私有化部署bitwarden

Leave a reply

docker部分

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
#!/bin/bash
NAME="bitwarden"
PUID="1000"
PGID="1000"
PORT1="10080"
PORT2="13012"
VOLUME="yourpath"
mkdir -p $VOLUME
docker ps -q -a --filter "name=$NAME" | xargs -I {} docker rm -f {}
docker run \
--env PUID=$PUID \
--env PGID=$PGID \
--hostname $NAME \
--name $NAME \
-p $PORT1:80 \
-p $PORT2:3012 \
-v $VOLUME:/data/ \
--detach \
--restart always \
vaultwarden/server:latest
#!/bin/bash NAME="bitwarden" PUID="1000" PGID="1000" PORT1="10080" PORT2="13012" VOLUME="yourpath" mkdir -p $VOLUME docker ps -q -a --filter "name=$NAME" | xargs -I {} docker rm -f {} docker run \ --env PUID=$PUID \ --env PGID=$PGID \ --hostname $NAME \ --name $NAME \ -p $PORT1:80 \ -p $PORT2:3012 \ -v $VOLUME:/data/ \ --detach \ --restart always \ vaultwarden/server:latest
#!/bin/bash

NAME="bitwarden"
PUID="1000"
PGID="1000"

PORT1="10080"
PORT2="13012"

VOLUME="yourpath"
mkdir -p $VOLUME 

docker ps -q -a --filter "name=$NAME" | xargs -I {} docker rm -f {}
docker run \
  --env PUID=$PUID \
  --env PGID=$PGID \
  --hostname $NAME \
  --name $NAME \
  -p $PORT1:80 \
  -p $PORT2:3012 \
  -v $VOLUME:/data/ \
  --detach \
  --restart always \
  vaultwarden/server:latest

nginx部分

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
server {
listen 443 ssl http2;
server_name your_domain;
# bitwarden
location / {
proxy_pass http://127.0.0.0.1:10080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /notifications/hub {
proxy_pass http://127.0.0.0.1:13012;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /notifications/hub/negotiate {
proxy_pass http://127.0.0.0.1:10080;
}
}
server { listen 443 ssl http2; server_name your_domain; # bitwarden location / { proxy_pass http://127.0.0.0.1:10080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /notifications/hub { proxy_pass http://127.0.0.0.1:13012; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /notifications/hub/negotiate { proxy_pass http://127.0.0.0.1:10080; } }
server {
  listen 443 ssl http2;
  server_name your_domain;

  # bitwarden
  location / {
    proxy_pass http://127.0.0.0.1:10080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
  location /notifications/hub {
    proxy_pass http://127.0.0.0.1:13012;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }
  location /notifications/hub/negotiate {
    proxy_pass http://127.0.0.0.1:10080;
  }
}

上面是有安全隐患的,可以直接通过域名扫到,我们可以添加一个随机前缀(只有你自己知道)

注意proxy_pass后面要多个/

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
server {
listen 443 ssl http2;
server_name bw.coder4.com;
# bitwarden
location /random_str/ {
proxy_pass http://127.0.0.1:10080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /random_str/notifications/hub {
proxy_pass http://127.0.0.1:13012/;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /random_str/notifications/hub/negotiate {
proxy_pass http://127.0.0.1:10080/;
}
}
server { listen 443 ssl http2; server_name bw.coder4.com; # bitwarden location /random_str/ { proxy_pass http://127.0.0.1:10080/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /random_str/notifications/hub { proxy_pass http://127.0.0.1:13012/; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /random_str/notifications/hub/negotiate { proxy_pass http://127.0.0.1:10080/; } }
server {
  listen 443 ssl http2;
  server_name bw.coder4.com;

  # bitwarden
  location /random_str/ {
    proxy_pass http://127.0.0.1:10080/;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
  location /random_str/notifications/hub {
    proxy_pass http://127.0.0.1:13012/;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }
  location /random_str/notifications/hub/negotiate {
    proxy_pass http://127.0.0.1:10080/;
  }
}

 

您可能也喜欢如下文章:

  1. Nginx根据url中的path动态转发到upstream
  2. 在nginx后部署gitbook
  3. MySQL受限环境打压
  4. RocketMQ受限环境打压
  5. 建立加密的Docker私有仓库

Leave a Reply

Your email address will not be published. Required fields are marked *