私有化部署bitwarden

docker部分

#!/bin/bash

NAME="bitwarden"
PUID="1000"
PGID="1000"

PORT1="10080"
PORT2="13012"

VOLUME="yourpath"
mkdir -p $VOLUME 

docker ps -q -a --filter "name=$NAME" | xargs -I {} docker rm -f {}
docker run \
  --env PUID=$PUID \
  --env PGID=$PGID \
  --hostname $NAME \
  --name $NAME \
  -p $PORT1:80 \
  -p $PORT2:3012 \
  -v $VOLUME:/data/ \
  --detach \
  --restart always \
  vaultwarden/server:latest

nginx部分

server {
  listen 443 ssl http2;
  server_name your_domain;

  # bitwarden
  location / {
    proxy_pass http://127.0.0.0.1:10080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
  location /notifications/hub {
    proxy_pass http://127.0.0.0.1:13012;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }
  location /notifications/hub/negotiate {
    proxy_pass http://127.0.0.0.1:10080;
  }
}

上面是有安全隐患的,可以直接通过域名扫到,我们可以添加一个随机前缀(只有你自己知道)

注意proxy_pass后面要多个/

server {
  listen 443 ssl http2;
  server_name bw.coder4.com;

  # bitwarden
  location /random_str/ {
    proxy_pass http://127.0.0.1:10080/;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
  location /random_str/notifications/hub {
    proxy_pass http://127.0.0.1:13012/;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }
  location /random_str/notifications/hub/negotiate {
    proxy_pass http://127.0.0.1:10080/;
  }
}

 

Leave a Reply

Your email address will not be published.