From 8478e74b85850583cdc3a26c1faf090199214397 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Garc=C3=ADa?=
 <dani-garcia@users.noreply.github.com>
Date: Fri, 11 Jan 2019 14:52:10 +0100
Subject: [PATCH] Create docker compose entry

---
 Using-Docker-Compose.md | 80 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 80 insertions(+)
 create mode 100644 Using-Docker-Compose.md

diff --git a/Using-Docker-Compose.md b/Using-Docker-Compose.md
new file mode 100644
index 0000000..20a982d
--- /dev/null
+++ b/Using-Docker-Compose.md
@@ -0,0 +1,80 @@
+Docker Compose is a tool that allows the definition and configuration of multi-container applications. In our case, we want both the Bitwarden_RS server and a proxy to redirect the WebSocket requests to the correct place.
+
+This guide is based on [#126 (comment)](https://github.com/dani-garcia/bitwarden_rs/issues/126#issuecomment-417872681).
+
+Create a `docker-compose.yml` file based on this:
+```yml
+#docker-compose.yml
+
+version: "3"
+
+services:
+  bitwarden:
+    image: mprasil/bitwarden
+    restart: always
+    volumes:
+      - ./bw-data:/data
+    environment:
+      WEBSOCKET_ENABLED: "true" # Required to use websockets
+      SIGNUPS_ALLOWED: "true" # set to false to disable signups
+
+  caddy:
+    image: abiosoft/caddy
+    restart: always
+    volumes:
+      - ./Caddyfile:/etc/Caddyfile:ro
+      - caddycerts:/root/.caddy
+    ports:
+      - 80:80 # needed for Let's Encrypt
+      - 443:443
+    environment:
+      ACME_AGREE: "true" # agree to Let's Encrypt Subscriber Agreement
+      DOMAIN: "bitwarden.example.org" # CHANGE THIS! Used for Auto Let's Encrypt SSL
+      EMAIL: "bitwarden@example.org"  # CHANGE THIS! Optional, provided to Let's Encrypt
+volumes:
+  caddycerts:
+```
+
+and the corresponding `Caddyfile` (does not need to be modified):
+```nginx
+#Caddyfile
+
+{$DOMAIN} {
+    tls {$EMAIL}
+
+    header / {
+        # Enable HTTP Strict Transport Security (HSTS)
+        Strict-Transport-Security "max-age=31536000;"
+        # Enable cross-site filter (XSS) and tell browser to block detected attacks
+        X-XSS-Protection "1; mode=block"
+        # Disallow the site to be rendered within a frame (clickjacking protection)
+        X-Frame-Options "DENY"
+    }
+
+    # The negotiation endpoint is also proxied to Rocket
+    proxy /notifications/hub/negotiate bitwarden:80 {
+        transparent
+    }
+
+    # Notifications redirected to the websockets server
+    proxy /notifications/hub bitwarden:3012 {
+        websocket
+    }
+
+    # Proxy the Root directory to Rocket
+    proxy / bitwarden:80 {
+        transparent
+    }
+}
+```
+
+Run
+```bash
+docker-compose up -d
+```
+to create & start the containers. It creates a private network between the two containers for the reverse proxy, only caddy is exposed to the outside.
+
+```bash
+docker-compose down
+```
+stops and destroys the containers.
\ No newline at end of file