Bitwarden是一个密码管理器,有开源的服务器端,因此可以自建。

安装Docker和Docker-compose

1. 安装Docker

yum install -y yum-utils
yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo
yum install docker-ce docker-ce-cli containerd.io
systemctl start docker

2. 安装Docker-compose

curl -L https://github.com/docker/compose/releases/download/1.25.5/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
  • 如果国内机器下载较慢可以尝试备用链接

https://static.fly2x.com/soft/docker-compose-Linux-x86_64
docker-compose-Linux-x86_64.zip

创建配置文件

新建一个目录来存放本服务所有文件。
mkdir /home/bitwarden/

1. 创建内程序使用的环境变量配置文件config.env

SIGNUPS_ALLOWED=true
DOMAIN=https://example.com
DATABASE_URL=/data/bitwarden.db
ROCKET_WORKERS=10
WEB_VAULT_ENABLED=true

SIGNUPS_ALLOWED 是否开启注册
DOMAIN 域名
DATABASE_URL 数据库文件位置
ROCKET_WORKERS 设置服务器使用几个线程
WEB_VAULT_ENABLED 是否开启Web访问

2. 创建Docker服务配置文件docker-compose.yml

version: '3'

services:
  bitwarden:
    image: bitwardenrs/server:latest
    container_name: bitwarden
    restart: always
    volumes:
      - ./data:/data
    env_file:
      - config.env
    ports:
      - "127.0.0.1:6666:80"
      - "127.0.0.1:6667:3012"
  • 将容器内的/data目录与当前目录中的data目录关联。这样可以随时备份/home/bitwarden/data/bitwarden.db
  • 将容器内的80端口与本机6666端口关联。
  • 将容器内的3012端口与本机6667端口关联。

配置Nginx反代

server
    {
        listen 80;
        server_name example.com;
        rewrite ^(.*) https://$host$1 permanent;
    }

server
    {
        listen 443 ssl http2;
        #listen [::]:443 ssl http2;
        server_name example.com;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /home/wwwroot/blog;
        ssl_certificate /etc/ssl/example.cer;
        ssl_certificate_key /etc/ssl/example.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
    ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE";
        # ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
        ssl_session_cache builtin:1000 shared:SSL:10m;
        # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
        ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;

        #error_page   404   /404.html;

        # Deny access to PHP files in specific directory
        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

        location / {
            proxy_pass  http://127.0.0.1:6666;
            proxy_redirect     off;
            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        }

        access_log  /home/wwwlogs/bitwarden.log;
    }

常用操作

进入/home/bitwarden目录后运行以下命令。

  • 启动容器
    docker-compose up -d
  • 停止容器
    docker-compose down

参考链接

文章目录