一直找不到一个好用的密码管理器,几个常用的价格都挺贵的,所以问了下同学,推荐了Bitwarden_rs。晚上无聊,就自己搭建了下。(环境是centos7+宝塔) 1.安装Docker与Docker-compose
yum install docker
yum install docker-compose
2.创建bw-data目录,配置config.env文件
cd / && mkdir bw-data && cd bw-data && vim config.env
SIGNUPS_ALLOWED=true
DOMAIN=https://example.com
DATABASE_URL=/data/bitwarden.db
ROCKET_WORKERS=10
WEB_VAULT_ENABLED=true
3.创建docker-compose.yml并进行配置,运行
vim docker-compose.yml
version: '3'
services:
bitwarden:
image: bitwardenrs/server:latest
container_name: bitwarden
restart: always
volumes:
- /bw-data/:/data/
env_file:
- config.env
ports:
- "127.0.0.1:999:80"
- "127.0.0.1:3012:3012"
docker-compose up -d
4.设置nginx反代
server
{
listen 443 ssl http2;
server_name secret.*;
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/panel/vhost/cert/secret.honus.top/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/secret.honus.top/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
#PHP-INFO-START PHP引用配置,可以注释或修改
include enable-php-71.conf;
#PHP-INFO-END
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
client_max_body_size 128M;
location / {
proxy_pass http://127.0.0.1:999;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /notifications/hub {
proxy_pass http://127.0.0.1:3012;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /notifications/hub/negotiate {
proxy_pass http://127.0.0.1:999;
}
# Optionally add extra authentication besides the AUTH_TOKEN
# If you don't want this, leave this part out
location /admin {
# See: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
auth_basic "Private";
auth_basic_user_file /path/to/htpasswd_file;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:999;
}
access_log /www/wwwlogs/secret.honus.top.log;
error_log /www/wwwlogs/secret.honus.top.error.log;
}
5.自己注册后关闭用户注册
vim config.env
SIGNUPS_ALLOWED=false
6.下载各个客户端并配置服务器地址然后登陆 7.使用脚本进行定期备份