šŸš€ How to Set Up VaultWarden with MariaDB, Portainer, and Nginx Proxy Manager


VaultWarden is a lightweight, open-source Bitwarden server. Deploying it on Docker with Portainer and securing it via Nginx Proxy Manager ensures easy access, security, and maintenance for your password manager. While MariaDB isn’t officially supported instead of SQLite, experienced users can try it. This guide explains the full Docker setup.


Prerequisites

  • Docker & Portainer installed and running.
  • Nginx Proxy Manager installed (as a Docker container).
  • A domain or subdomain (e.g., vault.yourdomain.com) pointed to your server’s IP.
  • Open TCP ports 80, 443 on your server.
  • Again: For stables, production setups, use SQLite/Postgres/MySQL 8.

Step 1: Create VaultWarden + MariaDB Stack in Portainer

1.1 Access Portainer

Visit http://YOUR.SERVER.IP:9000 and log in.

1.2 Add a New Stack

  • Go to Stacks > + Add stack.
  • Name it, e.g., vaultwarden-mariadb.

1.3 Paste in the Stack YAML (docker-compose format)

version: '3.8'

services:
  mariadb:
    image: mariadb:11.4
    container_name: vaultwarden-mariadb
    restart: unless-stopped
    environment:
      - MARIADB_DATABASE=vaultwarden
      - MARIADB_USER=vaultwarden
      - MARIADB_PASSWORD=supersecurepassword
      - MARIADB_ROOT_PASSWORD=superrootpassword
    volumes:
      - vw-mariadb-data:/var/lib/mysql
    networks:
      - vw-net

  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: unless-stopped
    depends_on:
      - mariadb
    environment:
      - DATABASE_URL=mysql://vaultwarden:supersecurepassword@mariadb:3306/vaultwarden
      - ADMIN_TOKEN=use_a_long_random_string
    volumes:
      - vaultwarden-data:/data
    networks:
      - vw-net
    # Don't map ports, will use NPM

volumes:
  vw-mariadb-data:
  vaultwarden-data:

networks:
  vw-net:
    driver: bridge

Notes:

  • Change passwords and ADMIN_TOKEN to secure values.
  • By default, no port is mapped; Nginx Proxy Manager will forward traffic via Docker networking.

1.4 Deploy the Stack

Click ā€œDeploy the stackā€ and wait for containers to start.


Step 2: Connect Nginx Proxy Manager to the Docker Network (if needed)

To allow NPM to forward by container name, attach NPM to the same Docker network.
Assume your NPM container is named nginx-app-1:

You can do this using Portainer UI (Containers > nginx-app-1 > Networks > Join network > select vw-net),
or via CLI:

docker network connect vw-net nginx-app-1

Step 3: Add a Proxy Host in Nginx Proxy Manager

  1. Go to NPM UI: http://YOUR.SERVER.IP:81
  2. Proxy Hosts > Add Proxy Host
  3. Settings:
    • Domain Names: vault.yourdomain.com
    • Scheme: http
    • Forward Hostname/IP: vaultwarden
    • Forward Port: 80
    • Block Common Exploits: Checked
  4. SSL Tab:
    • Enable SSL: Yes
    • Force SSL: Yes
    • Request a new SSL Certificate: Use your email and agree to TOS
  5. Save

Step 4: Access Vaultwarden

  • In your browser, go to https://vault.yourdomain.com
  • You should see the VaultWarden login screen.
  • If you want to access the admin panel:
    https://vault.yourdomain.com/admin
    (use the ADMIN_TOKEN you set)

Troubleshooting

  • 502 Gateway Error: Verify NPM is on the same network and forwarding to the right container name and port.
  • Database Errors: If you see ā€œunsupported backendā€ or MariaDB-related errors, this is a sign MariaDB isn’t compatible.
    Try with MySQL 8 or switch to SQLite for production use.
  • SSL Issues: Make sure DNS is correct and ports 80/443 are open.

Security & Production Warnings

  • MariaDB is not supported by Vaultwarden, even if it appears to work at first. Use MySQL 8 or SQLite/PostgreSQL instead.
  • Back up your /data and database volumes regularly.
  • Always use a strong ADMIN_TOKEN.

Conclusion

You’ve now deployed Vaultwarden in Docker using Portainer, experimented with MariaDB as a backend, and secured your setup using Nginx Proxy Manager! For mission-critical password management, please consider using SQLite, MySQL 8, or PostgreSQL.

Happy Self-Hosting! Have questions? Drop them below.


Further Reading:


Tags: VaultWarden, docker, portainer, MariaDB, nginx proxy manager, self-host, Bitwarden alternative, tutorial


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *