Deploy Vaultwarden with Dokploy: Docker Compose Setup Guide
Step-by-step guide to deploying Vaultwarden password manager on your VPS using Dokploy and Docker Compose. Includes persistent vault storage, admin panel, and SSL.
Deploy Vaultwarden with Dokploy
Dokploy is an open-source server management platform that simplifies deploying Docker Compose applications on your VPS. It handles reverse proxy configuration, SSL certificates, and deployment management — making it simple to self-host your password manager with Vaultwarden.
This guide walks you through deploying Vaultwarden with persistent vault storage, an admin panel, and automatic HTTPS. Vaultwarden is a lightweight Bitwarden-compatible server written in Rust that includes an embedded SQLite database.
Prerequisites
- A VPS with at least 1 vCPU, 512 MB RAM, and 5 GB storage
- Dokploy installed and running on your server (installation docs)
- A domain name (e.g.,
vault.yourdomain.com) with DNS A record pointing to your server's IP
Docker Compose Configuration
Create a new Compose project in Dokploy and paste the following configuration:
version: "3.8"
services:
vaultwarden:
image: vaultwarden/server:latest
restart: unless-stopped
ports:
- "8080:80"
environment:
- DOMAIN=https://${VAULTWARDEN_DOMAIN}
- SIGNUPS_ALLOWED=${SIGNUPS_ALLOWED:-true}
- ADMIN_TOKEN=${ADMIN_TOKEN}
- LOG_LEVEL=info
volumes:
- ../files/vaultwarden-data:/data
healthcheck:
test: ["CMD", "./healthcheck.sh"]
interval: 30s
timeout: 10s
retries: 3
Note: Set
SIGNUPS_ALLOWED=trueinitially to create your first account, then change it tofalseand redeploy to prevent unauthorized signups. The admin panel is accessible at/adminusing theADMIN_TOKEN.
Environment Variables
Set these in Dokploy's Environment tab for your compose project:
| Variable | Purpose | Example |
|---|---|---|
VAULTWARDEN_DOMAIN |
Your Vaultwarden domain | vault.yourdomain.com |
ADMIN_TOKEN |
Token for accessing the admin panel at /admin |
a-long-random-token |
SIGNUPS_ALLOWED |
Allow new user registrations (true/false) | false |
In Dokploy, environment variables are set via the Environment editor in the project settings. Do not create a .env file manually — Dokploy manages this for you. If your ADMIN_TOKEN contains $ characters, escape them as $$ in the compose environment.
Volumes & Data Persistence
This setup uses Dokploy's ../files convention for bind-mounted volumes:
../files/vaultwarden-data— SQLite database, RSA keys, attachments, icon cache, and configuration
The ../files path is relative to the compose file inside Dokploy's project directory. This ensures your data persists across redeployments. Avoid using absolute paths (e.g., /opt/vaultwarden) because Dokploy may clean them during redeployment.
Important: The /data directory contains your encrypted vault database and RSA keys. Back this up regularly — losing it means losing all stored passwords.
If you need S3 backup support, consider using named Docker volumes instead. Named volumes can be backed up with Dokploy's built-in backup features.
Domain & SSL Setup
- In your Dokploy project, navigate to the Domains tab
- Click Add Domain and enter your domain (e.g.,
vault.yourdomain.com) - Set the container port to
80 - Enable HTTPS — Dokploy automatically provisions a Let's Encrypt SSL certificate
- Save and wait for the certificate to be issued (usually under a minute)
Dokploy's built-in Traefik reverse proxy handles TLS termination and routes traffic to your Vaultwarden container. HTTPS is required — Bitwarden clients refuse to connect over plain HTTP.
Verifying the Deployment
- In Dokploy, go to your project's Deployments tab and click Deploy
- Watch the build logs — you should see the
vaultwardencontainer pull and start - Check the Logs tab for the
vaultwardenservice. Look for:Rocket has launched from - Open
https://vault.yourdomain.comin your browser — you should see the Vaultwarden web vault - Create your first account (while
SIGNUPS_ALLOWED=true) - Test by installing the Bitwarden app or browser extension and connecting to your server URL
Troubleshooting
Bitwarden clients fail to connect
Ensure the DOMAIN environment variable includes the https:// prefix and matches your actual domain. Bitwarden clients require HTTPS. Verify SSL is working by accessing the web vault in a browser first.
Admin panel returns 404
The admin panel is available at https://vault.yourdomain.com/admin. Ensure ADMIN_TOKEN is set in the environment variables. If it is empty or unset, the admin panel is disabled entirely.
Cannot register new accounts
Check the value of SIGNUPS_ALLOWED. If set to false, new registrations are blocked. You can temporarily enable it, create accounts, then disable again. Alternatively, invite users via the admin panel.
SSL certificate not issuing Ensure your domain's DNS A record points to your server's IP and has propagated. Dokploy uses Let's Encrypt HTTP-01 challenges, so port 80 must be accessible. Check Traefik logs in Dokploy for certificate-related errors.
Learn more about Vaultwarden in our complete overview.
Need a VPS? Hostinger VPS starts at $4.99/mo — perfect for running Vaultwarden.
For more on Docker Compose deployments in Dokploy, see the Dokploy Docker Compose documentation.
App data sourced from selfh.st open-source directory.
Ready to get started?
Get the best VPS hosting deal today. Hostinger offers 4GB RAM VPS starting at just $4.99/mo.
Get Hostinger VPS — $4.99/mo// up to 75% off + free domain included
// related topics
fordnox
Expert VPS reviews and hosting guides. We test every provider we recommend.
// last updated: February 12, 2026. Disclosure: This article may contain affiliate links.