最近LastPass網絡極其不穩定,正好閑下來找到了Bitwarden_rs這個替代品,感覺不錯,分享記錄下部署過程。
一、Docker方式部署
#獲取鏡像
docker pull bitwardenrs/server:latest
#生成管理員Token
openssl rand -base64 48
#運行鏡像,映射到本地/data/bw-data/目錄,端口映射為3001
docker run -d --name bitwarden -e ADMIN_TOKEN=生成的Token -v /data/bw-data/:/data/ -p 3001:80 bitwardenrs/server:latest
二、Bitwarden_rs配置文件config.json
相應的參數去github的bitwarden_rs wiki查看
{
"domain": "https://bitwarden.test.com",
"disable_icon_download": false,
"signups_allowed": true,
"signups_verify": false,
"signups_verify_resend_time": 3600,
"signups_verify_resend_limit": 6,
"invitations_allowed": true,
"password_iterations": 100000,
"show_password_hint": true,
"admin_token": "生成的Token",
"invitation_org_name": "Bitwarden_RS-By Test",
"ip_header": "X-Real-IP",
"icon_cache_ttl": 2592000,
"icon_cache_negttl": 259200,
"icon_download_timeout": 10,
"icon_blacklist_non_global_ips": true,
"disable_2fa_remember": false,
"authenticator_disable_time_drift": false,
"require_device_email": false,
"reload_templates": false,
"disable_admin_token": false,
"_enable_yubico": true,
"_enable_duo": false,
"_enable_smtp": true,
"smtp_host": "smtp.163.com",
"smtp_ssl": true,
"smtp_explicit_tls": true,
"smtp_port": 465,
"smtp_from": "test@163.com",
"smtp_from_name": "Bitwarden_RS",
"smtp_username": "test@163.com",
"smtp_password": "testpassword",
"smtp_timeout": 30,
"_enable_email_2fa": false,
"email_token_size": 6,
"email_expiration_time": 600,
"email_attempts_limit": 3
}
三、Nginx代理配置
要使用https才能登錄,替換里面證書和域名IP為你自己的,看好證書路徑對應上。
server {
listen 80;
#填寫綁定證書的域名
server_name bitwarden.test.com;
#把http的域名請求轉成https
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name bitwarden.*;
# Specify SSL config if using a shared one.
#include conf.d/ssl/ssl.conf;
#證書文件名稱
ssl_certificate conf.d/ssl/1_bitwarden.test.com_bundle.crt;
#私鑰文件名稱
ssl_certificate_key conf.d/ssl/2_bitwarden.test.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
# Allow large attachments
client_max_body_size 128M;
location / {
proxy_pass http://IP:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /notifications/hub {
proxy_pass http://IP:3012;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /notifications/hub/negotiate {
proxy_pass http://IP:3001;
}
# Optionally add extra authentication besides the AUTH_TOKEN
# If you don't want this, leave this part out
location /admin {
# See: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
#auth_basic "Private";
#auth_basic_user_file /path/to/htpasswd_file;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://IP:3001;
}
}
四、使用
上述操作完成后訪問https://bitwarden.test.com/admin進行管理員操作,要輸入設置的Token。
去https://bitwarden.com/官網下載相關客戶端和瀏覽器拓展使用。