新建 bitwarden 文件夹,根据步骤执行后的完整目录结构如下:
新建 ssl 文件夹,并将证书文件放入 ssl 文件夹
新建 nginx 文件夹,新建 default.conf 配置文件
server {
listen 80;
listen 443 ssl http2;
server_name test.woscc.com; # 根据实际情况修改!!!
ssl_certificate /data/bitwarden/ssl/test.woscc.com.pem; # 根据实际情况修改!!!
ssl_certificate_key /data/bitwarden/ssl/test.woscc.com.key;# 根据实际情况修改!!!
ssl_session_cache shared:le_nginx_SSL:1m;
ssl_session_timeout 1440m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
# Allow large attachments
client_max_body_size 128M;
location / {
proxy_pass <http://bitwarden:80>;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
在 bitwarden 文件夹下新建 docker-compose.yml 文件
version: '3'
services:
bitwarden:
image: vaultwarden/server:latest
environment:
- DOMAIN=https://test.woscc.com # 替换为实际的域名
- TZ=Asia/Shanghai
- SIGNUPS_ALLOWED=false # 关闭注册功能,首次使用需要设置为 true,后面再关闭
nginx:
image: nginx:latest
ports:
- 80:80
- 443:443
volumes:
- ./ssl:/data/bitwarden/ssl
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf
