一直找不到一个好用的密码管理器,几个常用的价格都挺贵的,所以问了下同学,推荐了Bitwarden_rs。晚上无聊,就自己搭建了下。(环境是centos7+宝塔) 1.安装Docker与Docker-compose

yum install docker
yum install docker-compose

2.创建bw-data目录,配置config.env文件

cd / && mkdir bw-data && cd bw-data && vim config.env
SIGNUPS_ALLOWED=true
DOMAIN=https://example.com
DATABASE_URL=/data/bitwarden.db
ROCKET_WORKERS=10
WEB_VAULT_ENABLED=true

3.创建docker-compose.yml并进行配置,运行

vim docker-compose.yml

version: '3'
services:
  bitwarden:
    image: bitwardenrs/server:latest
    container_name: bitwarden
    restart: always
    volumes:
      - /bw-data/:/data/
    env_file:
      - config.env
    ports:
      - "127.0.0.1:999:80"
      - "127.0.0.1:3012:3012"

docker-compose up -d

4.设置nginx反代

server
{
    listen 443 ssl http2;
    server_name secret.*;

    #SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
    #error_page 404/404.html;
    #HTTP_TO_HTTPS_START
    if ($server_port !~ 443){
        rewrite ^(/.*)$ https://$host$1 permanent;
    }
    #HTTP_TO_HTTPS_END
    ssl_certificate    /www/server/panel/vhost/cert/secret.honus.top/fullchain.pem;
    ssl_certificate_key    /www/server/panel/vhost/cert/secret.honus.top/privkey.pem;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    error_page 497  https://$host$request_uri;

    #PHP-INFO-START  PHP引用配置,可以注释或修改
    include enable-php-71.conf;
    #PHP-INFO-END

    #一键申请SSL证书验证目录相关设置
    location ~ \.well-known{
        allow all;
    }

    client_max_body_size 128M;
    location / { 
        proxy_pass http://127.0.0.1:999;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
    location /notifications/hub {
        proxy_pass http://127.0.0.1:3012;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
    location /notifications/hub/negotiate {
        proxy_pass http://127.0.0.1:999;
    }

  # Optionally add extra authentication besides the AUTH_TOKEN
  # If you don't want this, leave this part out
  location /admin {
    # See: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
    auth_basic "Private";
    auth_basic_user_file /path/to/htpasswd_file;

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_pass http://127.0.0.1:999;
  }
    access_log  /www/wwwlogs/secret.honus.top.log;
    error_log  /www/wwwlogs/secret.honus.top.error.log;
}

5.自己注册后关闭用户注册

vim config.env
SIGNUPS_ALLOWED=false

6.下载各个客户端并配置服务器地址然后登陆 7.使用脚本进行定期备份

最后修改:2022 年 04 月 09 日
如果觉得我的文章对你有用,请随意赞赏