Centos下安装部署Vaultwarden和Caddy1

Bitwarden的一个开放项目Vaultwarden基于rust编写, 可以使用Bitwarden的浏览器插件然后配置使用自建的服务器.

Caddy比nginx配置更简单自动SSL方便, teddy有编译好直接拿来用.

 注意:小内存编译需要4GB的swap

配套资料

官方资源页面: https://bitwarden.com/download/

Windows桌面软件: https://vault.bitwarden.com/download/?app=desktop&platform=windows
MacOS APP安装: https://itunes.apple.com/app/bitwarden/id1352778147
Chrome插件: https://chrome.google.com/webstore/detail/bitwarden-free-password-m/nngceckbapebfimnlniiiahkandclblb
Firefox插件: https://addons.mozilla.org/firefox/addon/bitwarden-password-manager/
微软EDGE插件: https://microsoftedge.microsoft.com/addons/detail/jbkfoedolllekgbhcbcoahefnbanhhlh

#定义参数
DOMAIN='vault.Server.com';
PREFIX='/opt/vault/';
VERSION='2.24.1';

#yum安装需要的包
yum -y -q install epel-release
yum -y -q install wget git gcc tar sqlite-devel openssl-devel certbot

#安装rust
wget https://sh.rustup.rs -O rs.sh
sh rs.sh -y
source  ~/.cargo/env
rustup update

#从github获取源码进行安装
cd /tmp
git clone https://github.com/dani-garcia/vaultwarden
cd vaultwarden
cargo build --features sqlite --release
strip ./target/release/vaultwarden 
install  target/release/vaultwarden /usr/bin/
chmod +x /usr/bin/vaultwarden

#获取vaultwarden的web文件
mkdir -p ${PREFIX}/data/
#wget https://github.com/dani-garcia/bw_web_builds/releases/download/v${VERSION}/bw_web_v${VERSION}.tar.gz -O - | tar xz -C ${PREFIX}
wget $(curl -Ss https://api.github.com/repos/dani-garcia/bw_web_builds/releases/latest |grep browser_download_url | cut -d '"' -f 4) -O - | tar xz -C ${PREFIX}

#生成vaultwarden配置参数
cat>${PREFIX}/vaultwarden.env<<EOF
#ADMIN_TOKEN=$(openssl rand -base64 48)
SIGNUPS_ALLOWED=true
WEBSOCKET_ENABLED=true
WEBSOCKET_ADDRESS=127.0.0.1
WEBSOCKET_PORT=3012
ROCKET_ADDRESS=127.0.0.1
ROCKET_PORT=8000
EOF

#生成vaultwarden的systemctl管理
cat>/etc/systemd/system/vaultwarden.service<<EOF
[Unit]
Description=Bitwarden Server (Rust Edition)
Documentation=https://github.com/dani-garcia/vaultwarden
After=network.target

[Service]
User=root
Group=root
EnvironmentFile=${PREFIX}/vaultwarden.env
ExecStart=/usr/bin/vaultwarden
LimitNOFILE=1048576
LimitNPROC=64
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=strict
WorkingDirectory=${PREFIX}
ReadWriteDirectories=${PREFIX}
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target
EOF

#安装caddy 1
wget -c https://dl.lamp.sh/files/caddy_linux_amd64 -O /usr/bin/caddy 
chmod +x /usr/bin/caddy 
chown -R nobody:root /usr/bin/caddy
mkdir /etc/caddy/

#生成caddy服务
cat>/usr/lib/systemd/system/caddy.service<<EOF
[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs
After=network.target

[Service]
User=caddy
Group=caddy
Environment=CADDYPATH=/var/lib/caddy
EnvironmentFile=-/etc/caddy/envfile
ExecStartPre=/usr/bin/caddy -conf /etc/caddy/caddy.conf -validate
ExecStart=/usr/bin/caddy -conf /etc/caddy/caddy.conf -root /tmp -agree
ExecReload=/usr/bin/kill -USR1 $MAINPID
KillMode=mixed
KillSignal=SIGQUIT
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectHome=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target
EOF

#生成caddy配置
cat>/etc/caddy/caddy.conf<<EOF
http://${DOMAIN}  {
  redir https://${DOMAIN}  {uri}
  }
https://${DOMAIN}  {
    gzip
    browse
    timeouts none
    tls admin@${DOMAIN} 
    header / {
      Strict-Transport-Security "max-age=31536000;"
     }
    proxy /notifications/hub/negotiate 127.0.0.1:8000 {
        transparent
        header_upstream -Origin
    }
    proxy /notifications/hub 127.0.0.1:3012 {
        websocket
        header_upstream -Origin
    }
    proxy / 127.0.0.1:8000 {
        transparent
        header_upstream -Origin
    }
}
import conf.d/*.conf
EOF

#启动服务
systemctl daemon-reload
systemctl enable vaultwarden.service
systemctl restart vaultwarden.service
systemctl enable caddy.service
systemctl restart caddy.service

 

teddysun有编译好的也能直接拿来用.

wget -c https://dl.lamp.sh/files/caddy_linux_amd64 -O /usr/bin/caddy 
chmod +x /usr/bin/caddy 
chown -R nobody:root /usr/bin/caddy

cat>/usr/lib/systemd/system/caddy.service<<EOF
[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs
After=network.target

[Service]
User=caddy
Group=caddy
Environment=CADDYPATH=/var/lib/caddy
EnvironmentFile=-/etc/caddy/envfile
ExecStartPre=/usr/bin/caddy -conf /etc/caddy/caddy.conf -validate
ExecStart=/usr/bin/caddy -conf /etc/caddy/caddy.conf -root /tmp -agree
ExecReload=/usr/bin/kill -USR1 $MAINPID
KillMode=mixed
KillSignal=SIGQUIT
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectHome=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target
EOF

 

nginx反向代理配置方案 (SSL自行配置)

server {
    listen 80;
    #root /opt/vault/;
    server_name 域名;
 location /admin { return 404; }
  location / {
    proxy_pass http://127.0.0.1:8000;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
  location /notifications/hub {
    proxy_pass http://127.0.0.1:3012;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }
  location /notifications/hub/negotiate { proxy_pass http://127.0.0.1:8000; }
}

 

添加新评论 »