WeAir

安装Vaultwarden

Vaultwarden原为Bitwarden RS,由Rust编写,是Bitwarden服务API的替代实现,并与Bitwarden客户端相兼容,是一款开源的密码管理软件。

准备

提前安装Nginx。

安装Docker

1
wget -qO- https://get.docker.com/ | sudo bash

安装Docker Compose

1
2
curl -L "https://github.com/docker/compose/releases/download/v2.29.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

启动Docker并设置开机启动

1
2
systemctl start docker
systemctl enable docker

部署Vaultwarden

创建Vaultwarden的运行目录

1
cd /opt && mkdir vaultwarden && cd vaultwarden

创建docker-compose配置文件

1
vim /opt/vaultwarden/docker-compose.yml

文件配置:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: always
    ports:
      - "8080:80"
    volumes:
      - ./vw-data:/data
    environment:
#后台管理登陆密码
      - ADMIN_TOKEN=admin_token
#域名配置
      - DOMAIN=https://domain.name
#更改workers数量
      - ROCKET_WORKERS=20
#更改API请求大小限制
      - ROCKET_LIMITS={json=10485760}
#是否显示密码提示
      - SHOW_PASSWORD_HINT=true
#是否开启用注册,自用的话自己搭建好注册后改成false
      - SIGNUPS_ALLOWED=true
#是否开启WebSocket通知
      - WEBSOCKET_ENABLED=true
#是否开启Web客户端
      - WEB_VAULT_ENABLED=true
#图标缓存配置
      - DISABLE_ICON_DOWNLOAD=false
      - ICON_CACHE_TTL=0
      - ICON_CACHE_NEGTTL=0
#邮件配置
      - SMTP_HOST=smtp.domain.name
      - SMTP_FROM=no-reply@domain.name
      - SMTP_PORT=587
      - SMTP_SSL=true
      - SMTP_USERNAME=no-reply@domain.name
      - SMTP_PASSWORD=password

启动vaultwarden服务

1
2
cd /opt/vaultwarden
docker-compose up -d

运行后会自动拉去镜像和设置Vaultwarden。

关闭重启服务命令

1
2
docker-compose down
docker-compose restart

Nginx反代

反向代理配置:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
upstream vaultwarden-default {
    zone vaultwarden-default 64k;
    server 127.0.0.1:8080;
    keepalive 2;
}

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      "";
}

server {
    listen 80;
    listen [::]:80;
    server_name domain.name;

    if ($host = domain.name) {
        return 301 https://$host$request_uri;
    }
    return 404;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;
    server_name domain.name;

    client_max_body_size 512M;

    location / {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_pass http://vaultwarden-default;
    }

    #location /admin {
    #    proxy_http_version 1.1;
    #    proxy_set_header Upgrade $http_upgrade;
    #    proxy_set_header Connection $connection_upgrade;
    #
    #    proxy_set_header Host $host;
    #    proxy_set_header X-Real-IP $remote_addr;
    #    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #    proxy_set_header X-Forwarded-Proto $scheme;
    #
    #    proxy_pass http://vaultwarden-default;
    #}
}

重启Nginx,然后就能通过域名访问了。

Vaultwarden升级

1
2
3
4
cd /opt/vaultwarden
docker-compose down
docker pull vaultwarden/server:latest
docker-compose up -d

后记

其它问题可查询官方文档