Vaultwarden on Oracle Cloud VPS
Configuration with Cloudflare, Cloudflared, NPM and Webtop
Last updated
Configuration with Cloudflare, Cloudflared, NPM and Webtop
Last updated
Please read our disclaimer https://docs.ibracorp.io/#disclaimer.
The following videos were watched, understood and previously implemented:
Oracle Cloud account already signed up and approved. (Oracle takes up to 5 business days to approve accounts, It took mine 4 days since it was during the holidays, but it could be quicker.)
Putty already installed on your system. (We need this for SSH and port forwarding.)
Make sure to NOT skip any STEPS for any reason.
USE
P@ssw0rd!
proxy
Proxy
ubuntu
SOMETHING
DOMAIN
non-root user
RANDOM-NUMBERS-FOR-NOW
CLOUDFLAREDIMAGEID
TUNNELNAME
TUNNELUUID
n-p-m.DOMAIN.COM
beta
domain.com
Go to your Oracle Cloud account.
Once you are in your account, click on the top left hamburger that looks like 3 lines parallel on top of each other.
After clicking that, click on Compute
.
Open Putty and paste the IP address you copied into the SSH bar. Name the session, and click save. After that, click on the +
icon beside SSH and then click on Auth
.
Browse for the Private key you saved earlier and open it. Now in Putty, click the open button
.
A terminal will appear and another box in front of it asking for permission, click Accept
.
Now it wants you to login and by default the user is ubuntu
, now input the private key password that we input before saving it.
We are now SSH’d into the VPS server.
Let's port-forward Webtop and N.P.M using Putty so only your PC/Machine can access it.
Now we right-click the top bar of Putty and click Change Settings
.
2. We now click the +
sign beside SSH and then click Tunnels
.
3. We are going to input the port of Webtop into Source port which is 3000
and we are going to put 127.0.0.1:3000
for the destination.
4. Furthermore, we will now click the Add
button and add N.P.M. as well if you want to do it from that WebUI instead of Webtop which is HIGHLY
recommended since it's much easier to add your Cloudflare Origin Certification.
The following is the end result:
Now that we are SSH’d into the VPS, we will run a couple of commands. Run the following:
We are now going to install Docker and Docker-compose.
Run these commands:
(Any of these commands that prompt you for Y
or N
, just type Y
and click enter.)
We now have both of them installed, to make sure we have them installed, run the following:
Both output the version. Now let's go install Webtop, Nginx Proxy Manager, and Vaultwarden.
Run the following commands:
Important notice: The default abc
user isn't supposed to be removed or changed, since it already has config permissions and other access that is required to use webtop.
DO NOT CHANGE PLEASE!
Run these commands:
We are going to use the .env
file, so it’s not commented out and only change your timezone PUID AND PGUID depending on the user.
If you are using the default Ubuntu user then it’s the same number for both that is already there and if you want to know your ID then run this command:
In the docker-compose, we are going to paste the following:
Now back to the docker-compose.yml file, make sure that you save it with CTRL+X, Y and ENTER
.
Run this command for the .env
file.
In here, paste this in and change the placeholder. Later we will define the same password in the Webtop system to the user abc
.
Save the file and run:
Go into your browser and input 127.0.0.1:3000
and login
We defined the password in .env
file now we need to do the same in the Webtop terminal.
This method doesn't permanently change the password of the container, but this method here does.
The terminal can be found if you click Menu
in the top left corner of the webpage, hover over System Tools
and click MATE Terminal
as shown below.
Now, to change your password to the specified user, abc
we need to run the following command.
The command above and below will force the webtop5.games.com
site you put for Webtop to go to the following screen below since we changed the password permanently, which is highly recommended you do.
If you ever lose your password, you can always reset it by execing into the container as root:
By default, it performs all logic for the abc
user and I recommend using that user only in the container, but new users can be added as long as there is a startwm.sh
executable script in their home directory. All of these containers are configured with passwordless sudo, I do not recommend ever publishing Webtop ports to the public Internet. Which we take them off after Argo Tunneling the containers.
In here you don't change the Session
section, only input the default user abc
and your new password, and you will be able to enter the Webtop panel.
Run these commands:
In the yaml
paste the following below:
Save the file.
Run the following command.
Paste the following:
Save the file and run:
Run the following commands:
Now paste the following:
Save the file.
Run:
Since we already have the local ports open for NPM we just need to open up a browser on any computer and input the 127.0.0.1:81
we will then follow the same steps taken here.
As shown in the above image, we add it first and then click apply. Now we have a Webtop port forwarded, and we are now going to access it by inputting the 127.0.0.1:3000
in a web browser on your system, then you will be redirected to Webtop. In Webtop, open Firefox which is located on the top left of the screen and input in the address bar this PUBLIC_IP_OF_VPS:81
This is, so we can access NPM.
5. We now sign in with the default credentials, which are. admin@example.com
and changeme
6. Now when we sign in it will ask us to edit the user account which we put our own email and password on the next screen.
7. After that we will open a new tab, go to Cloudflare and login. Then we are going to make a new origin certificate, go to the next page from below:
8. We now need to create a file that ends with .pem
to put the certificate origin inside it, and then we create a file that ends with .key we paste in the private key in there.
9. Now we click Ok
and head back to NPM, go to the SSL cert. Tab, click add SSL Cert and click custom.
10. We will now put the .key file we have into the key section and the .pem
into the certification section and then click Ok
to add it.
11. We now head back over to Cloudflare and set up our DNS names. We will put an A name to whatever name we want and then the IPV4 section will be the PUBLIC_IP_OF_VPS as shown below and proxy it.
12. Furthermore, we will now put our 3 CNAMES that we want to use for our containers.
13. Now since we have that setup, let’s head back to NPM and go to the proxy tab. Below is how all the proxies should look like once you proxied all of them.
For anyone wanting to know why I didn’t use beta.games.com
with the subdomain in front of it for any of the containers.
It is due to Cloudflare already linking each subdomain to beta and that is linked to the VPS IP and your main domain, which in this example it would be games.com
for me.
This Argo Tunneling section NOT
required but is HIGHLY
recommended having implemented into your VPS for security reasons.
The following commands are going to be used to install and configure Cloudflared:
Please read and follow instructions carefully.
We are going to put the following in the docker-compose and when we compose it, the container will not work, which is fine. What we will want is the image, and then we will go back to the container to edit a couple of things.
Save the file with Ctrl+X, Press Y and then ENTER.
We are now going to make the tunnel and the config.yaml
file.
To make theCNAME
for the tunnel, please have it like the following:
CNAME
BETA
TUNNELUUID.cfargotunnel.com
Proxied
Auto
Now let's go back to the Putty Terminal and run the following:
Save the file.
In the compose file we are going to change the RANDOM_NUMBERS
we had in the command:
line to the TUNNELUUID
and then we are going to save the file.
Now run the following commands:
We will now go into NPM with our domain we already have.
Back in the Putty terminal, run the following:
As always make sure to save the file after editing it and let's run the following to update the container:
If you don't know already, you don't need to port forward any ports, since your Argo Tunneling takes care of that and lets you access it without exposing those ports to the outside world.
You can also remove the Tunnel we have in the Putty Terminal if not done so already.
That is all you have to do for Argo Tunneling on this arm64-vps
, have a great day everyone!
We hope you enjoyed this guide. It was conceptualized, written, and implemented by our Discord Community member Norkz, based on the IBRACORP Vaultwarden guide found here.
Want to contribute a guide? Join our Discord below and let us know!
Our work sometimes takes months to research and develop. If you want to help support us please consider:
Liking and Subscribing to our Youtube channel
Joining our Discord server
Becoming a paid member on our IBRACORP website
Donating via Paypal
Thank you for choosing to collaborate with IBRACORP