通过开源 bitwarden 自建私有密码管理服务

by Posted on 
[root@localhost ~]# docker pull bitwardenrs/server:latest
[root@localhost ~]# 
[root@localhost ~]# mkdir /data/bitwarden
[root@localhost ~]# 
[root@localhost ~]# docker run -d --name bitwarden -v /data/bitwarden/:/data/ -p 8080:80 -p 3012:3012 bitwardenrs/server:latest
[root@localhost ~]# 
[root@localhost ~]#

停止并删除

[root@localhost ~]# docker stop bitwarden
[root@localhost ~]# docker rm bitwarden

docker run -d --name bitwarden \
-v /data/bitwarden/:/data/ \
-p 8080:80 \
-p 3012:3012 \
-e DOMAIN=https://domain.com \
-e SIGNUPS_ALLOWED=false \
-e ADMIN_TOKEN=xxxxx \
-e WEBSOCKET_ENABLED=true \
-e SMTP_HOST=xxxxx \
-e SMTP_FROM=xxxxx \
-e SMTP_PORT=xxxxx \
-e SMTP_USERNAME=xxxxx \
-e SMTP_PASSWORD=xxxxx \
bitwardenrs/server:latest

反向代理配置

server {
  listen 443 ssl http2;
  server_name domain.com;
  
  # Specify SSL config if using a shared one.
  ssl_certificate certs/domain.com.pem;
  ssl_certificate_key certs/domain.com.key;
  ssl_session_timeout 5m;
  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  # ssl end
  
  # Allow large attachments
  client_max_body_size 128M;

  location / {
    proxy_pass http://localhost:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
  
  location /notifications/hub {
    proxy_pass http://localhost:3012;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }
  
  location /notifications/hub/negotiate {
    proxy_pass http://localhost:8080;
  }

  # Optionally add extra authentication besides the ADMIN_TOKEN
  # If you don't want this, leave this part out
  location /admin {
    # See: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
    #auth_basic "Private";
    #auth_basic_user_file /path/to/htpasswd_file;

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_pass http://localhost:8080;
  }

}

Published by zhpj

发表评论

您的电子邮箱地址不会被公开。