掌柜
搭建私有密码管理服务
09/19
本文最后更新于2024年11月01日,已超过20天没有更新。如果文章内容或图片资源失效,请留言反馈,我会及时处理,谢谢!
准备
大家平时设置密码的时候,是否有一种困扰:不同的账号,设置同样又好记的密码时,又担心密码泄漏了,都受到影响。
设置不一样的密码,会积累的越来越多,记不住啊。为了安全,还是要使用强度高、复杂,而且不一样的密码,比较稳妥。密码复杂、数量多,写到文档又担心泄露。对于这个问题,我们使用一个工具来管理这些密码就好。
付费的密码管理服务、工具,建议购买使用1password。在这里,掌柜使用自己的服务器,搭建一套类似的服务,专门用来管理密码。下文,掌柜带大家搭建vaultwarden来管理密码。(1password每个月费用3刀,也就是20块这样。20块可以买台轻量级应用服务器啦。况且支付的是美元,需要visa卡才能支付,不是每个人都有的。)
先安装docker、工具等。
# 安装docker 看这里:https://www.opstea.com/archives/ins-docker.html
# 安装docker-compose
yum install docker-compose -y
pip3 install coscmd
yum install nginx -y信息链接
github链接:https://github.com/dani-garcia/vaultwarden
服务端版本: 2.21.1
wiki:https://rs.bitwarden.in/
搭建参考:https://www.258.ee/posts/baae5ba8.html
手机版客户端:https://github.com/bitwarden/mobile/releases
桌面版本客户端:https://github.com/bitwarden/desktop/releases运行服务
创建目录mkdir -p /data/app/vaultwarden/
服务的docker-compose.yml文件
cat > /data/app/vaultwarden/docker-compose.yml<<EOF
version: "3"
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: always
ports:
- "127.0.0.1:8087:80" #将宿主机8087端口映射到docker的80端口
- "127.0.0.1:3012:3012"
volumes:
- ./vw-data:/data
environment:
WEBSOCKET_ENABLED: "true" #是否开启WebSocket
SIGNUPS_ALLOWED: "true" #是否开启注册,自用的话自己搭建好注册后改成false
WEB_VAULT_ENABLED: "true" #是否开启Web客户端
#ADMIN_TOKEN: "" #后台登陆密码,建议openssl rand -base64 48 生成ADMIN_TOKEN确保安全,当前是没启用,如需启用去掉ADMIN_TOKEN前面的 # ,并生成安全密码
EOFnginx配置
一定要配置ssl 证书的。如果没有购买,可以去腾讯云申请一个免费的证书。
server {
listen 443 ssl;
server_name pw.shaoyan.pro;
ssl_certificate conf.d/ssl/pw.shaoyan.pro/fullchain.cer;
ssl_certificate_key conf.d/ssl/pw.shaoyan.pro/pw.shaoyan.pro.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8087;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
location /notifications/hub {
proxy_pass http://127.0.0.1:3012;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /notifications/hub/negotiate {
proxy_pass http://127.0.0.1:8087;
}
location /admin {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8087;
}
# 加入robots.txt 防止搜索引擎爬虫抓取
location = /robots.txt {
root /data/www/Bitwarden;
}
}备份
使用coscmd上传备份文件到腾讯云cos。测试一下上传。
$ cat .cos.upload.conf # xxx,需要自己腾讯云查看,在访问管理、以及cos桶信息能找到。
[common]
secret_id = xxx
secret_key = xxxx
bucket = backup-gz-xxx
region = ap-guangzhou
max_thread = 5
part_size = 1
retry = 5
timeout = 60
schema = https
verify = md5
anonymous = False
# 试一下上传文件
/usr/local/bin/coscmd -c /root/.cos.upload.conf upload /data/backup/vaultwarden-2021-8-31.tar.gz /vaultwarden/
备份脚本
$ cat upload_backup.sh
#!/bin/bash
today=$(date +%F)
cd /data/app
tar -zcf vaultwarden_${today}.tar.gz vaultwarden/
mv vaultwarden_${today}.tar.gz /data/backup/vaultwarden/
/usr/local/bin/coscmd -c /root/.cos.upload.conf upload -r /data/backup/vaultwarden/ /vaultwarden/
rm -f /data/backup/vaultwarden/vaultwarden_${today}.tar.gz定时任务
30 23 * * * /bin/bash /data/sh/upload_backup.sh >> /data/logs/upload_backup.log 2>&1报错
Pip 21.2.4 已经不支持python2.7,所以升级会报错。并且升级报错后,pip 安装其他也会报错。
[root@VM-16-10-centos:~]$ pip install --upgrade pip
Collecting pip
Downloading http://mirrors.tencentyun.com/pypi/packages/52/e1/06c018197d8151383f66ebf6979d951995cf495629fc54149491f5d157d0/pip-21.2.4.tar.gz (1.6MB)
100% |████████████████████████████████| 1.6MB 43.2MB/s
Complete output from command python setup.py egg_info:
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/tmp/pip-build-ICwy6S/pip/setup.py", line 7
def read(rel_path: str) -> str:
^
SyntaxError: invalid syntax
----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-ICwy6S/pip/
You are using pip version 8.1.2, however version 21.2.4 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
# 解决,可以升级到 20 版本
pip install --upgrade pip==20.2.4恢复
当需要迁移服务、或者是服务器挂了。需要重新搭建服务,并恢复数据的步骤。
- 1、先复制
docker-compose.yml - 2、启动服务
docker-compose up -d - 3、将备份的
vaultwarden文件夹,覆盖回去。然后重启服务docker-compose stop/start - 4、拷贝
nginx文件,恢复nginx - 5、恢复备份上传
cos定时任务
