8

Bitwarden(vaultwarden)如何在非Docker环境下安装使用

 2 years ago
source link: https://zhangrr.github.io/posts/20211027-bitwarden/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

为什么会有非 Docker 环境这个怪字眼呢?

无他,因为满网搜索到的教程都是在 Docker 环境下安装使用。

但是穷啊,八戒的 vps 是个单核 500m 的 justhost 机器,便宜的很,这种廉价机器来跑 Docker,基本要占100M,跑不太动。

这种一穷二白的环境,就只能把 Bitwarden 从容器里拆出来用。

好在 Bitwarden_rs 是一个 rust 程序,占内存(16M左右)和cpu极少,本身就适合在 systemd 环境下跑。

这里就利用 vaultwarden 和 traefik,在一台老破小服务器上运行。

系统环境是 CentOS 7.9

步骤如下:

一、下载bitwarden(vaultwarden)

wget https://github.com/dani-garcia/vaultwarden/archive/refs/tags/1.23.0.tar.gz
shell

二、安装cargo并编译(可选)

yum install -y epel-release
yum install -y openssl-devel cargo

cd vaultwarden-1.23.0
cargo build --release --features sqlite
shell

直接爆错啊,小小的 vps 连编译都过不去,编译进程都被 kill 掉了

image-20211027144917206

三、下载vaultwarden主文件

编译不通,就只能想别的办法了。Faint

找一台有 docker 机器,从里面把文件都解析出来好了

docker pull vaultwarden/server:alpine
docker create --name vw vaultwarden/server:alpine
docker cp vw:/vaultwarden .
docker cp vw:/web-vault .
docker rm vw
shell

这样会得到一个可执行文件 vaultwarden 和一个目录 web-vault

我们把这两个东西都挪到 /opt/vaultwarden 目录下,并且建立 data 文件夹,用来存放要生成的 sqlite3 数据文件。

mkdir -p /opt/vaultwarden/data
mv vaultwarden /opt/vaultwarden
mv web-vault /opt/vaultwarden
shell

四、生成systemd启动文件

注意,下面我们设置了 vaultwarden ROCKET_ADDRESS 的监听地址是 127.0.0.1 ,一是为了安全,二是为了下一步我们搭建 traefik,来反代 vaultwarden 用的;因为访问 vaultwarden 必须要加证书,而它本身是没有这个功能的,必须前置一个 nginx 或者 haproxy 或者 traefik 或者 carddy。

cat << EOF >> /etc/systemd/system/vaultwarden.service 
[Unit]
Description=Bitwarden

[Service]
Type=simple
Restart=always
Environment="ROCKET_ADDRESS=127.0.0.1"
WorkingDirectory=/opt/vaultwarden
ExecStart=/opt/vaultwarden/vaultwarden

[Install]
WantedBy=local.target
EOF

五、配置traefik

wget https://github.com/traefik/traefik/releases/download/v2.4.8/traefik_v2.4.8_linux_amd64.tar.gz
tar zxvf traefik_v2.4.8_linux_amd64.tar.gz

mkdir -p /opt/traefik/dynamic
mv traefik /opt/traefik

生成traefik配置文件,利用 traefik 自动申请 Let’s encrypt 证书

cat << EOF >> /opt/traefik/traefik.yml
log:
  level: DEBUG
  
api:
  insecure: false
  dashboard: true

entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
  https:
    address: ":443"

certificatesResolvers:
  letsEncrypt:
    acme:
      storage: /opt/traefik/acme.json
      email: [email protected]
      tlsChallenge: {}
      httpChallenge:
        entryPoint: http

providers:
  file:
    directory: /opt/traefik/dynamic
    watch: true

配置 vaultwarden 代理

cat << EOF >> /opt/traefik/dynamic/pass.yml
http:
  routers:
    https_01:
      rule: "Host(`xxx.rendoumi.com`)"
      service: svc_01
      tls:
        certresolver: letsEncrypt
    http_01:
      rule: "Host(`xxx.rendoumi.com`)"
      service: svc_01
      entryPoints:
        - http
  services:
    svc_01:
      loadBalancer:
        servers:
          - url: "http://localhost:8000"
EOF

设置 traefik 的 systemd 启动文件

cat << EOF >> /etc/systemd/system/traefik.service 
[Unit]
Description=traefik

[Service]
Type=simple
Restart=always
WorkingDirectory=/export/servers/traefik
ExecStart=/export/servers/traefik/traefik

[Install]
WantedBy=local.target
EOF

五、启动vaultwarden和traefik

systemctl daemon-reload
systemctl enable --now vaultwarden
systemctl enable --now traefik

打开页面,我们就成功的用一台老破小搭建了自己的密码管理服务器!!!

image-20211027152237848


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK