自建Bitwarden服务端
# docker pull bitwardenrs/server:latest
# useradd bitwarden
# su - bitwarden
$ mkdir ~/data/
环境变量配置:
$ cat config.env
SIGNUPS_ALLOWED=true
DOMAIN=https://192.168.x.x
DATABASE_URL=/home/bitwarden/data/bw.db
ROCKET_WORKERS=10
WEB_VAULT_ENABLED=true
ADMIN_TOKEN=xxxx
WEBSOCKET_ENABLED=true
docker-compose配置
# wget https://hub.fastgit.org/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64 -O /usr/local/bin/docker-compose
# chmod +x /usr/local/bin/docker-compose
# cat /home/bitwarden/docker-compose.yml
version: '3'
services:
bitwarden:
image: bitwardenrs/server:latest
container_name: bitwarden
restart: always
volumes:
- /home/bitwarden/data:/data
env_file:
- config.env
ports:
- "8080:80"
- "3012:3012"
# docker-compose -f /home/bitwarden/docker-compose.yml up -d
安装nginx
# docker run -it -d --name nginx -v /home/bitwarden/nginx:/etc/nginx/ -p 80:80 -p 443:443 nginx:latest
nginx配置:
$ cat ~/nginx/conf.d/default.conf
server {
listen 80;
return 301 https://$host$request_uri; #将http的域名请求转成https
server_name localhost;
}
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate /etc/nginx/com.crt;
ssl_certificate_key /etc/nginx/com.key;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
#配置反向代理,请求代理发送到8080端口
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}