前言
由于账号众多,并且有些恢复密钥需要保存,就用了第三方的密码管理工具。1password 免费版只能手机上添加, Mac 上只读,不方便;试用的 Enpass 马上就要到期,所以寻求便宜甚至免费的其它工具。
Bitwarden 是开源免费的,除了用自带的云服务以外还可以部署在自己的服务器上,所以在 vps 搭建一下看看。(这里用的非官方的 bitwarden_rs,要求配置更低)
准备
- vps
- 域名
步骤
Docker Compose 拉镜像 https://github.com/dani-garcia/vaultwarden/wiki/Using-Docker-Compose
创建
docker-compose.yml,替换掉其中的域名和邮箱1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27version: '3'
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: always
environment:
- WEBSOCKET_ENABLED=true # Enable WebSocket notifications.
volumes:
- ./vw-data:/data
caddy:
image: caddy:2
container_name: caddy
restart: always
ports:
- 80:80 # Needed for the ACME HTTP-01 challenge.
- 443:443
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- ./caddy-config:/config
- ./caddy-data:/data
environment:
- DOMAIN=http(s)://vaultwarden.example.com # Your domain, prefixed with http or https.
- EMAIL=admin@example.com # The email address to use for ACME registration.
- LOG_FILE=/data/access.log创建
Caddyfile1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27{$DOMAIN}:443 {
log {
level INFO
output file {$LOG_FILE} {
roll_size 10MB
roll_keep 10
}
}
# Use the ACME HTTP-01 challenge to get a cert for the configured domain.
tls {$EMAIL}
# This setting may have compatibility issues with some browsers
# (e.g., attachment downloading on Firefox). Try disabling this
# if you encounter issues.
encode gzip
# Notifications redirected to the WebSocket server
reverse_proxy /notifications/hub vaultwarden:3012
# Proxy everything else to Rocket
reverse_proxy vaultwarden:80 {
# Send the true remote IP to Rocket, so that vaultwarden can put this in the
# log, so that fail2ban can ban the correct IP.
header_up X-Real-IP {remote_host}
}
}
vps 开放 80 和 443 端口
- 添加 DNS 解析 A 记录指向 vps 的公网 ip
- 运行
docker-compose up -d,访问域名即可打开 bitwarden