配置
- 创建文件路径:mkdir -p /data/tools/bitwarden
- 创建 docker-compose:
vim /data/tools/bitwarden/docker-compose.yml写入下面内容 - docker-compose
- 文件映射在 /data/tools/bitwarden/vaultwarden
yaml
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: unless-stopped
ports:
- "6666:80"
- "3012:3012"
volumes:
- /data/tools/bitwarden/:/data
- /data/nginx/certs:/ssl:ro
environment:
- ADMIN_TOKEN=Y3x6DXZ82CKqksC54iP8
- WEBSOCKET_ENABLED=true
- PUSH_RELAY_URI=https://api.bitwarden.eu
- PUSH_IDENTITY_URI=https://identity.bitwarden.eu
- SIGNUPS_ALLOWED=false
- ROOT_URL=https://www.camellia.ac.cn
- DOMAIN=https://www.camellia.ac.cn
- TZ=Asia/Shanghai
dns: # 添加 DNS 配置
- 8.8.8.8
- 114.114.114.114- nginx
vim /etc/nginx/conf.d/www.camellia.ac.cn.conf写入一下内容sudo nginx -t检查 nginx 配置语法sudo nginx -s reload重新加载nginx- 这里的 websocket 目的是实时同步,一段修改后,另一端立刻同步
cfg
# Bitwarden/Vaultwarden Configuration
# Domain: www.camellia.ac.cn
# Service: Vaultwarden (Password Manager)
# Backend: 127.0.0.1:6666
# HTTP to HTTPS redirect
server {
listen 80;
listen [::]:80;
server_name www.camellia.ac.cn;
return 301 https://$host$request_uri;
}
# HTTPS configuration
server {
listen 443 ssl http2;
server_name www.camellia.ac.cn;
# SSL certificates
ssl_certificate /data/nginx/certs/fullchain.pem;
ssl_certificate_key /data/nginx/certs/camellia.ac.cn.key;
# Main application - 处理所有常规请求
location / {
proxy_pass http://127.0.0.1:6666;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket 升级头
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# WebSocket for notifications - 处理 WebSocket 连接
location /notifications/hub {
proxy_pass http://127.0.0.1:3012;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# WebSocket 协商端点 - 必须代理到 HTTP 端口
location /notifications/hub/negotiate {
proxy_pass http://127.0.0.1:6666;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}- 测试:
- websocket
bashcurl -i -N \ -H "Connection: Upgrade" \ -H "Upgrade: websocket" \ -H "Host: www.camellia.ac.cn" \ -H "Origin: https://www.camellia.ac.cn" \ https://www.camellia.ac.cn/notifications/hub
数据
默认数据是下面的,这个是刚启动状态,说明还没有任何数据
bash
[root@k8s-master tools]# ls -alh vaultwarden/
total 304K
drwxr-xr-x 6 root root 4.0K Feb 7 18:17 .
drwxr-xr-x 5 root root 4.0K Feb 7 18:17 ..
drwxr-xr-x 2 root root 4.0K Feb 7 18:17 attachments
-rw-r--r-- 1 root root 244K Feb 7 18:17 db.sqlite3
-rw-r--r-- 1 root root 32K Feb 7 18:17 db.sqlite3-shm
-rw-r--r-- 1 root root 0 Feb 7 18:17 db.sqlite3-wal
drwxr-xr-x 2 root root 4.0K Feb 7 18:17 icon_cache
-rw-r--r-- 1 root root 1.7K Feb 7 18:17 rsa_key.pem
drwxr-xr-x 2 root root 4.0K Feb 7 18:17 sends
drwxr-xr-x 2 root root 4.0K Feb 7 18:17 tmp使用
- 通过域域名/admin 可以访问管理页面,传入 docker-compose.yml 中的 ADMIN_TOKEN 即可