{"id":472382,"date":"2021-05-04T16:48:35","date_gmt":"2021-05-04T08:48:35","guid":{"rendered":"http:\/\/4563.org\/?p=472382"},"modified":"2021-05-04T16:48:35","modified_gmt":"2021-05-04T08:48:35","slug":"vaultwarden-%e5%92%8b%e9%83%a8%e7%bd%b2%e5%91%a2%e6%9d%a5%e4%b8%aa%e5%a4%a7%e4%bd%ac","status":"publish","type":"post","link":"http:\/\/4563.org\/?p=472382","title":{"rendered":"vaultwarden \u548b\u90e8\u7f72\u5462\u6765\u4e2a\u5927\u4f6c"},"content":{"rendered":"\n<p>  \t\t\t\t\t<strong>bugrun<\/strong>  \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : \t<\/p>\n<h3>vaultwarden \u548b\u90e8\u7f72\u5462\u6765\u4e2a\u5927\u4f6c<\/h3>\n<p>  \t\tdocker pull vaultwarden\/server:latest<br \/>  docker run -d &#8211;name vaultwarden -v \/vw-data\/:\/data\/ -p 8080:80 vaultwarden\/server:latest<br \/>  \u5f04\u5b8c\u540e\u8fdb\u7f51\u9875\u6ce8\u518c\u9700\u8981https \u914d\u7f6e\u4e86\u4e0bnginx\u7ed3\u679c\u8fd8\u662f\u8fdb\u4e0d\u53bb<\/p>\n<p>  server {<br \/>  &nbsp; &nbsp; listen 80;<br \/>  &nbsp; &nbsp; listen [::]:80;<\/p>\n<p>  &nbsp; &nbsp; server_name yourdomain.com;<\/p>\n<p>  &nbsp; &nbsp; # redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.<br \/>  &nbsp; &nbsp; return 301 https:\/\/yourdomain.com$request_uri;<br \/>  }<\/p>\n<p>  server {<br \/>  &nbsp; &nbsp; listen 443 ssl http2;<br \/>  &nbsp; &nbsp; listen [::]:443 ssl http2;<\/p>\n<p>  &nbsp; &nbsp; server_name yourdomain.com;<\/p>\n<p>  &nbsp; &nbsp; location \/ {<br \/>  &nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; proxy_pass http:\/\/127.0.0.1:8080;<br \/>  &nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; proxy_http_version&nbsp; &nbsp; 1.1;<br \/>  &nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; proxy_cache_bypass&nbsp; &nbsp; $http_upgrade;<\/p>\n<p>  &nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; proxy_set_header Upgrade&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;$http_upgrade;<br \/>  &nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; proxy_set_header Connection&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&quot;upgrade&quot;;<br \/>  &nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; proxy_set_header Host&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;$host;<br \/>  &nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; proxy_set_header X-Real-IP&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; $remote_addr;<br \/>  &nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; proxy_set_header X-Forwarded-For&nbsp; &nbsp; $proxy_add_x_forwarded_for;<br \/>  &nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; proxy_set_header X-Forwarded-Proto$scheme;<br \/>  &nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; proxy_set_header X-Forwarded-Host&nbsp; &nbsp;$host;<br \/>  &nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; proxy_set_header X-Forwarded-Port&nbsp; &nbsp;$server_port;<br \/>  &nbsp; &nbsp; }<\/p>\n<p>  &nbsp; &nbsp; # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate<br \/>  &nbsp; &nbsp; ssl_certificate \/ssl\/nginx\/yourdomain.com.pem;<br \/>  &nbsp; &nbsp; ssl_certificate_key \/ssl\/nginx\/yourdomain.com.key;<br \/>  &nbsp; &nbsp; ssl_session_timeout 1d;<br \/>  &nbsp; &nbsp; ssl_session_cache shared:MozSSL:10m;# about 40000 sessions<br \/>  &nbsp; &nbsp; ssl_session_tickets off;<\/p>\n<p>  &nbsp; &nbsp; # curl https:\/\/ssl-config.mozilla.org\/ffdhe2048.txt &gt; \/path\/to\/dhparam.pem<\/p>\n<p>  &nbsp; &nbsp; # intermediate configuration<br \/>  &nbsp; &nbsp; ssl_protocols TLSv1.2 TLSv1.3;<br \/>  &nbsp; &nbsp; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;<br \/>  &nbsp; &nbsp; ssl_prefer_server_ciphers off;<\/p>\n<p>  &nbsp; &nbsp; # HSTS (ngx_http_headers_module is required) (63072000 seconds)<br \/>  &nbsp; &nbsp; add_header Strict-Transport-Security &quot;max-age=63072000&quot; always;<\/p>\n<p>  &nbsp; &nbsp; # OCSP stapling<br \/>  &nbsp; &nbsp; ssl_stapling on;<br \/>  &nbsp; &nbsp; ssl_stapling_verify on;<\/p>\n<p>  &nbsp; &nbsp; # verify chain of trust of OCSP response using Root CA and Intermediate certs<br \/>  &nbsp; &nbsp; # ssl_trusted_certificate \/etc\/ssl\/ethanblog.com\/chain1.pem;<\/p>\n<p>  &nbsp; &nbsp; # replace with the IP address of your resolver<br \/>  &nbsp; &nbsp; resolver 223.5.5.5 8.8.8.8;<br \/>  }  \t\t\t  <\/p>\n","protected":false},"excerpt":{"rendered":"<p>bugrun \u5927\u4f6c\u6709\u8bdd\u8bf4 : va&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[],"tags":[],"_links":{"self":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/472382"}],"collection":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=472382"}],"version-history":[{"count":0,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/472382\/revisions"}],"wp:attachment":[{"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=472382"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=472382"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=472382"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}