mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2025-01-03 18:02:31 +01:00
Merge pull request #294 from i-ghost/feature/add-systemd-notes
Add systemd setup instructions to README.md
This commit is contained in:
commit
371017b547
1 changed files with 101 additions and 6 deletions
107
README.md
107
README.md
|
@ -45,6 +45,9 @@ _*Note, that this project is not associated with the [Bitwarden](https://bitward
|
||||||
- [Fail2Ban Filter](#fail2ban-filter)
|
- [Fail2Ban Filter](#fail2ban-filter)
|
||||||
- [Fail2Ban Jail](#fail2ban-jail)
|
- [Fail2Ban Jail](#fail2ban-jail)
|
||||||
- [Testing Fail2Ban](#testing-fail2ban)
|
- [Testing Fail2Ban](#testing-fail2ban)
|
||||||
|
- [Running with systemd-docker](#running-with-systemd-docker)
|
||||||
|
- [Setting environment variables](#setting-environment-variables)
|
||||||
|
- [Running the service](#running-the-service)
|
||||||
- [Building your own image](#building-your-own-image)
|
- [Building your own image](#building-your-own-image)
|
||||||
- [Building binary](#building-binary)
|
- [Building binary](#building-binary)
|
||||||
- [Available packages](#available-packages)
|
- [Available packages](#available-packages)
|
||||||
|
@ -70,12 +73,12 @@ Basically full implementation of Bitwarden API is provided including:
|
||||||
* Basic single user functionality
|
* Basic single user functionality
|
||||||
* Organizations support
|
* Organizations support
|
||||||
* Attachments
|
* Attachments
|
||||||
* Vault API support
|
* Vault API support
|
||||||
* Serving the static files for Vault interface
|
* Serving the static files for Vault interface
|
||||||
* Website icons API
|
* Website icons API
|
||||||
* Authenticator and U2F support
|
* Authenticator and U2F support
|
||||||
* YubiKey OTP
|
* YubiKey OTP
|
||||||
|
|
||||||
## Missing features
|
## Missing features
|
||||||
* Email confirmation
|
* Email confirmation
|
||||||
* Other two-factor systems:
|
* Other two-factor systems:
|
||||||
|
@ -379,7 +382,7 @@ docker run -d --name bitwarden \
|
||||||
-p 80:80 \
|
-p 80:80 \
|
||||||
mprasil/bitwarden:latest
|
mprasil/bitwarden:latest
|
||||||
```
|
```
|
||||||
|
|
||||||
When `SMTP_SSL` is set to `true`(this is the default), only TLSv1.1 and TLSv1.2 protocols will be accepted and `SMTP_PORT` will default to `587`. If set to `false`, `SMTP_PORT` will default to `25` and the connection won't be encrypted. This can be very insecure, use this setting only if you know what you're doing.
|
When `SMTP_SSL` is set to `true`(this is the default), only TLSv1.1 and TLSv1.2 protocols will be accepted and `SMTP_PORT` will default to `587`. If set to `false`, `SMTP_PORT` will default to `25` and the connection won't be encrypted. This can be very insecure, use this setting only if you know what you're doing.
|
||||||
|
|
||||||
### Password hint display
|
### Password hint display
|
||||||
|
@ -413,7 +416,7 @@ docker run -d --name bitwarden \
|
||||||
-v /bw-data/:/data/ \
|
-v /bw-data/:/data/ \
|
||||||
-p 80:80 \
|
-p 80:80 \
|
||||||
mprasil/bitwarden:latest
|
mprasil/bitwarden:latest
|
||||||
```
|
```
|
||||||
|
|
||||||
Note that you can also change the path where bitwarden_rs looks for static files by providing the `WEB_VAULT_FOLDER` environment variable with the path.
|
Note that you can also change the path where bitwarden_rs looks for static files by providing the `WEB_VAULT_FOLDER` environment variable with the path.
|
||||||
|
|
||||||
|
@ -491,6 +494,98 @@ If it works correctly and your IP is banned, you can unban the ip by running:
|
||||||
sudo fail2ban-client unban XX.XX.XX.XX bitwarden
|
sudo fail2ban-client unban XX.XX.XX.XX bitwarden
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Running with systemd-docker
|
||||||
|
|
||||||
|
These instructions allow you to have systemd manage the lifecycle of the docker container, if you prefer.
|
||||||
|
|
||||||
|
First, install the `systemd-docker` package using your system package manager.
|
||||||
|
This is a wrapper which improves docker integration with systemd.
|
||||||
|
|
||||||
|
For full instructions and configuration options, see the [GitHub repository](https://github.com/ibuildthecloud/systemd-docker).
|
||||||
|
|
||||||
|
As root, create `/etc/systemd/system/bitwarden.service` using your preferred editor with the following contents:
|
||||||
|
|
||||||
|
```ini
|
||||||
|
[Unit]
|
||||||
|
Description=Bitwarden
|
||||||
|
After=docker.service
|
||||||
|
Requires=docker.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
TimeoutStartSec=0
|
||||||
|
ExecStartPre=/usr/bin/docker pull mprasil/bitwarden:latest
|
||||||
|
ExecStart=/usr/bin/systemd-docker --cgroups name=systemd --env run \
|
||||||
|
-p 8080:80 \
|
||||||
|
-p 8081:3012 \
|
||||||
|
-v /opt/bw-data:/data/ \
|
||||||
|
--rm --name %n mprasil/bitwarden:latest
|
||||||
|
Restart=always
|
||||||
|
RestartSec=10s
|
||||||
|
Type=notify
|
||||||
|
NotifyAccess=all
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
```
|
||||||
|
|
||||||
|
Adjust the above example as necessary. In particular, pay attention to the `-p` and `-v` options,
|
||||||
|
as these control the port and volume bindings between the container and the host.
|
||||||
|
|
||||||
|
Explanation of options which may not be self-explanatory:
|
||||||
|
|
||||||
|
- A `TimeoutStartSec` value of 0 stops systemd from considering the service failed
|
||||||
|
after waiting for the default startup time. This is required as it may take a while for the `docker pull` in `ExecStartPre` to finish.
|
||||||
|
- `ExecStartPre`: Pull the docker tag before running.
|
||||||
|
- A `Type` value of `notify` tells systemd to expect a notification from the service that it is ready.
|
||||||
|
- A `NotifyAccess` value of `all` is required by `systemd-docker`.
|
||||||
|
|
||||||
|
#### Setting environment variables
|
||||||
|
|
||||||
|
It's possible to directly specify environment variables in the unit file in two ways:
|
||||||
|
|
||||||
|
- Using an `Environment` directive in the `[Service]` block.
|
||||||
|
- Using the `-e` option of `docker`. In this case, you can omit the `--env` option shown in the example above.
|
||||||
|
|
||||||
|
To verify that your environment variables are set correctly, check the output of `systemctl show bitwarden.service`
|
||||||
|
for an `Environment` line.
|
||||||
|
|
||||||
|
It's also possible to store environment variables in a separate file using the `EnvironmentFile` directive in the unit file.
|
||||||
|
|
||||||
|
Systemd can source a file of the form:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
Key="Value"
|
||||||
|
```
|
||||||
|
|
||||||
|
However, the systemd project does not mandate where this file should be stored. Consult your distribution's documentation for the
|
||||||
|
best location for this file. For example, RedHat based distributions typically place these files in `/etc/sysconfig/`
|
||||||
|
|
||||||
|
If you're unsure, just create a file as root in `/etc/` e.g. `/etc/bitwarden.service.conf`.
|
||||||
|
|
||||||
|
In your unit file, add an `EnvironmentFile` directive in the `[Service]` block, the value being the full path to the
|
||||||
|
file created above. Example:
|
||||||
|
|
||||||
|
```ini
|
||||||
|
[Unit]
|
||||||
|
Description=Bitwarden
|
||||||
|
After=docker.service
|
||||||
|
Requires=docker.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
EnvironmentFile=/etc/bitwarden.service.conf
|
||||||
|
TimeoutStartSec=0
|
||||||
|
-snip-
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Running the service
|
||||||
|
|
||||||
|
After the above installation and configuration is complete, reload systemd using `sudo systemctl daemon-reload`.
|
||||||
|
Then, start the Bitwarden service using `sudo systemctl start bitwarden`.
|
||||||
|
|
||||||
|
To have the service start with the system, use `sudo systemctl enable bitwarden`.
|
||||||
|
|
||||||
|
Verify that the container has started using `systemctl status bitwarden`.
|
||||||
|
|
||||||
## Building your own image
|
## Building your own image
|
||||||
|
|
||||||
Clone the repository, then from the root of the repository run:
|
Clone the repository, then from the root of the repository run:
|
||||||
|
@ -526,7 +621,7 @@ mkdir $DATA_FOLDER/db-backup
|
||||||
sqlite3 /$DATA_FOLDER/db.sqlite3 ".backup '/$DATA_FOLDER/db-backup/backup.sqlite3'"
|
sqlite3 /$DATA_FOLDER/db.sqlite3 ".backup '/$DATA_FOLDER/db-backup/backup.sqlite3'"
|
||||||
```
|
```
|
||||||
|
|
||||||
This command can be run via a CRON job everyday, however note that it will overwrite the same `backup.sqlite3` file each time. This backup file should therefore be saved via incremental backup either using a CRON job command that appends a timestamp or from another backup app such as Duplicati. To restore simply overwrite `db.sqlite3` with `backup.sqlite3` (while bitwarden_rs is stopped).
|
This command can be run via a CRON job everyday, however note that it will overwrite the same `backup.sqlite3` file each time. This backup file should therefore be saved via incremental backup either using a CRON job command that appends a timestamp or from another backup app such as Duplicati. To restore simply overwrite `db.sqlite3` with `backup.sqlite3` (while bitwarden_rs is stopped).
|
||||||
|
|
||||||
Running the above command requires sqlite3 to be installed on the docker host system. You can achieve the same result with a sqlite3 docker container using the following command.
|
Running the above command requires sqlite3 to be installed on the docker host system. You can achieve the same result with a sqlite3 docker container using the following command.
|
||||||
```
|
```
|
||||||
|
@ -534,7 +629,7 @@ docker run --rm --volumes-from=bitwarden bruceforce/bw_backup /backup.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
You can also run a container with integrated cron daemon to automatically backup your database. See https://gitlab.com/1O/bitwarden_rs-backup for examples.
|
You can also run a container with integrated cron daemon to automatically backup your database. See https://gitlab.com/1O/bitwarden_rs-backup for examples.
|
||||||
|
|
||||||
### 2. the attachments folder
|
### 2. the attachments folder
|
||||||
|
|
||||||
By default, this is located in `$DATA_FOLDER/attachments`
|
By default, this is located in `$DATA_FOLDER/attachments`
|
||||||
|
|
Loading…
Reference in a new issue