降低个人密码泄露风险:利用自建服务器部署个人Bitwarden密码管理器

2022-12-06 19:36:41 浏览数 (1)

Bitwarden 开源跨平台在线密码管理器

使用一些第三方密码管理应用来帮助你管理密码及其他信息,例如KeePass、Lastpass、1Password等密码管理软件,提高输入密码的效率和安全性

如果你觉得第三方应用不可信,担心这类位于云端的密码管理器可能存在泄露的风险,那完全可以使用开源的Bitwarden ,在本地部署搭建一个私人专属的密码管理服务来代替1Password及Lastpass这类第三方密码管理软件

Bitwarden 免费密码管理器,它开源免费,跨平台支持 Windows、Mac、Linux、iOS、Android 平台,同时也提供了 Chrome、Edge、Firefox、Safari 等浏览器扩展可实现快速填充帐号密码一键登录网站,是一款非常不错的 1Password 免费替代品

(图片可点击放大查看)

自建Bitwarden服务器部署专属个人的密码管理器,数据全部在自己手里,更有安全感

下面介绍如何在本地CentOS7服务器上部署个人Bitwarden密码管理器

一、 安装Docker

  • step 1: 安装必要的一些系统工具
代码语言:javascript复制
yum install -y yum-utils device-mapper-persistent-data lvm2

(图片可点击放大查看)

  • Step 2: 添加软件源信息
代码语言:javascript复制
wget -O /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo
  • Step 3
代码语言:javascript复制
sed -i 's download.docker.com mirrors.cloud.tencent.com/docker-ce ' /etc/yum.repos.d/docker-ce.repo
  • Step 4: 更新并安装Docker-CE
代码语言:javascript复制
yum makecache fast
yum -y install docker-ce docker-ce-cli containerd.io

(图片可点击放大查看)

  • Step 4: 开启Docker服务
代码语言:javascript复制
service docker start
systemctl enable docker
docker version

(图片可点击放大查看)

二、安装docker-compose

代码语言:javascript复制
https://github.com/docker/compose/releases

(图片可点击放大查看)

代码语言:javascript复制
1、下载docker-compose
cd /opt
2、rz上传docker-compose-linux-x86_64
mv docker-compose-linux-x86_64 /usr/local/bin/docker-compose

3、授予可执行权限
chmod  x /usr/local/bin/docker-compose

4、测试是否安装成功(可能需要重启系统)
docker-compose -v

(图片可点击放大查看)

三、安装bitwarden

代码语言:javascript复制
1、获取bitwarden一键安装脚本
curl -Lso bitwarden.sh https://go.btwrdn.co/bw-sh && chmod 700 bitwarden.sh

2、执行安装程序
./bitwarden.sh install

(图片可点击放大查看)

脚本执行过程

代码语言:javascript复制
 ./bitwarden.sh install

执行过程中访问 https://bitwarden.com/host获取安装的id和Key

(图片可点击放大查看)

执行前建议加一下本地解析记录

(图片可点击放大查看)

代码语言:javascript复制
 ./bitwarden.sh install
 _     _ _                         _            
| |__ (_) |___      ____ _ _ __ __| | ___ _ __  
| '_ | | __  / / / _` | '__/ _` |/ _  '_  
| |_) | | |_  V  V / (_| | | | (_| |  __/ | | |
|_.__/|_|__| _/_/ __,_|_|  __,_|___|_| |_|

Open source password management solutions
Copyright 2015-2022, 8bit Solutions LLC
https://bitwarden.com, https://github.com/bitwarden

===================================================

bitwarden.sh version 2022.5.2
Docker version 20.10.17, build 100c701
Docker Compose version v2.6.1

(!) Enter the domain name for your Bitwarden instance (ex. bitwarden.example.com): bitwarden.walkingcloud.cn

(!) Do you want to use Let's Encrypt to generate a free SSL certificate? (y/n): n

(!) Enter the database name for your Bitwarden instance (ex. vault): passwordvault

2022.5.2: Pulling from bitwarden/setup
c1ad9731b2c7: Pull complete 
169ba0027942: Pull complete 
c4c86b92f556: Pull complete 
e76245086e24: Pull complete 
0bf07af7e5b6: Pull complete 
5e0a0bcfc3c0: Pull complete 
bf74c167487e: Pull complete 
ed57fd808676: Pull complete 
c3ac3f57812a: Pull complete 
007204d6d11d: Pull complete 
Digest: sha256:fc63bf509c518d15fe136641b19b4e605d0e267aae1999a1d92b42ba7d37c2a5
Status: Downloaded newer image for bitwarden/setup:2022.5.2
docker.io/bitwarden/setup:2022.5.2

(!) Enter your installation id (get at https://bitwarden.com/host): 77a07888-XXXX-XXXX-XXXX-aece00308870

(!) Enter your installation key: VBHzlBcvXXXXX0toFAmRV

(!) Do you have a SSL certificate to use? (y/n): n

(!) Do you want to generate a self-signed SSL certificate? (y/n): y

Generating self signed SSL certificate.
Generating a RSA private key
................................    
..............................    
writing new private key to '/bitwarden/ssl/self/bitwarden.walkingcloud.cn/private.key'
-----
Generating key for IdentityServer.
Generating a RSA private key
.............................................................................................................................................................................................................................................................................................................................    
..........    
writing new private key to 'identity.key'
-----

!!!!!!!!!! WARNING !!!!!!!!!!
You are using an untrusted SSL certificate. This certificate will not be 
trusted by Bitwarden client applications. You must add this certificate to 
the trusted store on each device or else you will receive errors when trying 
to connect to your installation.

Building nginx config.
Building docker environment files.
Building docker environment override files.
Building FIDO U2F app id.
Building docker-compose.yml.

Installation complete

If you need to make additional configuration changes, you can modify
the settings in `./bwdata/config.yml` and then run:
`./bitwarden.sh rebuild` or `./bitwarden.sh update`

Next steps, run:
`./bitwarden.sh start`

(图片可点击放大查看)

四、启动 Bitwarden 服务

首次启动 Bitwarden 可能时间会比较长,因为需要拉取镜像,耐心等待

代码语言:javascript复制
./bitwarden.sh start

(图片可点击放大查看)

(图片可点击放大查看)

等待启动完成后firewalld开放80和443端口

代码语言:javascript复制
firewall-cmd --permanent --zone=public --add-port=443/tcp
firewall-cmd --permanent --zone=public --add-port=80/tcp
firewall-cmd --reload

(图片可点击放大查看)

(图片可点击放大查看)

五、登录本地bitwarden设置管理账号

代码语言:javascript复制
https://bitwarden.walkingcloud.cn/

(图片可点击放大查看)

(图片可点击放大查看)

(图片可点击放大查看)

六、浏览器安装bitwarden插件并设置

Chrome为例

(图片可点击放大查看)

七、试用本地bitwarden

设置为自托管环境

(图片可点击放大查看)

(图片可点击放大查看)

(图片可点击放大查看)

开启自动填充

(图片可点击放大查看)

托管密码后,这样下次登录后可以自动填充密码,相当方便

(图片可点击放大查看)

0 人点赞