Aller au contenu

Vaultwarden

Vaultwarden

Prérequis

Ajouter une source

Bash
1
nano /etc/apk/repositories

Ajouter la ligne

Text Only
1
@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing

Mettre à jour

Bash
1
2
apk update
apk -U upgrade

Installation

Bash
1
apk add --update vaultwarden@testing vaultwarden-web-vault@testing

Démarrer le service

Bash
1
2
rc-service vaultwarden start
rc-update add vaultwarden

Nginx

Installation

Bash
1
apk add --update nginx

Configuration

nginx.conf

Bash
1
2
mv /etc/nginx/nginx.conf /etc/nginx/[old]-nginx.conf
nano /etc/nginx/nginx.conf
Text Only
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
user nginx;
worker_processes auto;

# Configures default error logger.
error_log /var/log/nginx/error.log warn; # Log warn, error, crit, alert, emerg

events {
    # The maximum number of simultaneous connections that can be opened by a worker process.
    worker_connections 1024; # increase if you need more connections
}

http {
    # server_names_hash_bucket_size controls the maximum length
    # of a virtual host entry (ie the length of the domain name).
    server_names_hash_bucket_size   64; # controls the maximum length of a virtual host entry (ie domain name)
    server_tokens                   off; # hide who we are, don't show nginx version to clients
    sendfile                        off; # can cause issues

    # nginx will find this file in the config directory set at nginx build time
    # Includes mapping of file name extensions to MIME types of responses
    include mime.types;

    # fallback in case we can't determine a type
    default_type application/octet-stream;

    # buffering causes issues, disable it
    # increase buffer size. still useful even when buffering is off
    proxy_buffering off;
    proxy_buffer_size 4k;

    # allow the server to close the connection after a client stops responding. Frees up socket-associated memory.
    reset_timedout_connection on;

    # Specifies the main log format.
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
            '$status $body_bytes_sent "$http_referer" '
            '"$http_user_agent" "$http_x_forwarded_for"';

    # Sets the path, format, and configuration for a buffered log write.
    # Buffer log writes to speed up IO, or disable them altogether
    access_log /var/log/nginx/access.log main buffer=16k;
    #access_log off;

    # Include files with config snippets into the root context.
    include conf.d/*.conf;

    # Includes virtual hosts configs.
    include http.d/*.conf;
}

vaultwarden.conf

Bash
1
2
mv /etc/nginx/http.d/default.conf /etc/nginx/http.d/default.conf.old
nano /etc/nginx/http.d/vaultwarden.conf
Text Only
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
server {
    listen 80;
    listen [::]:80;

    server_name localhost;

    root /usr/share/webapps/vaultwarden-web;

    index index.php index.html index.htm;

    location ~ \.php$ {
        # the following line needs to be adapted, as it changes depending on OS distributions and PHP versions
        #fastcgi_pass unix:/run/php-fpm82/php-fpm.sock;
        fastcgi_pass 127.0.0.1:9000;

        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;

        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
}

Démarrer le service

Bash
1
2
rc-service nginx start
rc-update add nginx

Configuration

Pour fermer les inscriptions sur le serveur :

Bash
1
nano /etc/conf.d/vaultwarden
Text Only
1
export SIGNUPS_ALLOWED=false