一、准备步骤
域名注册 xxx.com
在cloudflare添加dns解析A记录,关闭代理小云朵
二、ubuntu服务器安装Docker
sudo apt-get update
sudo apt-get install \
ca-certificates \
curl \
gnupg \
lsb-release
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io
apt-cache madison docker-ce
sudo apt-get install docker-ce=<VERSION_STRING> docker-ce-cli=<VERSION_STRING> containerd.io
NOW, we should be ready to go!
三、安装Docker容器下密码管理器应用Bitwarden
docker run -d --name bitwardenrs \ --restart unless-stopped \ -e WEBSOCKET_ENABLED=true \ -v /XXXXX/bitwarden/:/data/ \ -p 5115:80 \ -p 3012:3012 \ vaultwarden/server:latest
四、宝塔面板实现Bitwarden转发并SSL加密签名
- 在宝塔面板添加注册的域名xxx.com,注意不添加数据库,PHP版本设置为静态
- 在SSL选项中选择Let’s Encrypt,按屏幕提示点击完成申请,最后打开强制Https
- 在配置文件中,从location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$行开始全部替换,直至access_log /www/wwwlogs/xxx.com.log(此行不要替换);
# location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
# {# expires 30d;
# error_log /dev/null;
# access_log /dev/null;
# }
# location ~ .*\.(js|css)?$
# {
# expires 12h;
# error_log /dev/null;
# access_log /dev/null;
# }
location / {
proxy_pass http://127.0.0.1:5115/;
rewrite ^/(.*)$ /$1 break;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade-Insecure-Requests 1;
proxy_set_header X-Forwarded-Proto https;
}
http://127.0.0.1:5115/根据自己需要替换,这篇文章中Bitwarden的外部端口设置为5115,故如此设置。保存刷新,应该可以看到Bitwarden网站正常访问了。这样做的好处是隐藏了容器应用的真实端口,实现了SSL签名,增加了安全性,并且没有端口更加好记!
0 条评论