Ubuntu + bitwarden_rs搭建自己的私有密码库
本文是以Ubuntu服务器为基础装载Docker并安装bitwarden_rs镜像部署私有密码库
1.安装docker 如果已经安装过则跳过这部分
1
| sudo apt install docker.io
|
通过查看版本判断docker安装成功
启动docker
1
| sudo systemctl start docker
|
可以考虑设置开机自动启动
1
| sudo systemctl enable docker
|
2.使用docker拉取bitwarden_rs镜像
1
| docker pull bitwardenrs/server:latest
|
docker 运行bitwardenrs 并且分配端口号
1
| docker run -d --name bitwarden -v /bw-data/:/data/ -p 8800:80 bitwardenrs/server:latest
|
8800端口号根据自己服务器分配的情况自己定
配置nginx配置文件反向代理,在nginx文件夹下conf.d中修改default.conf 追加以下配置(之前是新建一个配置文件,导致所有未分配地址都指向bitwarden了不再指向blog)
配置文件内容如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47
| server { listen 80; server_name bitwarden.barrys.top; rewrite ^/(.*) https://$server_name/$1 permanent; }
server { listen 443 ssl http2; server_name bitwarden.barrys.top; ssl on; ssl_certificate cert/xxx.pem; ssl_certificate_key cert/xxx.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5"; ssl_session_cache builtin:1000 shared:SSL:10m;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff;
location / { proxy_set_header Host barrys; proxy_pass http://127.0.0.1:8800; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }
location /notifications/hub { proxy_pass http://127.0.0.1:3012; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; }
location /notifications/hub/negotiate { proxy_pass http://127.0.0.1:8800; } }
|
重启nginx读取新配置文件
重启后访问配置文件中的域名即可(别忘了配ssl哦)