Vaultwarden

[TOC]

# Vaultwarden 简介
[Vaultwarden Wiki](https://github.com/dani-garcia/vaultwarden/wiki)
[Vaultwarden](https://github.com/dani-garcia/vaultwarden)是一个非官方的[Bitwarden](https://bitwarden.com)服务器实现，用Rust编写。它与官方Bitwarden客户端兼容，是不希望运行官方资源密集型服务的自托管部署的理想选择。
《Vaultwarden》面向个人、家庭和小型组织。主要对大型组织有用的功能(例如单点登录、目录同步等)的开发不是优先考虑的，尽管实现这些功能的高质量pr将受到欢迎。

# Vaultwarden 与 Bitwarden 区别
- Vaultwarden 社区版、个人版，免费，功能没有商业的全
- Bitwarden，商业版，收费，功能更全

# 多端使用支持
支持下列终端，具体可见**[Bitwarden官网](https://bitwarden.com)**

- web端
- chrome插件
- windows
- linux
- Mac
- android
- IOS

# 搭建 Vaultwarden
本文中用`docker-compose`方式搭建

## docker-compose.yaml
```
---
version: '3'
services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: always
    ports:
      - 5151:80
      - 5152:33481
    environment:
      ADMIN_TOKEN: 9fd9fcad71af9f8b738fc431b868cf58
      SIGNUPS_ALLOWED: 'true'
      INVITATIONS_ALLOWED: 'true'
      SMTP_DEBUG: 'true'
      LOG_FILE: /data/vaultwarden.log
    volumes:
      - ./data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
```

## nginx配置
```
server {
    listen 80;
    listen [::]:80;
    server_name password.xxx.com;
    rewrite ^(.*)$ https://${host}$1 permanent;
}

server {
# reference https://gist.github.com/eizedev/06a6727dc341745a4845fe04ccc97b05
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

server_name password.xxx.com;

ssl_certificate /etc/nginx/tls/xxx.com.pem;
    ssl_certificate_key /etc/nginx/tls/xxx.com.key;
#    ssl_certificate /usr/syno/etc/certificate/system/default/ECC-fullchain.pem;
#    ssl_certificate_key /usr/syno/etc/certificate/system/default/ECC-privkey.pem;
#    ssl_trusted_certificate /usr/syno/etc/certificate/system/default/ECC-fullchain.pem;
    add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload" always;

location / {
        proxy_connect_timeout 15;
        proxy_read_timeout 15;
        proxy_send_timeout 15;
        proxy_intercept_errors off;
        proxy_http_version 1.1;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://localhost:5151;
    }
    location /notifications/hub {
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_pass http://localhost:5152;
    }

location /notifications/hub/negotiate {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://localhost:5151;
    }

error_page 403 404 500 502 503 504 @error_page;

location @error_page {
        root /usr/syno/share/nginx;
        rewrite (.*) /error.html break;
        allow all;
    }
}
```

# 使用
## web端使用
直接在浏览器访问页面即可

## 安卓端使用问题
安卓手机使用报错
```
An error has occurred.

Exception message: java.security.ce.rt.CertPathValidationException: Trust anchor for certification path not found.
```
这个与证书有关

解决方案：
此报错是由于nginx，使用的证书不是fullchain的缘故，当我直接用fullchain.cer后，android端可以正常进入了。

参考：
https://www.reddit.com/r/Bitwarden/comments/pq5cgh/android_app_error_trust_anchor_for_certification/

## LDAP用户同步
此步骤测试暂未成功，但是看官方wiki上是有这种功能的
https://github.com/dani-garcia/vaultwarden/wiki/Syncing-users-from-LDAP

导航

最近发表

友情链接