生成本地ssl证书
openssl req -newkey rsa:2048 -nodes -keyout rsa_private.key -x509 -days 365 -out cert.crt -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=127.0.0.1/emailAddress=****@qq.com"
把生成的文件放到ssl路径
我的路径:
~/docker/vaultwarden/ssl/
~/docker/vaultwarden/nginx/
~/docker/vaultwarden/bitwarden-data/
以下是我的配置文件docker-compose.yml
version: "3.3"
services:
nginx:
image: nginx:stable
restart: always
container_name: nginx
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf
- ./ssl:/etc/ssl
- ./nginx/html:/usr/share/nginx/html
- ./nginx/conf.d:/etc/nginx/conf.d
ports:
- "80:80"
- "443:443"
- "12345:12345" #这个用来监听并且转发到vaultwarrden的80端口,我这是12345。
vaultwarden:
image: vaultwarden/server:latest
container_name: bitwarden
restart: always
volumes:
- ./bitwarden-data:/data
ports:
- 12346:80 #vaultwarrden的80端口
- 12347:3012
以上的docker-compose up -d 会有问题,nginx挂载不了文件,需要先手动拷贝出来一份配置文件,这个有很多教程,我就不写了,直接提供我的nginx目录压缩文件。包含下面的配置文件。这些也是网上看的。nginx的配置不太了解。
vaultwarden_server.conf,放到~/docker/vaultwarden/nginx/conf.d/
server {
listen 12345 ssl http2 default_server;
listen [::]:1443 ssl http2 default_server;
# server_name _;
root /var/www/html;
ssl_certificate "/etc/ssl/cert.crt";
ssl_certificate_key "/etc/ssl/rsa_private.key";
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
location / {
proxy_pass http://192.168.1.**:12346; #Web2在局域网内的ip路径
}
error_page 404 /404.html;
location = /40x.html {
}
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
这个就是最基础的配置了。只是用来测试能不能正常部署。
实际使用最好绑定自己的域名,使用正常的ssl证书。