mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2024-11-09 12:32:37 +01:00
Merge pull request #294 from i-ghost/feature/add-systemd-notes
Add systemd setup instructions to README.md
This commit is contained in:
commit
371017b547
107
README.md
107
README.md
@ -45,6 +45,9 @@ _*Note, that this project is not associated with the [Bitwarden](https://bitward
|
||||
- [Fail2Ban Filter](#fail2ban-filter)
|
||||
- [Fail2Ban Jail](#fail2ban-jail)
|
||||
- [Testing Fail2Ban](#testing-fail2ban)
|
||||
- [Running with systemd-docker](#running-with-systemd-docker)
|
||||
- [Setting environment variables](#setting-environment-variables)
|
||||
- [Running the service](#running-the-service)
|
||||
- [Building your own image](#building-your-own-image)
|
||||
- [Building binary](#building-binary)
|
||||
- [Available packages](#available-packages)
|
||||
@ -70,12 +73,12 @@ Basically full implementation of Bitwarden API is provided including:
|
||||
* Basic single user functionality
|
||||
* Organizations support
|
||||
* Attachments
|
||||
* Vault API support
|
||||
* Vault API support
|
||||
* Serving the static files for Vault interface
|
||||
* Website icons API
|
||||
* Authenticator and U2F support
|
||||
* YubiKey OTP
|
||||
|
||||
|
||||
## Missing features
|
||||
* Email confirmation
|
||||
* Other two-factor systems:
|
||||
@ -379,7 +382,7 @@ docker run -d --name bitwarden \
|
||||
-p 80:80 \
|
||||
mprasil/bitwarden:latest
|
||||
```
|
||||
|
||||
|
||||
When `SMTP_SSL` is set to `true`(this is the default), only TLSv1.1 and TLSv1.2 protocols will be accepted and `SMTP_PORT` will default to `587`. If set to `false`, `SMTP_PORT` will default to `25` and the connection won't be encrypted. This can be very insecure, use this setting only if you know what you're doing.
|
||||
|
||||
### Password hint display
|
||||
@ -413,7 +416,7 @@ docker run -d --name bitwarden \
|
||||
-v /bw-data/:/data/ \
|
||||
-p 80:80 \
|
||||
mprasil/bitwarden:latest
|
||||
```
|
||||
```
|
||||
|
||||
Note that you can also change the path where bitwarden_rs looks for static files by providing the `WEB_VAULT_FOLDER` environment variable with the path.
|
||||
|
||||
@ -491,6 +494,98 @@ If it works correctly and your IP is banned, you can unban the ip by running:
|
||||
sudo fail2ban-client unban XX.XX.XX.XX bitwarden
|
||||
```
|
||||
|
||||
### Running with systemd-docker
|
||||
|
||||
These instructions allow you to have systemd manage the lifecycle of the docker container, if you prefer.
|
||||
|
||||
First, install the `systemd-docker` package using your system package manager.
|
||||
This is a wrapper which improves docker integration with systemd.
|
||||
|
||||
For full instructions and configuration options, see the [GitHub repository](https://github.com/ibuildthecloud/systemd-docker).
|
||||
|
||||
As root, create `/etc/systemd/system/bitwarden.service` using your preferred editor with the following contents:
|
||||
|
||||
```ini
|
||||
[Unit]
|
||||
Description=Bitwarden
|
||||
After=docker.service
|
||||
Requires=docker.service
|
||||
|
||||
[Service]
|
||||
TimeoutStartSec=0
|
||||
ExecStartPre=/usr/bin/docker pull mprasil/bitwarden:latest
|
||||
ExecStart=/usr/bin/systemd-docker --cgroups name=systemd --env run \
|
||||
-p 8080:80 \
|
||||
-p 8081:3012 \
|
||||
-v /opt/bw-data:/data/ \
|
||||
--rm --name %n mprasil/bitwarden:latest
|
||||
Restart=always
|
||||
RestartSec=10s
|
||||
Type=notify
|
||||
NotifyAccess=all
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
```
|
||||
|
||||
Adjust the above example as necessary. In particular, pay attention to the `-p` and `-v` options,
|
||||
as these control the port and volume bindings between the container and the host.
|
||||
|
||||
Explanation of options which may not be self-explanatory:
|
||||
|
||||
- A `TimeoutStartSec` value of 0 stops systemd from considering the service failed
|
||||
after waiting for the default startup time. This is required as it may take a while for the `docker pull` in `ExecStartPre` to finish.
|
||||
- `ExecStartPre`: Pull the docker tag before running.
|
||||
- A `Type` value of `notify` tells systemd to expect a notification from the service that it is ready.
|
||||
- A `NotifyAccess` value of `all` is required by `systemd-docker`.
|
||||
|
||||
#### Setting environment variables
|
||||
|
||||
It's possible to directly specify environment variables in the unit file in two ways:
|
||||
|
||||
- Using an `Environment` directive in the `[Service]` block.
|
||||
- Using the `-e` option of `docker`. In this case, you can omit the `--env` option shown in the example above.
|
||||
|
||||
To verify that your environment variables are set correctly, check the output of `systemctl show bitwarden.service`
|
||||
for an `Environment` line.
|
||||
|
||||
It's also possible to store environment variables in a separate file using the `EnvironmentFile` directive in the unit file.
|
||||
|
||||
Systemd can source a file of the form:
|
||||
|
||||
```shell
|
||||
Key="Value"
|
||||
```
|
||||
|
||||
However, the systemd project does not mandate where this file should be stored. Consult your distribution's documentation for the
|
||||
best location for this file. For example, RedHat based distributions typically place these files in `/etc/sysconfig/`
|
||||
|
||||
If you're unsure, just create a file as root in `/etc/` e.g. `/etc/bitwarden.service.conf`.
|
||||
|
||||
In your unit file, add an `EnvironmentFile` directive in the `[Service]` block, the value being the full path to the
|
||||
file created above. Example:
|
||||
|
||||
```ini
|
||||
[Unit]
|
||||
Description=Bitwarden
|
||||
After=docker.service
|
||||
Requires=docker.service
|
||||
|
||||
[Service]
|
||||
EnvironmentFile=/etc/bitwarden.service.conf
|
||||
TimeoutStartSec=0
|
||||
-snip-
|
||||
```
|
||||
|
||||
#### Running the service
|
||||
|
||||
After the above installation and configuration is complete, reload systemd using `sudo systemctl daemon-reload`.
|
||||
Then, start the Bitwarden service using `sudo systemctl start bitwarden`.
|
||||
|
||||
To have the service start with the system, use `sudo systemctl enable bitwarden`.
|
||||
|
||||
Verify that the container has started using `systemctl status bitwarden`.
|
||||
|
||||
## Building your own image
|
||||
|
||||
Clone the repository, then from the root of the repository run:
|
||||
@ -526,7 +621,7 @@ mkdir $DATA_FOLDER/db-backup
|
||||
sqlite3 /$DATA_FOLDER/db.sqlite3 ".backup '/$DATA_FOLDER/db-backup/backup.sqlite3'"
|
||||
```
|
||||
|
||||
This command can be run via a CRON job everyday, however note that it will overwrite the same `backup.sqlite3` file each time. This backup file should therefore be saved via incremental backup either using a CRON job command that appends a timestamp or from another backup app such as Duplicati. To restore simply overwrite `db.sqlite3` with `backup.sqlite3` (while bitwarden_rs is stopped).
|
||||
This command can be run via a CRON job everyday, however note that it will overwrite the same `backup.sqlite3` file each time. This backup file should therefore be saved via incremental backup either using a CRON job command that appends a timestamp or from another backup app such as Duplicati. To restore simply overwrite `db.sqlite3` with `backup.sqlite3` (while bitwarden_rs is stopped).
|
||||
|
||||
Running the above command requires sqlite3 to be installed on the docker host system. You can achieve the same result with a sqlite3 docker container using the following command.
|
||||
```
|
||||
@ -534,7 +629,7 @@ docker run --rm --volumes-from=bitwarden bruceforce/bw_backup /backup.sh
|
||||
```
|
||||
|
||||
You can also run a container with integrated cron daemon to automatically backup your database. See https://gitlab.com/1O/bitwarden_rs-backup for examples.
|
||||
|
||||
|
||||
### 2. the attachments folder
|
||||
|
||||
By default, this is located in `$DATA_FOLDER/attachments`
|
||||
|
Loading…
Reference in New Issue
Block a user