背景
1Password 在尼日利亚价差优惠没有,Family Annual 1 Year ¥498 属实有些贵,同事们都推荐 Vaultwarden。
Vaultwarden 与 Bitwarden 的关系:
前置准备
- 一台 Debian 12 VPS(建议 1C/1G 起步即可,家用绰绰有余)
- 一个域名,例如 vault.example.com,在 DNS 服务商把 A 记录指向 VPS 公网 IP
- 一个 SMTP 邮箱(用于邀请家人、找回密码),推荐 Resend
环境初始化
apt update && apt upgrade -y
adduser evan && \
usermod -aG sudo evan
apt install -y curl ca-certificates
timedatectl set-timezone Asia/Shanghai
curl -fsSL https://get.docker.com | sh
systemctl enable --now docker
usermod -aG docker evan
部署 Vaultwarden + Caddy
su evan && cd && \
mkdir -p ~/vaultwarden && cd ~/vaultwarden && \
mkdir -p vw-data caddy-data caddy-config
vim docker-compose.yml
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: unless-stopped
environment:
DOMAIN: ${DOMAIN}
ADMIN_TOKEN: ${ADMIN_TOKEN}
# EXPERIMENTAL_CLIENT_FEATURE_FLAGS: "ssh-agent-v2,ssh-key-vault-item"
SIGNUPS_ALLOWED: "false"
SMTP_HOST: "smtp.resend.com"
SMTP_FROM: ${SMTP_FROM}
SMTP_PORT: "465"
SMTP_SECURITY: "force_tls"
SMTP_USERNAME: "resend"
SMTP_PASSWORD: ${SMTP_PASSWORD}
deploy:
resources:
limits:
cpus: '0.5'
memory: 512M
volumes:
- ./vw-data:/data
networks: [internal]
caddy:
image: caddy:2
container_name: caddy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- ./caddy-data:/data
- ./caddy-config:/config
networks: [internal]
networks:
internal:
driver: bridge
vim .env
DOMAIN="https://vault.lizhi.dev"
SMTP_FROM="vault@notify.lizhi.dev"
SMTP_PASSWORD="re_ArLMVTZ5_F6f9J7QL4ZvsujG4fGm34GHP"
ADMIN_TOKEN='$argon2id$v=19$m=65540,t=3,p=4$OhgDeYazJhgmzIWBIRx+wSNlbIZg1yuN7WsvOgfUKrk$EUv0j+9CphudSOMNjR91yblkI+hvVCr72y1shNIfVTw'
vim Caddyfile
vault.lizhi.dev {
encode zstd gzip
reverse_proxy vaultwarden:80
}
docker compose up -d
docker compose logs -f
部署完成
可以登录 https://vault.lizhi.dev/admin 邀请家人了。
SSH Agent 设置
lsof -U | grep bitwarden-ssh-agent
~/Library/Containers/com.bitwarden.desktop/Data/.bitwarden-ssh-agent.sock
SSH_AUTH_SOCK=~/.bitwarden-ssh-agent.sock ssh-add -l
echo “$SSH_AUTH_SOCK”
– EOF –