Add-on for browser example

https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/

Web site

Start

mkdir -p /docker/vaultwarden
docker run --detach --name "vaultwarden" -p 8078:80 -v /docker/vaultwarden:/data vaultwarden/server

Update

docker pull vaultwarden/server
docker stop "vaultwarden"
docker rm "vaultwarden"
docker run --detach --name "vaultwarden" -p 8078:80 -v /docker/vaultwarden:/data vaultwarden/server

Check logs

docker logs vaultwarden


/--------------------------------------------------------------------\
|                        Starting Vaultwarden                        |
|                           Version 1.32.2                           |
|--------------------------------------------------------------------|
| This is an *unofficial* Bitwarden implementation, DO NOT use the   |
| official channels to report bugs/features, regardless of client.   |
| Send usage/configuration questions or feature requests to:         |
|   https://github.com/dani-garcia/vaultwarden/discussions or        |
|   https://vaultwarden.discourse.group/                             |
| Report suspected bugs/issues in the software itself at:            |
|   https://github.com/dani-garcia/vaultwarden/issues/new            |
\--------------------------------------------------------------------/

[2024-10-21 16:44:46.367][start][INFO] Rocket has launched from http://0.0.0.0:80


Nginx config

server {
        listen       80;
        server_name vaultwarden.example.com;
        return 301 https://$server_name$request_uri;
        location / {
        }
    }
server {
        listen 443 ssl;
        http2  on;
        server_name vaultwarden.example.com;
        # SSL Settings
        ssl_certificate /etc/ssl/private/wildcard.pem;
        ssl_certificate_key /etc/ssl/private/wildcard.pem;
        ssl_trusted_certificate "/etc/ssl/certs/wildcard.ca";
        add_header Strict-Transport-Security 'max-age=15552000; includeSubDomains';
        ssl_protocols TLSv1.3 TLSv1.2;
        ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
        ssl_session_cache shared:SSL:20m;
        ssl_session_timeout 1h;
        ssl_prefer_server_ciphers on;
        ssl_stapling on;
        ssl_stapling_verify on;
        # Timeouts
        client_max_body_size 50G;
        client_body_timeout 600s;
        proxy_read_timeout  600s;
        proxy_send_timeout  600s;
        send_timeout        600s;
        # Set headers
        proxy_set_header Host              $http_host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        # enable websockets
        proxy_http_version 1.1;
        proxy_set_header   Upgrade    $http_upgrade;
        proxy_set_header   Connection "upgrade";
        proxy_redirect     off;
        # DNS
        resolver 1.1.1.1 8.8.4.4 valid=300s;
        resolver_timeout 5s;
        location / {
         proxy_pass http://127.0.0.1:8078;
        }
}



  • No labels

Site may be often unavailable due to Russian invasion, but you can Help Ukraine