Ubuntu + bitwarden_rs搭建自己的私有密码库
本文是以Ubuntu服务器为基础装载Docker并安装bitwarden_rs镜像部署私有密码库
1.安装docker 如果已经安装过则跳过这部分
1
| sudo apt install docker.io
|
通过查看版本判断docker安装成功
启动docker
1
| sudo systemctl start docker
|
可以考虑设置开机自动启动
1
| sudo systemctl enable docker
|
2.使用docker拉取bitwarden_rs镜像
1
| docker pull bitwardenrs/server:latest
|
docker 运行bitwardenrs 并且分配端口号
1
| docker run -d --name bitwarden -v /bw-data/:/data/ -p 8800:80 bitwardenrs/server:latest
|
8800端口号根据自己服务器分配的情况自己定
配置nginx配置文件反向代理,在nginx文件夹下conf.d中修改default.conf 追加以下配置(之前是新建一个配置文件,导致所有未分配地址都指向bitwarden了不再指向blog)
配置文件内容如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
| server
{
listen 80;
server_name bitwarden.barrys.top;
rewrite ^/(.*) https://$server_name/$1 permanent;
}
server
{
listen 443 ssl http2;
server_name bitwarden.barrys.top;
ssl on;
ssl_certificate cert/xxx.pem;
ssl_certificate_key cert/xxx.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_session_cache builtin:1000 shared:SSL:10m;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
location / {
proxy_set_header Host barrys;
proxy_pass http://127.0.0.1:8800;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /notifications/hub {
proxy_pass http://127.0.0.1:3012;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /notifications/hub/negotiate {
proxy_pass http://127.0.0.1:8800;
}
}
|
重启nginx读取新配置文件
重启后访问配置文件中的域名即可(别忘了配ssl哦)
