VaultBitwarden 搭建
环境配置
-
liunx
-
nginx
apt-get install nginx
-
docker、docker-compose
apt-get install docker docker-compose
软件配置
Nginx
-
把SSL证书*.pem、 *.key 复制到 /etc/nginx/conf.d/cert/ 中
-
vim /etc/nginx/conf.d/default.conf
-
将下面的中文改成你的信息
-
# The `upstream` directives ensure that you have a http/1.1 connection # This enables the keepalive option and better performance # # Define the server IP and ports here. upstream vaultwarden-default { zone vaultwarden-default 64k; server 0.0.0.0:3080; keepalive 2; } upstream vaultwarden-ws { zone vaultwarden-ws 64k; server 0.0.0.0:3012; keepalive 2; } # Redirect HTTP to HTTPS server { listen 80; listen [::]:80; server_name 域名; return 301 https://$host$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name 域名; # Specify SSL Config when needed #ssl_certificate /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/fullchain.pem; #ssl_certificate_key /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/privkey.pem; #ssl_trusted_certificate /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/fullchain.pem; ssl_certificate /etc/nginx/conf.d/cert/你的SSL证书.pem; ssl_certificate_key /etc/nginx/conf.d/cert/你的SSL证书.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #表示使用的加密套件的类型。 ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; #表示使用的TLS协议的类型,您需要自行评估是否配置TLSv1.1协议。 ssl_prefer_server_ciphers on; client_max_body_size 128M; location / { proxy_http_version 1.1; proxy_set_header "Connection" ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://0.0.0.0:3080; } location /notifications/hub/negotiate { proxy_http_version 1.1; proxy_set_header "Connection" ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://0.0.0.0:3012; } location /notifications/hub { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Forwarded $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://0.0.0.0:3080; } # Optionally add extra authentication besides the ADMIN_TOKEN # Remove the comments below `#` and create the htpasswd_file to have it active # #location /admin { # # See: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/ # auth_basic "Private"; # auth_basic_user_file /path/to/htpasswd_file; # # proxy_http_version 1.1; # proxy_set_header "Connection" ""; # # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Proto $scheme; # # proxy_pass http://vaultwarden-default; #} }
nginx -s reload
重新加载nginx配置文件
Docker
-
mkdir ~/bitwarden && cd ~/bitwarden
-
vim docker-compose.yml
version: "3" services: bitwarden: image: vaultwarden/server:latest container_name: bitwardenrs restart: always ports: - "127.0.0.1:3080:80" #将宿主机3080端口映射到docker的80端口 - "127.0.0.1:3012:3012" volumes: - ./bw-data:/data #挂载到宿主机文件 environment: WEBSOCKET_ENABLED: "true" #是否开启WebSocket SIGNUPS_ALLOWED: "true" #是否开启注册,自用的话自己搭建好注册后改成false WEB_VAULT_ENABLED: "true" #是否开启Web客户端 #ADMIN_TOKEN: "" #后台登陆密码,建议openssl rand -base64 48 生成ADMIN_TOKEN确保安全,当前是没启用,如需启用去掉ADMIN_TOKEN前面的 # ,并生成安全密码 , admin页面地址: https://域名/admin
3.
docker-compose up -d