为什么写这篇文章,因为1Password实在是太贵了。Bitwarden自建密码存储系统确实可以完美替代1Password等付费的密码管理服务,另外 vaultwarden 支持官方付费才能实现的服务。
1.安装使用
1.1 准备
首先把自己的域名解析到服务器上,因为用caddy,不用自己去申请证书就可以https。
1.2 安装
1 | apt install docker-compose |
创建两个文件。
vi docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27version: '3'
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: always
environment:
- WEBSOCKET_ENABLED=true # Enable WebSocket notifications.
volumes:
- ./vw-data:/data
caddy:
image: caddy:2
container_name: caddy
restart: always
ports:
- 6666:80 # Needed for the ACME HTTP-01 challenge.
- 443:443
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- ./caddy-config:/config
- ./caddy-data:/data
environment:
- DOMAIN=https://mima.liuvv.com # Your domain.
- EMAIL=levonfly@gmail.com # The email address to use for ACME registration.
- LOG_FILE=/data/access.logvi Caddyfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27{$DOMAIN}:443 {
log {
level INFO
output file {$LOG_FILE} {
roll_size 10MB
roll_keep 10
}
}
# Use the ACME HTTP-01 challenge to get a cert for the configured domain.
tls {$EMAIL}
# This setting may have compatibility issues with some browsers
# (e.g., attachment downloading on Firefox). Try disabling this
# if you encounter issues.
encode gzip
# Notifications redirected to the WebSocket server
reverse_proxy /notifications/hub vaultwarden:3012
# Proxy everything else to Rocket
reverse_proxy vaultwarden:80 {
# Send the true remote IP to Rocket, so that vaultwarden can put this in the
# log, so that fail2ban can ban the correct IP.
header_up X-Real-IP {remote_host}
}
}启动和退出
1 | docker-compose up -d |
1.3 使用
在网页,手机,桌面版,点击设置的齿轮,就可以输入自己的服务器URL,注册一个账号,登录即可。
2. 移植
- 安装走一遍
- 域名解析换掉
- 拷贝vm-data下的
dq.sqlite3和icon_cace - 重启docker
3. 备份
自动备份到dropbox失败,因为部署的小破服务器无法翻Q。
