-mariadb-data:/var/lib/mysql
    networks:
      - vw-net

  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: unless-stopped
    depends_on:
      - mariadb
    environment:
      - DATABASE_URL=mysql://vaultwarden:supersecurepassword@mariadb:3306/vaultwarden
      - ADMIN_TOKEN=use_a_long_random_string
    volumes:
      - vaultwarden-data:/data
    networks:
      - vw-net
    # Don't map ports, will use NPM

volumes:
  vw-mariadb-data:
  vaultwarden-data:

networks:
  vw-net:
    driver: bridge
```
Notes:
- Change passwords and ADMIN_TOKEN to secure values.
- By default, no port is mapped; Nginx Proxy Manager will forward traffic via Docker networking.
1.4 Deploy the Stack

Click “Deploy the stack” and wait for containers to start.

Step 2: Connect Nginx Proxy Manager to the Docker Network (if needed)

To allow NPM to forward by container name, attach NPM to the same Docker network.
Assume your NPM container is named nginx-app-1:

You can do this using Portainer UI (Containers > nginx-app-1 > Networks > Join network > select vw-net),
or via CLI:
```
docker network connect vw-net nginx-app-1
```
Step 3: Add a Proxy Host in Nginx Proxy Manager
1. Go to NPM UI: http://YOUR.SERVER.IP:81
2. Proxy Hosts > Add Proxy Host
3. Settings:
  - Domain Names: vault.yourdomain.com
  - Scheme: http
  - Forward Hostname/IP: vaultwarden
  - Forward Port: 80
  - Block Common Exploits: Checked
4. SSL Tab:
  - Enable SSL: Yes
  - Force SSL: Yes
  - Request a new SSL Certificate: Use your email and agree to TOS
5. Save
Step 4: Access Vaultwarden
- In your browser, go to https://vault.yourdomain.com
- You should see the VaultWarden login screen.
- If you want to access the admin panel:
  https://vault.yourdomain.com/admin
  (use the ADMIN_TOKEN you set)
Troubleshooting
- 502 Gateway Error: Verify NPM is on the same network and forwarding to the right container name and port.
- Database Errors: If you see “unsupported backend” or MariaDB-related errors, this is a sign MariaDB isn’t compatible.
  Try with MySQL 8 or switch to SQLite for production use.
- SSL Issues: Make sure DNS is correct and ports 80/443 are open.
Security & Production Warnings
- MariaDB is not supported by Vaultwarden, even if it appears to work at first. Use MySQL 8 or SQLite/PostgreSQL instead.
- Back up your /data and database volumes regularly.
- Always use a strong ADMIN_TOKEN.
Conclusion

You’ve now deployed Vaultwarden in Docker using Portainer, experimented with MariaDB as a backend, and secured your setup using Nginx Proxy Manager! For mission-critical password management, please consider using SQLite, MySQL 8, or PostgreSQL.

Happy Self-Hosting! Have questions? Drop them below.

Further Reading:
Tags: VaultWarden, docker, portainer, MariaDB, nginx proxy manager, self-host, Bitwarden alternative, tutorial
July 11, 2023
How to set up Portainer with nginx Proxy Manager.
Step 1 – Setting up Docker and Portainer

Before we start, you will need to install Docker and Docker-Compose on your Linux server before we can start this.

Install Docker Engine on Ubuntu | Docker Documentation

Since we don’t have one in the active tutorial, we have to create Portainer on Docker Compose in SSH Terminal instead of Portainer WebGui, since we don’t have one.

1. I am not using Docker Volumes to save our data, so create the folder where you want to save because I am not using Docker Volumes for a reason.
```
mkdir /mnt/nasdrive/portainer/ && mkdir /mnt/nasdrive/nginx 
```
2. In the SSH terminal, create the network for nginx.
```
docker network create nginx
```
3. Please go to the folder you created for Portainer and create the file docker-compose.yml.
```
cd /mnt/nasdrive/portainer && touch docker-compose.yml
```
4. Here’s my configure docker-compose.yml.
```
version: '3.3'
services:
  portainer:
    image: portainer/portainer-ce:latest
    container_name: portainer
    ports:
      - 8000:8000
      - 9443:9443
    networks:
      - nginx
    command: -H unix:///var/run/docker.sock
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /mnt/nasdrive/portainer/data:/data
networks:
  nginx:
   external: true
```
5. Now that the Portainer is up and running, we can start to use it. To make my site secure and HTTPS with let’s encrypt, we need to create Let’s encrypt on Portainer. I already have and made an account. You should expect to see a first time creation of an account. https://yourIP:port

Now, you can log in to Portainer to start creating a docker nginx proxy manager.

Step 2 – setting up nginx proxy manager

1. After selecting the Server for your initial Portainer Docker, you will notice the option “Stacks” on the front page of Portainer. To add a stack, click the blue button.

2. You can choose any name you want, but it’s helpful for me to keep things organized. We made a program called nginx__. I use compose docker configure, but we have MariaDB Database separate docker compose because I want to use one database for all my General apps. If you desire to utilize the MariaDB database, the following tutorial provides guidance on setting up the database on Portainer.
```
version: '3.8'
services:
  app:
    container_name: nginx
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    networks:
      - nginx
      - mariadb
    ports:
      - target: 443
        published: 443 # Outside port
        mode: host
        protocol: tcp
      - target: 80
        published: 80 # Outside port
        mode: host
        protocol: tcp
      - target: 81
        published: 81
        mode: host
        protocol: tcp
    environment:
      # Mysql/Maria connection parameters:
      DB_MYSQL_HOST: "mariadb"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "npm"
      DB_MYSQL_PASSWORD: "Password"
      DB_MYSQL_NAME: "npm"
      # Uncomment this if IPv6 is not enabled on your host
      DISABLE_IPV6: 'true'
      TZ: 'America/Los_Angeles'
    volumes:
      - /mnt/nasdrive/nginx/data:/data
      - /mnt/nasdrive/nginx/letsencrypt:/etc/letsencrypt
networks:
  nginx:
    external: true
  mariadb:
    external: true
```
I already created a MariaDB database and a user for the NGINX proxy manager. So easy with PhpMyAdmin method instead, terminal console. Learn more about set up PhpMyAdmin!

3. Launching the stack for nginx!

Now open the Docker Nginx Proxy Manager at http://yourIP:81.

There is a default login because there is no creation page for users.

Email: admin@example.com Password: changeme
Immediately after logging in with this default user, you will be asked to modify your details and change your password.

After you change the password and Username you set, then now you should see this:

You should be said “0 Proxy Hosts”. I just have many domains here to use all my apps.

Now you can open the Proxy hosts to make HTTPS certificates for NGINX proxy manager and Portainer.

Nginx Proxy Manager – Nginx Proxy Host Detail

This for Nginx proxy Manager. That form you should fill out. Just a reminder, the Forward hostname/IP can work with docker-compose “container_name: nginx”.

You see docker-compose.yml have container_name: that you create, and container_name needs to be on form where is Forward Hostname/IP. So that way this machine can communicate with container_name to more secure because never know IP changed.

Last, for nginx proxy Manager – Force SSL and HTTP2 and HSTS need to be enabled.

Now, our sites are secure, and you have to remove port 81 on docker-compose to secure our HTTP. We will never expose 80 or 81, but our nginx proxy manager needs port 80 for Let’s Encrypt. So, we leave port for 80 and 443 on our docker-compose.yml.

Portainer – Nginx Proxy Host Detail

Portainer – scheme for HTTPS and port for 9443 and make sure you enable block common exploits and Web sockets support.

Portainer – you will need to enable SSL and HTTP/2 and HSTS.

Advanced custom nginx configurations won’t be needed anymore. Then now your Portainer and NGINX are secured!

HTTPS on Portainer sites. 🙂

I recommend you all to force HTTPS only on private network too. It’s really safe. So, the Portainer itself app will not work with the HTTP port anymore.

Portainer ⇾ settings ⇾ scroll down until you see SSL Certificate
July 11, 2023