最近LastPass网络极其不稳定,正好闲下来找到了Bitwarden_rs这个替代品,感觉不错,分享记录下部署过程。
一、Docker方式部署
#获取镜像
docker pull bitwardenrs/server:latest
#生成管理员Token
openssl rand -base64 48
#运行镜像,映射到本地/data/bw-data/目录,端口映射为3001
docker run -d --name bitwarden -e ADMIN_TOKEN=生成的Token -v /data/bw-data/:/data/ -p 3001:80 bitwardenrs/server:latest
二、Bitwarden_rs配置文件config.json
相应的参数去github的bitwarden_rs wiki查看
{
"domain": "https://bitwarden.test.com",
"disable_icon_download": false,
"signups_allowed": true,
"signups_verify": false,
"signups_verify_resend_time": 3600,
"signups_verify_resend_limit": 6,
"invitations_allowed": true,
"password_iterations": 100000,
"show_password_hint": true,
"admin_token": "生成的Token",
"invitation_org_name": "Bitwarden_RS-By Test",
"ip_header": "X-Real-IP",
"icon_cache_ttl": 2592000,
"icon_cache_negttl": 259200,
"icon_download_timeout": 10,
"icon_blacklist_non_global_ips": true,
"disable_2fa_remember": false,
"authenticator_disable_time_drift": false,
"require_device_email": false,
"reload_templates": false,
"disable_admin_token": false,
"_enable_yubico": true,
"_enable_duo": false,
"_enable_smtp": true,
"smtp_host": "smtp.163.com",
"smtp_ssl": true,
"smtp_explicit_tls": true,
"smtp_port": 465,
"smtp_from": "test@163.com",
"smtp_from_name": "Bitwarden_RS",
"smtp_username": "test@163.com",
"smtp_password": "testpassword",
"smtp_timeout": 30,
"_enable_email_2fa": false,
"email_token_size": 6,
"email_expiration_time": 600,
"email_attempts_limit": 3
}
三、Nginx代理配置
要使用https才能登录,替换里面证书和域名IP为你自己的,看好证书路径对应上。
server {
listen 80;
#填写绑定证书的域名
server_name bitwarden.test.com;
#把http的域名请求转成https
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name bitwarden.*;
# Specify SSL config if using a shared one.
#include conf.d/ssl/ssl.conf;
#证书文件名称
ssl_certificate conf.d/ssl/1_bitwarden.test.com_bundle.crt;
#私钥文件名称
ssl_certificate_key conf.d/ssl/2_bitwarden.test.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
# Allow large attachments
client_max_body_size 128M;
location / {
proxy_pass http://IP:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /notifications/hub {
proxy_pass http://IP:3012;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /notifications/hub/negotiate {
proxy_pass http://IP:3001;
}
# Optionally add extra authentication besides the AUTH_TOKEN
# If you don't want this, leave this part out
location /admin {
# See: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
#auth_basic "Private";
#auth_basic_user_file /path/to/htpasswd_file;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://IP:3001;
}
}
四、使用
上述操作完成后访问https://bitwarden.test.com/admin进行管理员操作,要输入设置的Token。
去https://bitwarden.com/官网下载相关客户端和浏览器拓展使用。