Skip to main content

Generate Self Signing Cert

version: "3.9"
services:
  vaultwarden:
    image: vaultwarden/server:latest
    restart: unless-stopped
    volumes:
      - /mnt/dietpi_userdata/vaultwarden/data:/data
    ports:
      - "8060:80"
      - "3012:3012"

1. Check Logs

journalctl -u vaultwarden.service

2. Restart Nginx

systemctl restart nginx.service

3. Check Port Listening

ss -tulpn | grep LISTEN

4. Modify vaultwarden.env

On RPi 2, open the vaultwarden.env file using the nano editor:

nano /mnt/dietpi_userdata/vaultwarden/vaultwarden.env

Disable TLS by commenting out the ROCKET_TLS line:

#ROCKET_TLS={certs="./cert.pem",key="./privkey.pem"}

Enable websocket notifications by adding the following lines:

WEBSOCKET_ENABLED=true
WEBSOCKET_ADDRESS=0.0.0.0
WEBSOCKET_PORT=3012

Save the file.

Restart the vaultwarden service:

systemctl restart vaultwarden.service

vaultwarden is now reachable on HTTP. ROCKET_PORT and ROCKET_TLS are the parameters used to specify HTTP/S port + SSL certificate used by vaultwarden to enable SSL access. If you have any questions about these parameters, you might need to reach out to the vaultwarden developer for a deeper explanation.

5. Install Prerequisites

sudo apt -y install apt-transport-https ca-certificates curl gnupg2 software-properties-common

6. Install GPG key

sudo mkdir -p /etc/apt/keyrings && curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

7. Install Repository

echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

8. Install Docker

sudo apt-get update && sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin

9. Enable at boot and start Docker daemon

sudo systemctl enable docker
sudo systemctl start docker

10. Docker Compose

Create a docker-compose.yml file with the following content:

version: "3.8"
services:
  nginx-proxy-manager:
  image: jc21/nginx-proxy-manager:latest
  container_name: nginx-proxy-manager
  ports:
    - 80:80
    - 81:81
    - 443:443
  volumes:
    - ./nginx/data:/data
    - ./nginx/letsencrypt:/etc/letsencrypt
  restart: unless-stopped
  jellyfin:
  image: lscr.io/linuxserver/jellyfin:latest
  container_name: jellyfin
  environment:
    - PUID=1000
    - PGID=1000
    - TZ=Asia/Singapore
  volumes:
    - ./jellyfin/config:/config
    - ./jellyfin/cache:/cache
    - ./jellyfin/media:/media
  restart: unless-stopped

Run Docker Compose:

docker-compose up -d

11. Add SSL Certificate

Input domain names:

homelab.duckdns.org *.homelab.duckdns.org

Increase seconds to 120 if you get an error on Propagation.

12. Edit lighttpd.conf

Edit /etc/lighttpd/lighttpd.conf and change the line that says server.port = 80 to use some other port number such as 8080.

sudo systemctl restart lighttpd

13. Pihole /admin/ Fix

Add the following configuration to fix the Pihole /admin/:

location / {
proxy_pass http://{{pi-ip}}:{{port}}/admin/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header X-Frame-Options;
proxy_set_header X-Frame-Options "SAMEORIGIN";
proxy_read_timeout 90;
}

14. Custom MOTD

sudo su
toilet --termwidth --filter border --gay --font future -k "Diet Pi" > /etc/motd
cat /proc/device-tree/model >> /etc/motd
printf "\n" >> /etc/motd
exit

15. Renew Let's Encrypt

NPM not working for me - uses caddy Visit guide setup-caddy