Vaultwarden Server

使用代码片段，基于Docker-compose.yml快速启动一个KMS Server 服务器

代码片段^Snippet

– 实践并收集整理的一些代码片段助你快速运维

Step.1 环境要求

安装了Docker以及Docker-Compsoe，Docker Compose version v2.x+
本片段不包含Nginx相关安装，由用户自行选择
注意配置好docker-compose.yml 相关数据库密码以及端口，端口如空闲可以保持不变
附带了 Nginx配置，如使用Nginx注意修改域名，证书位置等相关信息; 一般情况下配置位置存放于/etc/nignx/conf.d/

Step.2 存放位置

docker-compose.yml存放在目标文件夹内，如/userdata/kms/docker-compose.yml cd进目录后运行：

docker-compose up -d

Step.3 开放端口

相应配置相关Web服务器代理即可，实例片段中禁止了Admin管理路径；
如需进入Admin后台，只需在防火墙针对你的IP开放8089端口，注意不是全部开放，只是对自己的IP开放，之后即可使用服务器IP:8089/admin 即可访问控制台，操作完成随即关闭端口！

docker-compose.yml 文件内容如下：

YAML

version: "3.7"

networks:
  vaultwarden:
    external: false

services:
 vaultwarden_mariadb:
  image: "mariadb:latest"
  container_name: "vaultwarden_mariadb"
  hostname: "vaultwarden_mariadb"
  restart: always
  networks:
   - vaultwarden
  volumes:
   - "./mysql:/var/lib/mysql"
   - "/etc/localtime:/etc/localtime:ro"
  environment:
   - "TZ=Asia/Shanghai"
   - "MYSQL_ROOT_PASSWORD=YOUR_ROOT_PASSWORD"
   - "MYSQL_PASSWORD=YOUR_USER_PASSWORD"
   - "MYSQL_DATABASE=vaultwarden"
   - "MYSQL_USER=vaultwarden"

 vaultwarden:
  image: "vaultwarden/server:latest"
  container_name: "vaultwarden"
  hostname: "vaultwarden"
  restart: always
  networks:
   - vaultwarden
  volumes:
   - "./data:/data/"
   - "/etc/localtime:/etc/localtime:ro"
  environment:
   - "TZ=Asia/Shanghai"
   - "DATABASE_URL=mysql://vaultwarden:YOUR_USER_PASSWORD@vaultwarden_mariadb/vaultwarden"
   - "ADMIN_TOKEN=YOUR_VAULTWARDEN_ADMIN_PASSWORD"
   - "RUST_BACKTRACE=1"
   - "WEBSOCKET_ENABLED=true"
  ports:
   - "8089:80"
   - "3012:3012"
  depends_on:
   - vaultwarden_mariadb

Nginx your-domain.conf 配置文件内容如下

Nginx

#设置http重定向到https
server
     {
       listen 80;
       server_name your-domain;
       rewrite ^/(.*)$ https://your-domain/$1 permanent;
}

#主要https设置
server
     {
       listen 443 ssl http2;
       server_name your-domain;

       # SSL证书
       ssl_certificate cert/your-domain.pem;
       ssl_certificate_key cert/your-domain.key;

       # 会话恢复
       ssl_session_timeout 1d;
       ssl_session_cache shared:MozSSL:10m;
       ssl_session_tickets off;

       # 允许大附件
       client_max_body_size 128M;

       # Nginx 超时
       proxy_connect_timeout       600;
       proxy_send_timeout          600;
       proxy_read_timeout          600;
       send_timeout                600;

       location / {
         proxy_pass http://127.0.0.1:8089;
         proxy_http_version 1.1;
         proxy_set_header   Upgrade $http_upgrade;
         proxy_set_header   Connection keep-alive;
         proxy_set_header   Host $host;
         proxy_set_header   X-Real-IP $remote_addr;
         proxy_set_header   X-Forwarded-Proto $scheme;
         proxy_set_header   REMOTE-HOST $remote_addr;
         proxy_set_header   X-Forwarded-For $http_add_x_forwarded_for;
       }

      location /notifications/hub {
         proxy_pass http://127.0.0.1:3012;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
       }

      location /notifications/hub/negotiate {
         proxy_pass http://127.0.0.1:8089;
       }

       # ADMIN_TOKEN 公网禁止访问
       location /admin {
         return 404;
       }


}