Vaultwarden部署和nginx反代
系统环境 Centos7.9
1.安装docker,安装 Docker Compose:
# 1、(可选)更新系统的软件包
yum update -y
# 2、安装 docker 依赖的软件包
yum install -y yum-utils device-mapper-persistent-data lvm2
# 3、添加 docker 的 yum 源
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# 4、通过 yum 安装 docker
sudo yum install docker-ce docker-ce-cli containerd.io
# 如上述命令出错,可能是系统上已有旧版本 Docker,需要先卸载旧版本
# 卸载命令:yum remove docker docker-common docker-selinux docker-engine docer-io
# 5、启动 Docker 服务并设置开机启动
sudo systemctl start docker
sudo systemctl enable docker
# 6、测试 docker 是否安装成功 (查看版本号)
docker version
# 有 client 和 service 两部分表示 docker 安装并启动成功了(有部分错误不用管)
# 7、首先前往 https://github.com/docker/compose/releases/latest 查看最新的 docker-compose 版本号,比如截稿时最新版本为 2.1.1。
# 8、下载最新版本的 docker-compose,你需要将下面的 2.1.1 替换成最新的版本号
sudo curl -L "https://github.com/docker/compose/releases/download/2.1.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
# 9、授予可执行权限
sudo chmod +x /usr/local/bin/docker-compose
# 10、测试是否安装成功(可能需要重启系统)
docker-compose -v
# 安装成功会显示 docker-compose 版本
2.部署
services:
vaultwarden:
container_name: vaultwarden
image: vaultwarden/server:latest
ports:
- "8787:80"
- "3012:3012"
environment:
- DOMAIN=https://xxxx.com:8443 # 这里记得改
- ADMIN_TOKEN=some_random_token # 密码存好
- LOGIN_RATELIMIT_MAX_BURST=10
- LOGIN_RATELIMIT_SECONDS=60
- ADMIN_RATELIMIT_MAX_BURST=10
- ADMIN_RATELIMIT_SECONDS=60
- ADMIN_SESSION_LIFETIME=20
- SENDS_ALLOWED=true
- EMERGENCY_ACCESS_ALLOWED=true
- WEB_VAULT_ENABLED=true
- SIGNUPS_ALLOWED=true # 后面可改成 false,禁止新用户注册
volumes:
- "/data/vaultwarden/data:/data"
restart: unless-stopped
3.反代
server {
listen 80;
# listen [::]:80;
server_name vault.yourdomain.com;
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/vault.yourdomain.com;
return 301 https://$server_name$request_uri; #设置 http 跳转到 https
include rewrite/none.conf;
# error_page 404 /404.html;
# Deny access to PHP files in specific directory
# location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
include enable-php.conf;
access_log off;
}
server {
listen 443 ssl http2;
# listen [::]:443 ssl http2;
server_name vault.yourdomain.com;
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/vault.yourdomain.comn;
ssl_certificate /usr/local/nginx/conf/ssl/vault.yourdomain.com/fullchain.cer;
ssl_certificate_key /usr/local/nginx/conf/ssl/vault.yourdomain.com/vault.bitwarden.in.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_session_cache builtin:1000 shared:SSL:10m;
# openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
include rewrite/none.conf;
# error_page 404 /404.html;
# Deny access to PHP files in specific directory
# location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
include enable-php.conf;
# ==设置反向代理开始== #
client_max_body_size 128M; #允许大型附件
location / {
proxy_pass http://127.0.0.1:8443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /notifications/hub {
proxy_pass http://127.0.0.1:3012;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /notifications/hub/negotiate {
proxy_pass http://127.0.0.1:8443;
}
location /admin {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8443;
}
# ==设置反向代理结束== #
location ~ /.well-known {
allow all;
}
location ~ /\. {
deny all;
}
access_log off;
}
参考链接:
https://host.ppgg.in/deploying-and-using-of-vaultwarden/prepareing
https://www.iplaysoft.com/bitwarden-self-host.html
暂无标签
评论功能已关闭