参考自:https://www.cnblogs.com/bfbz/p/13025077.html
Docker方式安装
#获取镜像
docker pull bitwardenrs/server:latest
#生成管理员Token
openssl rand -base64 48
#运行镜像,映射到本地/data/bw-data/目录,端口映射为3001
docker run -d --name bitwarden -e ADMIN_TOKEN=生成的Token -v /data/bw-data/:/data/ -p 3001:80 bitwardenrs/server:latest
Nginx配置
要使用https才能登录,替换里面证书和域名IP为你自己的,看好证书路径对应上。(我用的宝塔,直接设置个反向代理即可)
server {
listen 80; #填写绑定证书的域名
server_name bitwarden.test.com;
#把http的域名请求转成https
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name bitwarden.*;
# Specify SSL config if using a shared one.
#include conf.d/ssl/ssl.conf;
#证书文件名称
ssl_certificate conf.d/ssl/1_bitwarden.test.com_bundle.crt;
#私钥文件名称
ssl_certificate_key conf.d/ssl/2_bitwarden.test.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
# Allow large attachments
client_max_body_size 128M;
location / {
proxy_pass http://IP:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /notifications/hub {
proxy_pass http://IP:3012;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /notifications/hub/negotiate {
proxy_pass http://IP:3001;
} # Optionally add extra authentication besides the AUTH_TOKEN
# If you don't want this, leave this part out
location /admin { # See: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
#auth_basic "Private";
#auth_basic_user_file /path/to/htpasswd_file;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://IP:3001;
}
}使用
上述操作完成后访问https://bitwarden.test.com/admin进行管理员操作,要输入设置的Token。