海运的博客

go build:

git clone https://github.com/fatedier/frp.git
#windows客户端
frp/cmd/frpc
GOARCH=amd64 GOOS=windows CGO_ENABLED=0 go build -ldflags "-s -w"
#linux服务端
frp/cmd/frps
go build -ldflags "-s -w"

服务端配置文件：

[common]
bind_addr = 0.0.0.0
bind_port = 7000

dashboard_addr = 0.0.0.0
dashboard_port = 7500
dashboard_user = admin
dashboard_pwd = admin

log_file = /run/log/frp/frps.log
# trace, debug, info, warn, error
log_level = info
log_max_days = 3
disable_log_color = false

token = password
pool_count = 5
tcp_mux = false
allow_ports = 2000-3000,3001,3003,4000-50000
max_ports_per_client = 0

客户端配置文件：

[common]
server_addr = www.haiyun.me
server_port = 7000

log_file = ./frpc.log
# trace, debug, info, warn, error
log_level = info
log_max_days = 3
disable_log_color = false

login_fail_exit = false
token = password
pool_count = 5
protocol = tcp
tcp_mux = false
tls_enable = false
dns_server = 114.114.114.114

admin_addr = 127.0.0.1
admin_port = 7400
admin_user = admin
admin_pwd = admin

[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 3389
remote_port = 3389
use_encryption = true
use_compression = false

windows下使用winsw将frpc安装为系统服务开机自动启动，将winsw放到frp目录，并新建winsw.xml配置文件：

<service>
    <id>frp</id>
    <name>frp client</name>
    <description>frp client</description>
    <executable>C:\test\frpc.exe</executable>
    <arguments>-c frpc.ini</arguments>
    <onfailure action="restart" delay="60 sec"/>
    <logmode>append</logmode>
    <logpath>logs</logpath>
</service>

以管理员启动cmd进入frp目录，安装frp为系统服务并启动：

cd C:\test\
winsw install
winsw start frp

安装7zip：

apt install p7zip-full

加密压缩为7zip格式：

7z a -t7z -p123456 -mhe -spf file.7z file/
#-mhe加密文件名
#-spf被压缩目录包含完整的路径

加密压缩为zip格式：

 7z a -tzip -p123456 -mem=AES256 -spf file.zip file/
#-mem使用aes256加密

查看加密压缩文件信息：

7z l -slt file.zip 
7z l -slt file.7z

解压文件：

7z x -p123456 file.zip 
7z x -p123456 file.7z

解压到指定目录：

7z x prowinx64legacy.exe -owindows7-x64

https://sevenzip.osdn.jp/chm/cmdline/switches/index.htm

go：

export http_proxy=socks5://127.0.0.1:7070
go get ...

git:

git config --global http.proxy socks5://127.0.0.1:7070

https://blog.csdn.net/idwtwt/article/details/84842361

安装rust环境：

apt install git make gcc libssl-dev pkg-config curl
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source $HOME/.cargo/env

编译安装bitwarden_rs：

git clone https://github.com/dani-garcia/bitwarden_rs/
cd bitwarden_rs/
cargo build --features sqlite --release
mkdir /usr/local/bitwarden
cp target/release/bitwarden_rs /usr/local/bitwarden/  

交叉编译arm64/aarch64版本bitwarden_rs：

#wget https://releases.linaro.org/components/toolchain/binaries/latest-7/aarch64-linux-gnu/gcc-linaro-7.5.0-2019.12-x86_64_aarch64-linux-gnu.tar.xz
#tar -Jxvf gcc-linaro-7.5.0-2019.12-x86_64_aarch64-linux-gnu.tar.xz 
#export PATH=$PATH:`pwd`/gcc-linaro-7.5.0-2019.12-x86_64_aarch64-linux-gnu/bin/
apt install gcc-aarch64-linux-gnu
git clone https://github.com/dani-garcia/bitwarden_rs/
cd bitwarden_rs/
mkdir .cargo
rustup target install aarch64-unknown-linux-gnu
echo '[target.aarch64-unknown-linux-gnu]' > .cargo/config
echo 'linker = "aarch64-linux-gnu-gcc"' >> .cargo/config
sed -i '/\[features\]/a\openssl-vendored = ["openssl/vendored"]' Cargo.toml 
cargo build --target="aarch64-unknown-linux-gnu" --release --features "sqlite" --features "openssl-vendored"

编译安装web-vault，内存需4G以上，不然可能会出错。已编译版本：https://github.com/dani-garcia/bw_web_builds/releases

curl -sL https://deb.nodesource.com/setup_10.x | bash -
apt install nodejs
git clone https://github.com/bitwarden/web.git web-vault
cd web-vault
git checkout v2.18.2
#2.18版本先执行再patch
npm run sub:init
wget https://raw.githubusercontent.com/dani-garcia/bw_web_builds/master/patches/v2.18.1.patch
git apply v2.18.1.patch
npm install
npm run dist
#新版本
npm run dist:oss:selfhost
cp -r build /usr/local/bitwarden/web-vault
export PATH=/usr/local/bitwarden/:$PATH

也可使用docker build：

apt install docker.io
git clone https://github.com/dani-garcia/bw_web_builds.git
cd bw_web_builds/
git checkout v2022.10.2
make docker-extract

如果遇到以下错误：
ERROR in node_modules/sweetalert/typings/sweetalert.d.ts(4,9): error TS2403: Subsequent variable declarations must have the same type. Variable 'swal' must be of type 'typeof import("/usr/local/src/web-vault/node_modules/sweetalert/typings/sweetalert")', but here has type 'SweetAlert'.
则：

sed -i 's/const swal/\/\/const swal/' node_modules/sweetalert/typings/sweetalert.d.ts

启动：

export WEB_VAULT_FOLDER=/usr/local/bitwarden/web-vault
export DATA_FOLDER=/usr/local/bitwarden/data
bitwarden_rs

systemd：

[Unit]
Description=Bitwarden Server (Rust Edition)
Documentation=https://github.com/dani-garcia/bitwarden_rs
After=network.target

[Service]
User=bitwarden
Group=bitwarden
EnvironmentFile=/etc/bitwarden/config.env
ExecStart=/usr/local/bin/bitwarden_rs
LimitNOFILE=1048576
LimitNPROC=64
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=strict
WorkingDirectory=/etc/bitwarden/
ReadWriteDirectories=/etc/bitwarden/
ReadWriteDirectories=/run/log/bitwarden/
AmbientCapabilities=CAP_NET_BIND_SERVICE
Restart=always
RestartSec=5
StartLimitBurst=3
StartLimitInterval=60
StandardOutput=null
StandardError=null

[Install]
WantedBy=multi-user.target

添加运行用户：

useradd -r bitwarden  -s /usr/sbin/nologin

/etc/bitwarden/config.env文件：

WEB_VAULT_FOLDER="/usr/local/web-vault"
DATA_FOLDER="/etc/bitwarden/data"
ROCKET_ADDRESS="127.0.0.1"
ROCKET_PORT="8080"
SIGNUPS_ALLOWED="false"
INVITATIONS_ALLOWED="false"
DOMAIN="https://www.haiyun.me"
SHOW_PASSWORD_HINT="false"
LOG_FILE="/run/log/bitwarden/bitwarden.log"
EXTENDED_LOGGING="true"
#"trace", "debug", "info", "warn", "error" or "off".
LOG_LEVEL="info"

nginx配置：

server {
  listen       0.0.0.0:443 ssl http2;
  server_name www.haiyun.me;

  ssl_certificate /etc/acme/www.haiyun.me_ecc/fullchain.cer;
  ssl_certificate_key /etc/acme/www.haiyun.me_ecc/www.haiyun.me.key;
  ssl_protocols      TLSv1.2 TLSv1.3;
  #ssl_ciphers         HIGH:!aNULL:!MD5;
  ssl_ciphers TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA;
  ssl_prefer_server_ciphers   off; 

  ssl_early_data on;
  ssl_session_timeout 1d;
  ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
  ssl_session_tickets off;

  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_trusted_certificate /etc/acme/www.haiyun.me_ecc/ca.cer;

  root   /var/www/html;
  index  index.html index.htm;

  location / {
    proxy_redirect off;
    #proxy_pass http://127.0.0.1:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
  access_log /run/log/nginx/www.haiyun.me.log ssl;
  error_log  /run/log/nginx/www.haiyun.me_error.log;
}

https://github.com/dani-garcia/bitwarden_rs/wiki/Building-binary
https://github.com/t4t5/sweetalert/issues/890
https://www.reddit.com/r/Bitwarden/comments/dg78bi/building_selfhosted_bitwarden_via_bitwarden_rs/
https://www.ixsystems.com/community/threads/how-to-build-your-own-bitwarden_rs-jail.81389/