parent
0448d98afc
commit
6e47535c2e
@ -1,81 +0,0 @@
|
|||||||
# Build instructions
|
|
||||||
|
|
||||||
## Dependencies
|
|
||||||
- `Rust nightly` (strongly recommended to use [rustup](https://rustup.rs/))
|
|
||||||
- `OpenSSL` (should be available in path, install through your system's package manager or use the [prebuilt binaries](https://wiki.openssl.org/index.php/Binaries))
|
|
||||||
- `NodeJS` (only when compiling the web-vault, install through your system's package manager or use the [prebuilt binaries](https://nodejs.org/en/download/))
|
|
||||||
|
|
||||||
|
|
||||||
## Run/Compile
|
|
||||||
```sh
|
|
||||||
# Compile and run
|
|
||||||
cargo run --release
|
|
||||||
# or just compile (binary located in target/release/bitwarden_rs)
|
|
||||||
cargo build --release
|
|
||||||
```
|
|
||||||
|
|
||||||
When run, the server is accessible in [http://localhost:80](http://localhost:80).
|
|
||||||
|
|
||||||
### Install the web-vault
|
|
||||||
A compiled version of the web vault can be downloaded from [dani-garcia/bw_web_builds](https://github.com/dani-garcia/bw_web_builds/releases).
|
|
||||||
|
|
||||||
If you prefer to compile it manually, follow these steps:
|
|
||||||
|
|
||||||
*Note: building the Vault needs ~1.5GB of RAM. On systems like a RaspberryPI with 1GB or less, please [enable swapping](https://www.tecmint.com/create-a-linux-swap-file/) or build it on a more powerful machine and copy the directory from there. This much memory is only needed for building it, running bitwarden_rs with vault needs only about 10MB of RAM.*
|
|
||||||
|
|
||||||
- Clone the git repository at [bitwarden/web](https://github.com/bitwarden/web) and checkout the latest release tag (e.g. v2.1.1):
|
|
||||||
```sh
|
|
||||||
# clone the repository
|
|
||||||
git clone https://github.com/bitwarden/web.git web-vault
|
|
||||||
cd web-vault
|
|
||||||
# switch to the latest tag
|
|
||||||
git checkout "$(git tag | tail -n1)"
|
|
||||||
```
|
|
||||||
|
|
||||||
- Download the patch file from [dani-garcia/bw_web_builds](https://github.com/dani-garcia/bw_web_builds/tree/master/patches) and copy it to the `web-vault` folder.
|
|
||||||
To choose the version to use, assuming the web vault is version `vX.Y.Z`:
|
|
||||||
- If there is a patch with version `vX.Y.Z`, use that one
|
|
||||||
- Otherwise, pick the one with the largest version that is still smaller than `vX.Y.Z`
|
|
||||||
- Apply the patch
|
|
||||||
```sh
|
|
||||||
# In the 'web-vault' directory
|
|
||||||
git apply vX.Y.Z.patch
|
|
||||||
```
|
|
||||||
|
|
||||||
- Then, build the Vault:
|
|
||||||
|
|
||||||
```sh
|
|
||||||
npm run sub:init
|
|
||||||
npm install
|
|
||||||
npm run dist
|
|
||||||
```
|
|
||||||
|
|
||||||
Finally copy the contents of the `build` folder into the `bitwarden_rs/web-vault` folder.
|
|
||||||
|
|
||||||
# Configuration
|
|
||||||
The available configuration options are documented in the default `.env` file, and they can be modified by uncommenting the desired options in that file or by setting their respective environment variables. Look at the README file for the main configuration options available.
|
|
||||||
|
|
||||||
Note: the environment variables override the values set in the `.env` file.
|
|
||||||
|
|
||||||
## How to recreate database schemas (for developers)
|
|
||||||
Install diesel-cli with cargo:
|
|
||||||
```sh
|
|
||||||
cargo install diesel_cli --no-default-features --features sqlite-bundled
|
|
||||||
```
|
|
||||||
|
|
||||||
Make sure that the correct path to the database is in the `.env` file.
|
|
||||||
|
|
||||||
If you want to modify the schemas, create a new migration with:
|
|
||||||
```
|
|
||||||
diesel migration generate <name>
|
|
||||||
```
|
|
||||||
|
|
||||||
Modify the *.sql files, making sure that any changes are reverted in the down.sql file.
|
|
||||||
|
|
||||||
Apply the migrations and save the generated schemas as follows:
|
|
||||||
```sh
|
|
||||||
diesel migration redo
|
|
||||||
|
|
||||||
# This step should be done automatically when using diesel-cli > 1.3.0
|
|
||||||
# diesel print-schema > src/db/schema.rs
|
|
||||||
```
|
|
@ -1,98 +0,0 @@
|
|||||||
# Proxy examples
|
|
||||||
|
|
||||||
In this document, `<SERVER>` refers to the IP or domain where bitwarden_rs is accessible from. If both the proxy and bitwarden_rs are running in the same system, simply use `localhost`.
|
|
||||||
The ports proxied by default are `80` for the web server and `3012` for the WebSocket server. The proxies are configured to listen in port `443` with HTTPS enabled, which is recommended.
|
|
||||||
|
|
||||||
When using a proxy, it's preferrable to configure HTTPS at the proxy level and not at the application level, this way the WebSockets connection is also secured.
|
|
||||||
|
|
||||||
## Caddy
|
|
||||||
|
|
||||||
```nginx
|
|
||||||
localhost:443 {
|
|
||||||
# The negotiation endpoint is also proxied to Rocket
|
|
||||||
proxy /notifications/hub/negotiate <SERVER>:80 {
|
|
||||||
transparent
|
|
||||||
}
|
|
||||||
|
|
||||||
# Notifications redirected to the websockets server
|
|
||||||
proxy /notifications/hub <SERVER>:3012 {
|
|
||||||
websocket
|
|
||||||
}
|
|
||||||
|
|
||||||
# Proxy the Root directory to Rocket
|
|
||||||
proxy / <SERVER>:80 {
|
|
||||||
transparent
|
|
||||||
}
|
|
||||||
|
|
||||||
tls ${SSLCERTIFICATE} ${SSLKEY}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
## Nginx (by shauder)
|
|
||||||
```nginx
|
|
||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
server_name vault.*;
|
|
||||||
|
|
||||||
# Specify SSL config if using a shared one.
|
|
||||||
#include conf.d/ssl/ssl.conf;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://<SERVER>:80;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /notifications/hub {
|
|
||||||
proxy_pass http://<SERVER>:3012;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
}
|
|
||||||
|
|
||||||
location /notifications/hub/negotiate {
|
|
||||||
proxy_pass http://<SERVER>:80;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
## Apache (by fbartels)
|
|
||||||
```apache
|
|
||||||
<VirtualHost *:443>
|
|
||||||
SSLEngine on
|
|
||||||
ServerName bitwarden.$hostname.$domainname
|
|
||||||
|
|
||||||
SSLCertificateFile ${SSLCERTIFICATE}
|
|
||||||
SSLCertificateKeyFile ${SSLKEY}
|
|
||||||
SSLCACertificateFile ${SSLCA}
|
|
||||||
${SSLCHAIN}
|
|
||||||
|
|
||||||
ErrorLog \${APACHE_LOG_DIR}/bitwarden-error.log
|
|
||||||
CustomLog \${APACHE_LOG_DIR}/bitwarden-access.log combined
|
|
||||||
|
|
||||||
RewriteEngine On
|
|
||||||
RewriteCond %{HTTP:Upgrade} =websocket [NC]
|
|
||||||
RewriteRule /(.*) ws://<SERVER>:3012/$1 [P,L]
|
|
||||||
|
|
||||||
ProxyPass / http://<SERVER>:80/
|
|
||||||
|
|
||||||
ProxyPreserveHost On
|
|
||||||
ProxyRequests Off
|
|
||||||
</VirtualHost>
|
|
||||||
```
|
|
||||||
|
|
||||||
## Traefik (docker-compose example)
|
|
||||||
```traefik
|
|
||||||
labels:
|
|
||||||
- 'traefik.frontend.rule=Host:vault.example.local'
|
|
||||||
- 'traefik.docker.network=traefik'
|
|
||||||
- 'traefik.port=80'
|
|
||||||
- 'traefik.enable=true'
|
|
||||||
- 'traefik.web.frontend.rule=Host:vault.example.local'
|
|
||||||
- 'traefik.web.port=80'
|
|
||||||
- 'traefik.hub.frontend.rule=Path:/notifications/hub'
|
|
||||||
- 'traefik.hub.port=3012'
|
|
||||||
- 'traefik.negotiate.frontend.rule=Path:/notifications/hub/negotiate'
|
|
||||||
- 'traefik.negotiate.port=80'
|
|
||||||
```
|
|
Loading…
Reference in new issue