[记录]便捷部署bitwarden_rs/vaultwarden:从docker提取二进制

Bitwarden Server的开源Rust实现(新版本已经改名vaultwarden),编译后的二进制没有外部依赖,社区不提供编译好的二进制,但是提供了docker,本文是建立在提取docker内的二进制的基础上。

我使用的环境是Proxmox VE(PVE),你可以根据自己的情况变通;点击右上角,创建CT,使用Alpine模板,硬盘默认2G就足够,内存512MB即可。

准备工作

使用命令lxc-attach vmid进入容器,下载docker官方提供的镜像下载脚本,并安装依赖:

cd /opt
wget https://raw.githubusercontent.com/moby/moby/master/contrib/download-frozen-image-v2.sh
chmod +x download-frozen-image-v2.sh
apk add jq bash

下载编译好的web-valut压缩包

mkdir -p /opt/bitwarden
cd /opt/bitwarden
wget https://github.com/dani-garcia/bw_web_builds/releases/download/v2.24.1/bw_web_v2.24.1.tar.gz
tar axvf bw_web_v2.24.1.tar.gz
web-vault/
web-vault/version.json
web-vault/theme_head.7428b587c0d095edfc0f.js
web-vault/duo-connector.html
...

下载镜像

打开镜像地址:https://hub.docker.com/layers/vaultwarden/server,点进对应的镜像,找到sha256记下来,等下要用:
v1.png

查看构建记录,下拉找到图片上圈红的两行,分别是二进制vaultwarden文件和web-vault,后面只使用这里的vaultwarden,因为web-vault通常不是最新的,所以前面单独下载了一次。
v2.png

执行前面准备好的脚本:

cd /opt
mkdir docker
./download-frozen-image-v2.sh docker vaultwarden/server:[email protected]:dab7911877ae2a9d3beeb3f973659743e38ea0ce458bb32c1f10fdccbf8c427b
Downloading 'vaultwarden/server:[email protected]:dab7911877ae2a9d3beeb3f973659743e38ea0ce458bb32c1f10fdccbf8c427b' (7 layers)...
-#O#-  #    #
####################################################################################################### 100.0%
-#O#-  #    #
...

去下载文件里找想要的文件:

cd /opt/docker
du -sh ./*
8.0K    ./188631f3d3020d5c21e37174b980529ba4fb8ed3fdf10a2cfffd9e8ef689eb5f.json
2.3M    ./385c5c6f8dd14464d0fb63fd9611b4bf00907cbd7cceb57a89f2cf50e62e36bd
16.0K   ./5820341a98cd4d9a504d58b2d7d939022e815d5e6951fed6588fad503fd037b2
8.3M    ./77a25c7436c58dc518bea6c86ce15d1b3a5bd200078eb751deb15e3f81c81d3c
8.3M    ./833d2ef4fc618d818535db10f113cb6375bb104a9c61fc6485e7221bf3e9526a
...

根据大小判断应该是77a25c7或者833d2ef,分别进入目录执行tar axvf layer.tar:

cd 77a25c7436c58dc518bea6c86ce15d1b3a5bd200078eb751deb15e3f81c81d3c/
tar axvf layer.tar
web-vault/
web-vault/.nojekyll
web-vault/404/
web-vault/404.html
web-vault/404/bootstrap.min.css
web-vault/404/font-awesome.min.css
web-vault/404/styles.css
···

cd 833d2ef4fc618d818535db10f113cb6375bb104a9c61fc6485e7221bf3e9526a/
tar axvf layer.tar
vaultwarden

找到了,是833d2ef,复制vaultwarden到想要放置的位置:

cp vaultwarden /opt/bitwarden/

部署和配置

基本上需要配置的不多,默认使用sqlite数据库,没啥特殊的不用调整:

cd /opt/bitwarden
mkdir data
wget https://raw.githubusercontent.com/dani-garcia/vaultwarden/main/.env.template -O .env
./vaultwarden
/--------------------------------------------------------------------\
|                        Starting Vaultwarden                        |
|                           Version 1.23.0                           |
|--------------------------------------------------------------------|
| This is an *unofficial* Bitwarden implementation, DO NOT use the   |
| official channels to report bugs/features, regardless of client.   |
| Send usage/configuration questions or feature requests to:         |
|   https://vaultwarden.discourse.group/                             |
| Report suspected bugs/issues in the software itself at:            |
|   https://github.com/dani-garcia/vaultwarden/issues/new            |
\--------------------------------------------------------------------/

[2021-10-30 15:14:09.050][vaultwarden][INFO] Private key created correctly.
[2021-10-30 15:14:09.050][vaultwarden][INFO] Public key created correctly.
Running migration 20180114171611
Running migration 20180217205753
...
[2021-10-30 15:14:09.124][start][INFO] Rocket has launched from http://0.0.0.0:8000

剩下的跟着Wiki调整就可以了:https://github.com/dani-garcia/vaultwarden/wiki/Configuration-overview

配置开启启动

vi /etc/init.d/vaultwarden 输入:

#!/sbin/openrc-run

depend() {
    use logger dns
    need net
    after firewall
}

start() {
    ebegin "Starting bitwarden rust server"
    start-stop-daemon -S -b -m -p /var/run/vaultwarden.pid -x /opt/bitwarden/vaultwarden -d /opt/bitwarden/
    eend $?
}

stop() {
    ebegin "Stopping bitwarden rust server"
    start-stop-daemon --stop --pidfile /var/run/vaultwarden.pid
    eend $?
}

Alpine下的启动控制:

rc-update add vaultwarden
rc-status
rc-service vaultwarden start

后记

更新的话可以重新提取二进制,替换掉,重启服务就可以了。目前vaultwarden的更新都是向下兼容的,我跟着更新了几个版本暂时没有出问题。

标签: docker, bitwarden, rust, vaultwarden

添加新评论