Bitwarden是一个免费和开源的密码管理服务,可以在加密的Vault中存储诸如网站凭据之类的敏感信息。 Bitwarden平台提供各种客户端应用程序,包括Web界面,桌面应用程序,浏览器扩展,移动应用程序和CLI。

在这篇文章中,我将显示使用Docker和Portainer在自主托管服务器上安装Bitwarden的所有步骤。 



您需要满足几个要求:

  • DNS记录:创建DNS记录,以将其指向自托管服务器公共IP。
  • 在您的Self Hosted Linux服务器上安装Docker。 
  • 已安装Nginx和Portainer Dockers。 Certbot已安装在Nginx Docker中。此帖子中列出了详细步骤: //blog.fabiandinkins.com/2021/03/install-certbot-on-debian-docker-to.html
  • CERTBOT已被用来为Portainer申请证书。 portainer正在使用子域的HTTPS上运行。 
  • 确保防火墙/云实例访问列表到打开端口8000

启动位点Docker.

以下是运行步骤:
  • 拉贝德伦包  
  • Docker. 在Self Hosted Server中运行最新的Bitwardenrs Docker版本。
Docker. 图片: Bitwardenrs / Server:最新
Docker. Hub url: //ift.tt/35G7Ok6
命令在Selfored Server中运行:
[[email protected] /]# docker pull Bitwardenrs / Server:最新
latest: Pulling from bitwardenrs/server
a076a628af6f: Pull complete
59dc56021c8b: Pull complete
3ff63ec7cf6a: Pull complete
e3df552e5bc3: Pull complete
b1cb9364e73d: Pull complete
b46d9f70e046: Pull complete
8c3e54e3c958: Pull complete
62f84183e518: Pull complete
Digest: sha256:1cc26a5754dff74dd9df95bbbb79af168cd21dfbd83f627ea72c85fa5852ef15
Status: Downloaded newer image for Bitwardenrs / Server:最新
docker.io/Bitwardenrs / Server:最新
[[email protected] /]#  mkdir /bw-data
mkdir: cannot create directory ‘/bw-data’: File exists
[[email protected] /]# docker run -d --name bitwarden -v /bw-data/:/data/ -p 8000:80 Bitwardenrs / Server:最新
5e2d4b2085905db66cf663ec32604785a6718e6b917f09382f7984ea962d8f08
[[email protected] /]# docker ps
CONTAINER ID        IMAGE                          COMMAND                  CREATED             STATUS                             PORTS                                      NAMES
5e2d4b208590        Bitwardenrs / Server:最新      "/usr/bin/dumb-init …"   54 seconds ago      Up 52 seconds (health: starting)   3012/tcp, 0.0.0.0:8000->80/tcp             bitwarden
3a4767f0c009        johnyan2/nginx1netsec:latest   "nginx -g 'daemon of…"   7 days ago          Up 7 days                          0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   nginx
90212707d5a6        portainer/portainer-ce         "/portainer"             7 days ago          Up 7 days                          8000/tcp, 0.0.0.0:9000->9000/tcp           portainer
[[email protected] /]# 

验证位点Docker服务 

检查Portainer Web GUI的Docker状态:


访问HTTP端口8000以确认连接和服务状态。




使用certbox来配置nginx以使用https获取位点

Bitwarden URL必须是HTTPS,否则您将获得以下错误消息。 


在/etc/nginx/conf.d文件夹下创建bw.conf文件。它可以从portainer.conf复制。

[email protected]:/# cd /etc/nginx/conf.d/
[email protected]:/etc/nginx/conf.d# cp portainer.conf bw.conf
[email protected]:/etc/nginx/conf.d# ls 
bw.conf  default.conf  portainer.conf
[email protected]:/etc/nginx/conf.d# cat bw.conf 
server {
    listen       80;
    server_name  bw.51sec.org;

location / {
    proxy_pass       http://140.238.153.62:8000;
    proxy_redirect             off;
    proxy_http_version         1.1;
    proxy_set_header Upgrade   $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host      $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}
[email protected]:/etc/nginx/conf.d# 

运行CertBot以获取BW.51Sec.org的证书并修改BW.conf配置以使用证书。

可以从POST找到命令“CERTBOT -NGINX”的输出: //ift.tt/3ctumGx

[email protected]:/# cd /etc/nginx/conf.d
[email protected]:/etc/nginx/conf.d# 
[email protected]:/etc/nginx/conf.d# certbot --nginx
[email protected]:/etc/nginx/conf.d# 
[email protected]:/etc/nginx/conf.d# cat bw.conf
server {
    listen       80;
    server_name  bw.51sec.org;

location / {
    proxy_pass       http://140.238.153.62:8000;
    proxy_redirect             off;
    proxy_http_version         1.1;
    proxy_set_header Upgrade   $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host      $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/bw.51sec.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/bw.51sec.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
[email protected]:/etc/nginx/conf.d# service nginx restart


Verify //bw.fabiandinkins.com is working. 

现在我们可以为此帐户创建帐户和桅杆密码:

登录位点网GUI:



禁用创建帐户

创建所需的帐户后,您可能希望禁用创建帐户函数以减少其他未知人员的用量。我们可以使用Portainer的重复/编辑按钮将一个环境变量添加到设置中。

将环境变量“signups_allowed”设置为false。 

命令行将此环境变量添加到Docker运行中:

[email protected]:/# docker run -d --name Bitwarden \
-e SIGNUPS_ALLOWED=false \
-v /bw-data/:/data/ \
-p 8000:80 \
Bitwardenrs / Server:最新













来自Blogger. http://blog.fabiandinkins.com/2021/03/using-dockerportainer-to-install-open.html

经过 Jon.

发表评论