自建vaultwarden
安装
docker pull vaultwarden/server:latest
docker run -d --name vaultwarden \
-v /vw-data/:/data/ \
--restart=always \
-p 10008:80 \
-p 3012:3012 \
-e WEBSOCKET_ENABLED=true \
-e SIGNUPS_ALLOWED=false \
-e DOMAIN=https://warden.93220447.xyz/ \
-e SIGNUPS_ALLOWED=false \
vaultwarden/server:latestDOMAIN可以使用二级目录
反代
nginx配置文件,也可以使用cf的origin rule 反代,这里不做演示
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 1024;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
gzip on;
# access_log /root/nginx.log;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name warden.93220447.xyz;
ssl_certificate /root/ca/ca.cert; # 你的域名证书路径
ssl_certificate_key /root/ca/private.key; # 你的域名私钥路径
underscores_in_headers on;
gzip on; # 开启gzip压缩
gzip_min_length 1k; # 设置对数据启用压缩的最少字节数
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 6; # 设置数据的压缩等级,等级为1-9,压缩比从小到大
gzip_types text/plain text/css text/javascript application/json application/javascript application/x-javascript application/xml; # 设置需要压缩的数据格式
gzip_vary on;
location / {
proxy_pass http://127.0.0.1:10008;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /notifications/hub {
proxy_pass http://127.0.0.1:3012;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
listen 80;
listen [::]:80;
location /.well-known/ {
root /var/www/html;
}
location / {
rewrite ^(.*)$ https://$host$1 permanent;
}
}
}
若使用二级目录需要修改location为 /vault/
vaultwarden配置备份
#!/bin/bash
filename="vaultwarden-$(date +%F).tar.gz"
source_dir="/vw-data"
temp_dir="/tmp/bitwarden_backup"
# 复制目标文件夹到临时文件夹
cp -r "$source_dir" "$temp_dir"
# 打包临时文件夹
tar czf "$filename" -C "$temp_dir" .
# 上传文件
webdav_username="webdav_username"
webdav_password="webdav_password"
webdav_url="https://host/dav/warden-backup/"
telegram_bot_token="botID:xxx"
telegram_chat_id="telegram_chat_id"
response=$(curl -u "$webdav_username:$webdav_password" -T "$filename" -s -w "%{http_code}" "$webdav_url")
sleep 2
echo "curl HTTP状态码:$response"
if [[ $response == 201 || $response == 204 ]]; then
# 发送Telegram通知
message="Bitwarden备份已上传成功!文件名:$filename"
curl -s -X POST "https://tg.xavi.eu.org/bot$telegram_bot_token/sendMessage" -d "chat_id=$telegram_chat_id&text=$message"
# 删除备份文件
rm "$filename"
else
# 上传失败,输出错误信息
echo "上传失败,HTTP状态码:$response"
fi
ex_date=$(date -d "30 days ago" +%F)
ex_filename="vaultwarden-$ex_date.tar.gz"
curl -X DELETE -u "$webdav_username:$webdav_password" -s -o /dev/null -w "%{http_code}" "$webdav_url$ex_filename"
# 删除临时文件夹和打包文件
rm -rf "$temp_dir" "$filename"