个人使用,仅供参考。
准备
安装 Docker
在终端中运行下面的命令安装 Docker。
启动docker
sudo service docker start安装 Docker Compose
Docker Compose 是 Docker 官方编排(Orchestration)项目之一,负责快速在集群中部署分布式应用,本文使用 docker-compose 来管理服务。
国内daocloud.io镜像快速安装
curl -L https://get.daocloud.io/docker/compose/releases/download/1.12.0/docker-compose-uname -s-uname -m > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose部署
在用户主目录创建bitwarden目录
cd /opt/ && mkdir -p docker/bitwarden && cd /opt/docker/bitwarden
pwd
#确认目录为
/opt/docker/bitwarden方法一:
在bitwarden目录创建docker-compose.yml文件
vim docker-compose.yml
在docker-compose.yml写入一下配置,参考官方wiki
version: "3"
services:
bitwarden:
image: vaultwarden/server
container_name: vaultwarden
restart: always
ports:
- "127.0.0.1:888:80" #将888 端口映射到镜像80端口
- "127.0.0.1:999:3012"
volumes:
- ./bw-data:/data
environment:
PGID: 1000
PUID: 1000
TZ: "Asia/Shanghai" #设置时区
SERVER_ADMIN_EMAIL: 'pluto@xkzs.cc' #设置管理邮箱
INVITATIONS_ALLOWED: 'true' #开启邀请
ADMIN_TOKEN: '*******'
WEBSOCKET_ENABLED: "true" #开启WebSocket
SIGNUPS_ALLOWED: "false" #开启注册,自己注册后改成fale
WEB_VAULT_ENABLED: "true" #web客户端运行服务
docker-compose up -d #运行服务
docker-compose down #关闭服务
docker-compose restart #重启服务
方法二:
docker run \
-itd \
-e PGID=1000 \
-e PUID=1000 \
--name='bitwarden' \
-e TZ=Asia/Shanghai \
-e 'SERVER_ADMIN_EMAIL'='pluto@xkzs.cc' \
-e 'SIGNUPS_ALLOWED'='false' \
-e 'INVITATIONS_ALLOWED'='true' \
-e 'WEBSOCKET_ENABLED'='true' \
-e 'ADMIN_TOKEN'='' \
-p '888:80/tcp' \
-p '999:3012' \
-v '/xingkong/docker/appdata/bitwarden':'/data':'rw' 'bitwardenrs/server:latest'Nginx 反代
我是通过Nginx代理实例,也可以使用Caddy、Apache等做反向代理,因为我的服务器已经装过LNMP,直接用lnmp vhost add就能建立vhost并配置好https,为了安全强烈推荐配置HTTPS,反向代理配置可以参考项目wiki
在你的Nginx插入一下配置
location / {
proxy_pass http://127.0.0.1:888;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /notifications/hub {
proxy_pass http://127.0.0.1:999;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /notifications/hub/negotiate {
proxy_pass http://127.0.0.1:888;
}
# 加入robots.txt 防止搜索引擎爬虫抓取
location = /robots.txt {
root /home/wwwroot/Bitwarden;
}在根目录/opt/docker/bitwarden创建一个robots.txt 文件
写入以下内容禁止搜索引擎爬虫抓取
User-agent: *
Disallow: /备份
#!/bin/bash
export LC_ALL=C
now=$(date +"%Y%m%d-%H%M%S")
parent_dir="/home/<USER>/bitwarden/bw-data"
backups_dir="${parent_dir}/backups"
log_file="${backups_dir}/backup-progress.log.${now}"
tmp_sqlite_backup="backups/db.sqlite3.${now}"
archive="backups/backup.tar.gz.${now}"
error () {
printf "%s: %s\n" "$(basename "${BASH_SOURCE}")" "${1}" >&2
exit 1
}
trap 'error "An unexpected error occurred."' ERR
take_backup () {
cd "${parent_dir}"
sqlite3 db.sqlite3 ".backup '${tmp_sqlite_backup}'"
/bin/tar czf "${archive}" "${tmp_sqlite_backup}" attachments
rm "${tmp_sqlite_backup}"
find "${backups_dir}/" -type f -mtime +30 -exec rm {} \;
}
printf "\n======================================================================="
printf "\nBitwarden Backup"
printf "\n======================================================================="
printf "\nBackup in progress..."
take_backup 2> "${log_file}"
if [[ -s "${log_file}" ]]
then
printf "\nBackup failure! Check ${log_file} for more information."
printf "\n=======================================================================\n\n"
else
rm "${log_file}"
printf "...SUCCESS!\n"
printf "Backup created at ${backups_dir}/backup.tar.gz.${now}"
printf "\n=======================================================================\n\n"
fi#添加计划任务
30 9 * * * sh /opt/backup.sh > /dev/null
#每天9:30自动备份
评论区