腾讯云私有化部署bitwarden密码管理器
背景
现在各种场景一般都需要密码登录,如果都设为统一密码,就存在一旦一个密码被攻破,其他密码都失效的情况。如果要分别设置为不同密码,那么记住密码又成了一个困难的问题。所以密码管理工具也就应运而生,为了解决个人对密码管理的需求,准备基于Docker搭建bitwarden私人密码管理器,毕竟把自家的密码放在自己家里能放心些
liunx安装Bitwarden,一个自己的密码管理工具
- 安装 Docker(若未安装):
sudo apt update && sudo apt install -y docker.io docker-compose-plugin
sudo usermod -aG docker $USER # 非root用户添加docker权限(需重启生效)
##换源 并且配置Docker资源限制(避免占用过多内存)
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors" : ["https://docker.registry.cyou",
"https://docker-cf.registry.cyou",
"https://dockercf.jsdelivr.fyi",
"https://docker.jsdelivr.fyi",
"https://dockertest.jsdelivr.fyi",
"https://mirror.aliyuncs.com",
"https://dockerproxy.com",
"https://mirror.baidubce.com",
"https://docker.m.daocloud.io",
"https://docker.nju.edu.cn",
"https://docker.mirrors.sjtug.sjtu.edu.cn",
"https://docker.mirrors.ustc.edu.cn",
"https://mirror.iscas.ac.cn",
"https://docker.rainbond.cc",
"https://do.nark.eu.org",
"https://dc.j8.work",
"https://dockerproxy.com",
"https://gst6rzl9.mirror.aliyuncs.com",
"https://registry.docker-cn.com",
"http://hub-mirror.c.163.com",
"http://mirrors.ustc.edu.cn/",
"https://mirrors.tuna.tsinghua.edu.cn/",
"http://mirrors.sohu.com/"
],
"insecure-registries" : [
"registry.docker-cn.com",
"docker.mirrors.ustc.edu.cn"
],
"debug": true,
"experimental": false
"default-shm-size": "256m", # 共享内存限制
"default-ulimits": {
"memlock": { "hard": -1, "soft": -1 }
}
}
EOF
#启动
sudo systemctl start docker
#刷新配置并重启
sudo systemctl daemon-reload && sudo systemctl restart docker
#设置开机启动
sudo systemctl enable docker
创建目录(建议放在/data下,方便数据管理)
sudo mkdir -p /data/vaultwarden && cd /data/vaultwarden
chmod +x /data/vaultwarden
创建docker-compose
cat > docker-compose.yml << EOF
version: '3.3'
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: always
environment:
- TZ=Asia/Shanghai
ports:
- 1314:80 # Vaultwarden 映射端口
- 3012:3012 # Websocket 映射端口
volumes:
- './vw-data:/data'
env_file:
- ./vault.env # 环境变量路径
EOF
创建变量文件
cat > vault.env << EOF
WEBSOCKET_ENABLED=true
SIGNUPS_ALLOWED=true
# 使用 openssl rand -base64 48 命令快速生成管理员令牌
ADMIN_TOKEN=eefPNlNPHiA13sXw2z8B6/og7K/lTzNo0KFrUKjB9
# Vaultwarden 域名
DOMAIN=https://vaultwa/
SHOW_PASSWORD_HINT=false
DISABLE_ICON_DOWNLOAD=false
# 设置您的 SMTP 发送邮箱信息
SMTP_HOST=smtp.qq.com
SMTP_FROM=1461610914@qq.com
SMTP_FROM_NAME=Vaultwarden Service
# 根据邮箱修改
SMTP_SECURITY=force_tls
# SMTP 端口
SMTP_PORT=465
SMTP_SSL=true
SMTP_USERNAME=1461610914@qq.com
# 密码用 '' 包围起来
SMTP_PASSWORD=''
SMTP_TIMEOUT=15
EOF
创建启动脚本
cat > start.sh << EOF
docker compose down && docker compose up -d
EOF
chmod +x start.sh
创建nginx配置文件 ,不会安装nginx的查看我之前的帖子有教程
cat > vaultwarden.conf << EOF
server {
listen 80;
server_name vaultwarden.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name vaultwarden.com;
# SSL证书配置(保持你原来的)
ssl_certificate ssl/vaultwarden.com.pem;
ssl_certificate_key ssl/vaultwarden.com.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers off;
# 主服务代理(对应容器映射的1314端口) 这个ip:10.1.0.5为你云服务器的内网ip
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://10.1.0.5:1314/; # 这里必须是1314
}
# WebSocket代理(对应容器映射的3012端口)
location /notifications/hub/ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://10.1.0.5:3012/notifications/hub/; # 这里必须是3012
}
}
EOF
vaultwarden使用
1.通过域名注册对应的用户账号 https://vaultwarden.com/
按照文档中的步骤要想注册账号,SIGNUPS_ALLOWED必需设置为true才会出现注册按钮,注册完账号后再改为false
2.先去浏览器插件商店中下载对应的插件
- 然后用注册的账号登录进去
![image]()
浙公网安备 33010602011771号