Warning: count(): Parameter must be an array or an object that implements Countable in /www/wwwroot/blog.cloudwai.com/usr/plugins/AMP/Action.php on line 388
vaultwarden密码管理器安装以及备份

云外博客 | 步入云端探索未知奥秘

vaultwarden密码管理器安装以及备份

一、安装docker

1、终端输入

curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun

二、拉取镜像

#拉取镜像
docker pull vaultwarden/server:latest
#启动容器
docker run -d --name vaultwarden  -v /root/vaultwarden/:/data/ -p 6270:80 vaultwarden/server:latest

2.1、自定义路径及端口方法(把XX替换成你要的端扣)

docker run -d --name vaultwarden \
 -v /xx/vaultwarden/:/data/ \
 -p xx:80 \
vaultwarden/server:latest

2.2、谷歌插件里面添加插件到游览器

https://chrome.google.com/webstore/detail/bitwarden-free-password-m/nngceckbapebfimnlniiiahkandclblb

三、反代域名并开启https

3.1、安装nginx

## debian
apt install nginx

3.2、设置开机启动

systemctl enable nginx

3.3、启动服务

systemctl start nginx

3.4、停止服务

systemctl restart nginx

3.5、重新加载

systemctl reload nginx

3.6、修改/etc/nginx/nginx.conf,添加如下:

# http
    server {
        listen       80;
        listen  [::]:80;
        server_name  bitwarden.example.com; ##域名
       ##防止搜索引擎收录
       if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot|^$") {  
        return 404;
            }
        location / { # 访问80端口后的所有路径都转发到 proxy_pass 配置的ip中
            root   /usr/share/nginx/html;
            index  index.html index.htm;

##如果使用cf加速就换成302
         return 301 https://bitwarden.example.com; ##域名
            
        }
    }


# https
 server {
        listen       443 ssl http2;
        listen  [::]:443 ssl http2;
        server_name  bitwarden.example.com; ##域名
           if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot|^$") {  
        return 404;
        }
        #启用HSTS
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; 

        ssl_certificate /path/to/ssl/cert;

        ssl_certificate_key /path/to/cert/key;

        keepalive_timeout   70;

        # OCSP stapling
        ssl_stapling        on;

        ssl_stapling_verify on;
##填入你机器的DNS
        resolver 8.8.8.8;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

             location / {
             root   /usr/share/nginx/html;
#            index  index.html index.htm;



               proxy_set_header Host $host;

               proxy_set_header X-Real-IP $remote_addr;

               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

               proxy_set_header X-Forwarded-Proto $scheme;

               proxy_set_header X-Forwarded-Port $server_port;

               proxy_pass http://localhost:xxxx; ##端口
              
      }
  }

保存并退出,重启nginx:

systemctl restart nginx

3.7、检查nginx 是否正确:

nginx -t

四、打开IP:端口(或域名)注册账号


五、关闭注册

docker run -d --name vaultwarden \
 -e SIGNUPS_ALLOWED=false \ #关闭注册
 -v /root/vaultwarden/:/data/ \
 -p 6270:80 \
vaultwarden/server:latest

5.1、其他命令

- SIGNUPS_ALLOWED=false #开启注册,自己注册后改成false
- SIGNUPS_DOMAINS_WHITELIST=gmail.com,qq.com #将注册限制为某些电子邮件域名
- SIGNUPS_VERIFY=true #要求新注册的用户在成功登录前进行电子邮件验证
- INVITATIONS_ALLOWED=false #禁止邀请用户
- SHOW_PASSWORD_HINT=false #关闭密码提示

配置上传谷歌云盘

一、安装rclone

curl https://rclone.org/install.sh | sudo bash
1.1、新建挂载
#配置webdav
rclone config
#新建
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
#名称
name> googledrive
##选择网盘
Option Storage.
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value.
1 / 1Fichier
\ "fichier"
2 /
Alias for an existing remote \ "alias" 3 / Amazon Drive \ "amazon cloud drive" 4 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, Digital Ocean, Dreamhost, IBM COS, Minio, SeaweedFS, and Tencent COS \ "s3" 5 / Backblaze B2 \ "b2" 6 / Better checksums for other remotes \ "hasher" 7 / Box \ "box" 8 / Cache a remote \ "cache" 9 / Citrix Sharefile \ "sharefile" 10 / Compress a remote \ "compress" 11 / Dropbox \ "dropbox" 12 / Encrypt/Decrypt a remote \ "crypt" 13 / Enterprise File Fabric \ "filefabric" 14 / FTP Connection \ "ftp" 15 / Google Cloud Storage (this is not Google Drive) \ "google cloud storage" 16 / Google Drive \ "drive" 17 / Google Photos \ "google photos" 18 / Hadoop distributed file system \ "hdfs" 19 / Hubic \ "hubic" 20 / In memory object storage system. \ "memory" 21 / Jottacloud \ "jottacloud" 22 / Koofr \ "koofr" 23 / Local Disk \ "local" 24 / Mail.ru Cloud \ "mailru" 25 / Mega \ "mega" 26 / Microsoft Azure Blob Storage \ "azureblob" 27 / Microsoft OneDrive \ "onedrive" 28 / OpenDrive \ "opendrive" 29 / OpenStack Swift (Rackspace Cloud Files, Memset Memstore, OVH) \ "swift" 30 / Pcloud \ "pcloud" 31 / Put.io \ "putio" 32 / QingCloud Object Storage \ "qingstor" 33 / SSH/SFTP Connection \ "sftp" 34 / Sia Decentralized Cloud \ "sia" 35 / Sugarsync \ "sugarsync" 36 / Tardigrade Decentralized Cloud Storage \ "tardigrade" 37 / Transparently chunk/split large files \ "chunker" 38 / Union merges the contents of several upstream fs \ "union" 39 / Uptobox \ "uptobox" 40 / Webdav \ "webdav" 41 / Yandex Disk \ "yandex" 42 / Zoho \ "zoho" 43 / http Connection \ "http" 44 / premiumize.me \ "premiumizeme" 45 / seafile \ "seafile" Storage> 16 ##选Google网盘 ###然后会要求输入OAuth client ID,包含client_id、client_secret Option client_id. Google Application Client Id Setting your own is recommended. See https://rclone.org/drive/#making-your-own-client-id for how to create your own. If you leave this blank, it will use an internal key which is low performance. Enter a string value. Press Enter for the default (""). client_id> 填入ID Option client_secret. OAuth Client Secret. Leave blank normally. Enter a string value. Press Enter for the default (""). client_secret> 填入密钥 ## 然后要选择Rclone对Google Drive网盘文件的操作权限: ###建议选1(完全访问所有文件,不包括应用程序数据文件夹) Option scope. Scope that rclone should use when requesting access from drive. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value. 1 / Full access all files, excluding Application Data Folder. \ "drive" 2 / Read-only access to file metadata and file contents. \ "drive.readonly" / Access to files created by rclone only. 3 | These are visible in the drive website. | File authorization is revoked when the user deauthorizes the app. \ "drive.file" / Allows read and write access to the Application Data folder. 4 | This is not visible in the drive website. \ "drive.appfolder" / Allows read-only access to file metadata but 5 | does not allow any access to read or download file content. \ "drive.metadata.readonly" scope> 1 ##接下来一直N Use auto config? * Say Y if not sure * Say N if you are working on a remote or headless machine y) Yes (default) n) No y/n> n ### 因为新版谷歌改变了规则 所以需要自己去下载一个rclone 到本地 Option config_verification_code. Verification code Go to this URL, authenticate then paste the code here. https://xxxxxxx“config_verification_code”。 Enter a string value. Press Enter for the default (""). config_verification_code> 在此填入“config_verification_code”。
1.2、因为新版谷歌改变了规则 所以需要自己去下载一个rclone 到本地安装
https://rclone.org/downloads/
1.3、打开终端,进入到此目录后执行
rclone authorize “drive” 
1.4、授权成功会提示如下:

1.5、如果失败 可能是网络问题(windows cmd 没办法走代理)

## socks5
set http_proxy=socks5://127.0.0.1:1080
set https_proxy=socks5://127.0.0.1:1080
## http
set http_proxy=http://127.0.0.1:1080
set https_proxy=http://127.0.0.1:1080
1.6、复制授权 code,输入到 rclone 中、接下来 rclone 会询问是否为团队盘
Configure this as a Shared Drive (Team Drive)?
 
y) Yes
n) No (default)
###团队盘就选Y 个人 N
1.7、此时配置就已经结束了,退出 clone,开始挂载。

二、 挂载 Google Drive

2.1、首先新建一个文件夹用于挂载:
mkdir home/googledrive
2.2、开始挂载(两种挂载方法 我选的第一 )

1、挂载1

#挂载
rclone mount <网盘名称:网盘路径> <本地路径> [参数] --daemon
#取消挂载
fusermount -qzu <本地路径>
##示例
rclone mount googledrive: /home/googledrive --allow-other --allow-non-empty --vfs-cache-mode writes --daemon

2、挂载 2

rclone mount <配置的云盘名称>:<要挂载的云盘目录> <作为挂载点的本地目录> \
  --umask 0000 \
  --default-permissions \
  --allow-non-empty \
  --allow-other \
  --attr-timeout 5m \
  --transfers 4 \
  --buffer-size 32M \
  --low-level-retries 200 \
  --vfs-read-chunk-size 32M \
  --vfs-read-chunk-size-limit 128M \
  --vfs-cache-mode full \
  --vfs-cache-max-age 24h \
  --vfs-cache-max-size 10G \
  --daemon

注释:

参数说明
–allow-other允许非当前rclone用户外其它用户进行访问
–attr-timeout 5m文件属性缓存,(大小,修改时间等)的时间。如果VPS
–vfs-cache-mode full开启VFS文件缓存,可减少rclone与API交互,同时可提高文件读写效率
–vfs-cache-max-age 24hVFS文件缓存时间,这里设置24小时,如果文件很少更改,建议设置更长时间
–vfs-cache-max-size 10GVFS文件缓存上限大小,请根据服务器剩余磁盘自行调节
–vfs-read-chunk-size-limit 100M分块读取大小,这里设置的是100M,可提高文件读的效率,比如1G的文件,大致分为10个块进行读取,但与此同时API请求次数也会增多
–buffer-size 32M该参数为读取每个文件时的内存缓冲区大小,控制rclone上传和挂载的时候的内存占用,调低点可以防止内存占用过高而崩溃,但太低可能会影响部分文件的传输速度,请根据服务器内存大小自行设置
–low-level-retries该参数为传输文件没速度的时候重试次数,没速度的时候,单个会自动睡眠10ms起,然后再重试,不行,再睡眠更长一段时间,再重试,这样可以稍微加快文件上传进度
–transfers该参数控制最大同时传输任务数量,如果你cpu性能差,建议调低,但太低可能会影响多个文件同时传输的速度
–daemon后台运行程序
2.3、然后输入 df -h 命令
#查看挂载情况
df -h
2.4、失败请安装这个
# Debian/Ubantu
apt-get update && apt-get install -y fuse
# CentOS
yum install -y fuse

六、开机自动挂载

1、下载并编辑自启脚本
wget -N git.io/rcloned && nano rcloned
1.2、修改内容:
NAME="googledrive" #Rclone配置时填写的name
REMOTE='/bitwarden_backup'  #远程文件夹,网盘里的挂载的一个文件夹,留空为整个网盘
LOCAL='/home/googledrive'  #挂载地址,VPS本地挂载目录
1.3、设置开机自启
mv rcloned /etc/init.d/rcloned
chmod +x /etc/init.d/rcloned
 
# Debian/Ubuntu
update-rc.d -f rcloned defaults
 
# CentOS
chkconfig rcloned on
bash /etc/init.d/rcloned start
1.4、管理
#开始挂载
bash /etc/init.d/rcloned start
#停止挂载
bash /etc/init.d/rcloned stop
#重新挂载
bash /etc/init.d/rcloned restart
#查看日志
tail -f /$HOME/.rclone/rcloned.log
1.5、卸载自动挂载
bash /etc/init.d/rcloned stop
 
# Debian/Ubuntu
update-rc.d -f rcloned remove
 
# CentOS
chkconfig rcloned off
rm -f /etc/init.d/rcloned
2、打包整个bitwarden_data文件夹备份:

本地新建一个sh文件:vaultwarden.sh

#! /bin/bash
#本地挂载路径
backupDir=/home/googledrive/vaultwarden/
#备份的文件夹名
backupFilePath=/root/vaultwarden/
#仅保留多少天数据
days=60
 
re="bitwarden_data_(.*)[.]tar[.]gz"
 
#备份今天的文件
tar -czvPf ${backupDir}/vaultwarden$(date +%Y%m%d).tar.gz $backupFilePath
 
delDay=$(date +"%Y%m%d" -d "-$days days")
delTimestamp=`date -d "$delDay" +%s` 
 
 
for file in ${backupDir}/*
do
    if [[ $(basename $file) == bitwarden_data_*.tar.gz ]];
        then
        if [[ $file =~ $re ]];
            then
            fileTime=${BASH_REMATCH[1]}
            fileTimestamp=`date -d $fileTime +%s`
            if [ $fileTimestamp -le $delTimestamp ]
                then
                    echo " delete $file"
                    rm -rf $file
            fi
        fi
    fi
done

七、设置定时 备份

1、打开终端
crontab -e
2、设置定时
## 6.30 备份一次
30 */6 * * * ./vaultwarden.sh

八、上传坚果云

1、坚果云后端创建一个备份应用,点击进入 账户信息 - 安全选项,然后点击下面的添加应用,随便填写一个名字,然后复制生成的应用密码,最后在坚果云根目录下创建一个目录名为 vaultwarden 作为我们后续的同步文件夹

2、跟上面谷歌云一样的操作

3、选对应的编号

4、按顺序操作
#配置webdav
rclone config
#新建
n
#创建webdav,数字可能会变动
46
#输入坚果云webdav地址
https://dav.jianguoyun.com/dav/
#输入webdav类型,这里选择5 其他
5
#输入坚果云的用户名
xxx
#选择密码类型,这里选y,自己输入密码
y
#输入坚果云生成的密码
xxx
#然后一路回车结束
5、跟谷歌云盘一样
## 新建目录
mkdir /home/vaultwarden
## 手动挂载
rclone mount jianguoyun:vaultwarden /home/vaultwarden --allow-other --allow-non-empty --vfs-cache-mode writes --daemon

当前页面是本站的「Google AMP」版。查看和发表评论请点击:完整版 »

因本文不是用Markdown格式的编辑器书写的,转换的页面可能不符合AMP标准。