Add basic vaultwarden installation
This commit is contained in:
27
vaultwarden/acme.sh
Executable file
27
vaultwarden/acme.sh
Executable file
@@ -0,0 +1,27 @@
|
||||
curl https://get.acme.sh | sh -s email=liu.tianyu93@hotmail.com
|
||||
|
||||
DOMAIN="vw.jamesvillage.dev"
|
||||
SSL_PATH=$HOME/.config/ssl/$DOMAIN
|
||||
mkdir -p $SSL_PATH
|
||||
|
||||
export NAMECHEAP_USERNAME="james77676166"
|
||||
export NAMECHEAP_API_KEY="afcbbc60dcf8431cb0529db06b4dfac7"
|
||||
export NAMECHEAP_SOURCEIP="188.245.147.192"
|
||||
|
||||
$HOME/.acme.sh/acme.sh --issue --dns dns_namecheap -d $DOMAIN \
|
||||
--fullchain-file "$SSL_PATH/fullchain.cer" \
|
||||
--key-file "$SSL_PATH/privkey.key" \
|
||||
--reloadcmd "cat $SSL_PATH/privkey.key $SSL_PATH/fullchain.cer > $SSL_PATH/fullchain.pem"
|
||||
|
||||
cp vaultwarden_sample_haproxy vaultwarden
|
||||
|
||||
# sed -i \
|
||||
# -e "s|my_domain\.tld|$DOMAIN|g" \
|
||||
# -e "s|/path/to/certificate/letsencrypt/live/vaultwarden\.example\.tld/fullchain\.pem|$SSL_PATH/fullchain.cer|g" \
|
||||
# -e "s|/path/to/certificate/letsencrypt/live/vaultwarden\.example\.tld/privkey\.pem|$SSL_PATH/privkey.key|g" \
|
||||
# vaultwarden
|
||||
|
||||
sudo mv vaultwarden /etc/nginx/sites-available
|
||||
sudo ln -s /etc/nginx/sites-available/vaultwarden /etc/nginx/sites-enabled
|
||||
sudo systemctl reload nginx
|
||||
|
||||
43
vaultwarden/deploy.sh
Executable file
43
vaultwarden/deploy.sh
Executable file
@@ -0,0 +1,43 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
CONTAINER_NAME="vaultwarden"
|
||||
PORT="8885"
|
||||
DOMAIN="https://vw.jamesvillage.dev"
|
||||
|
||||
DATA_FOLDER="$HOME/.local/share/vaultwarden/data"
|
||||
mkdir -p $DATA_FOLDER
|
||||
|
||||
systemctl --user stop container-$CONTAINER_NAME.service
|
||||
|
||||
# if podman container exists "$CONTAINER_NAME"; then
|
||||
# echo "Stop and delete existing container $CONTAINER_NAME"
|
||||
# if podman inspect -f '{{.State.Running}}' "$CONTAINER_NAME" | grep -q true; then
|
||||
# podman stop "$CONTAINER_NAME"
|
||||
# fi
|
||||
# podman rm "$CONTAINER_NAME"
|
||||
# fi
|
||||
|
||||
podman create \
|
||||
--name vaultwarden \
|
||||
--restart=unless-stopped \
|
||||
-e DOMAIN=$DOMAIN \
|
||||
-e SHOW_PASSWORD_HINT=false \
|
||||
-p $PORT:80 \
|
||||
-v $DATA_FOLDER:/data \
|
||||
docker.io/vaultwarden/server:latest
|
||||
|
||||
podman generate systemd \
|
||||
--new \
|
||||
--name $CONTAINER_NAME \
|
||||
--files \
|
||||
--restart-policy=always
|
||||
|
||||
USER_SYSTEMD="$HOME/.config/systemd/user"
|
||||
mkdir -p $USER_SYSTEMD
|
||||
cp container-$CONTAINER_NAME.service $USER_SYSTEMD
|
||||
systemctl --user daemon-reload
|
||||
systemctl --user enable --now container-$CONTAINER_NAME.service
|
||||
|
||||
sudo loginctl enable-linger $USER
|
||||
66
vaultwarden/vaultwarden_sample
Normal file
66
vaultwarden/vaultwarden_sample
Normal file
@@ -0,0 +1,66 @@
|
||||
# The `upstream` directives ensure that you have a http/1.1 connection
|
||||
# This enables the keepalive option and better performance
|
||||
#
|
||||
# Define the server IP and ports here.
|
||||
upstream vaultwarden-default {
|
||||
zone vaultwarden-default 64k;
|
||||
server 127.0.0.1:8885;
|
||||
keepalive 2;
|
||||
}
|
||||
|
||||
# Needed to support websocket connections
|
||||
# See: https://nginx.org/en/docs/http/websocket.html
|
||||
# Instead of "close" as stated in the above link we send an empty value.
|
||||
# Else all keepalive connections will not work.
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' "";
|
||||
}
|
||||
|
||||
# Redirect HTTP to HTTPS
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name my_domain.tld;
|
||||
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
# For older versions of nginx appended http2 to the listen line after ssl and remove `http2 on`
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name my_domain.tld;
|
||||
|
||||
# Specify SSL Config when needed
|
||||
ssl_certificate /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/fullchain.pem;
|
||||
ssl_certificate_key /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/privkey.pem;
|
||||
ssl_trusted_certificate /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/fullchain.pem;
|
||||
#add_header Strict-Transport-Security "max-age=31536000;";
|
||||
|
||||
client_max_body_size 525M;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
location / {
|
||||
proxy_pass http://vaultwarden-default;
|
||||
}
|
||||
|
||||
# Optionally add extra authentication besides the ADMIN_TOKEN
|
||||
# Remove the comments below `#` and create the htpasswd_file to have it active
|
||||
#
|
||||
#location /admin {
|
||||
# # See: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
|
||||
# auth_basic "Private";
|
||||
# auth_basic_user_file /path/to/htpasswd_file;
|
||||
#
|
||||
# proxy_pass http://vaultwarden-default;
|
||||
#}
|
||||
}
|
||||
66
vaultwarden/vaultwarden_sample_haproxy
Normal file
66
vaultwarden/vaultwarden_sample_haproxy
Normal file
@@ -0,0 +1,66 @@
|
||||
# The `upstream` directives ensure that you have a http/1.1 connection
|
||||
# This enables the keepalive option and better performance
|
||||
#
|
||||
# Define the server IP and ports here.
|
||||
upstream vaultwarden-default {
|
||||
zone vaultwarden-default 64k;
|
||||
server 127.0.0.1:8885;
|
||||
keepalive 2;
|
||||
}
|
||||
|
||||
# Needed to support websocket connections
|
||||
# See: https://nginx.org/en/docs/http/websocket.html
|
||||
# Instead of "close" as stated in the above link we send an empty value.
|
||||
# Else all keepalive connections will not work.
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' "";
|
||||
}
|
||||
|
||||
# Redirect HTTP to HTTPS
|
||||
# server {
|
||||
# listen 80;
|
||||
# listen [::]:80;
|
||||
# server_name my_domain.tld;
|
||||
|
||||
# return 301 https://$host$request_uri;
|
||||
# }
|
||||
|
||||
server {
|
||||
# For older versions of nginx appended http2 to the listen line after ssl and remove `http2 on`
|
||||
listen 127.0.0.1:80;
|
||||
# listen [::]:80;
|
||||
# server_name my_domain.tld;
|
||||
|
||||
# Specify SSL Config when needed
|
||||
# ssl_certificate /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/fullchain.pem;
|
||||
# ssl_certificate_key /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/privkey.pem;
|
||||
# ssl_trusted_certificate /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/fullchain.pem;
|
||||
#add_header Strict-Transport-Security "max-age=31536000;";
|
||||
|
||||
client_max_body_size 525M;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
location / {
|
||||
proxy_pass http://vaultwarden-default;
|
||||
}
|
||||
|
||||
# Optionally add extra authentication besides the ADMIN_TOKEN
|
||||
# Remove the comments below `#` and create the htpasswd_file to have it active
|
||||
#
|
||||
#location /admin {
|
||||
# # See: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
|
||||
# auth_basic "Private";
|
||||
# auth_basic_user_file /path/to/htpasswd_file;
|
||||
#
|
||||
# proxy_pass http://vaultwarden-default;
|
||||
#}
|
||||
}
|
||||
Reference in New Issue
Block a user