海运的博客

ubuntu编译安装bitwarden_rs和web-vault

发布时间:February 17, 2020 // 分类: // 7 Comments

安装rust环境:

apt install git make gcc libssl-dev pkg-config curl
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source $HOME/.cargo/env

编译安装bitwarden_rs:

git clone https://github.com/dani-garcia/bitwarden_rs/
cd bitwarden_rs/
cargo build --features sqlite --release
mkdir /usr/local/bitwarden
cp target/release/bitwarden_rs /usr/local/bitwarden/  

交叉编译arm64/aarch64版本bitwarden_rs:

wget https://releases.linaro.org/components/toolchain/binaries/latest-7/aarch64-linux-gnu/gcc-linaro-7.5.0-2019.12-x86_64_aarch64-linux-gnu.tar.xz
tar -Jxvf gcc-linaro-7.5.0-2019.12-x86_64_aarch64-linux-gnu.tar.xz 
export PATH=$PATH:/root/gcc-linaro-7.5.0-2019.12-x86_64_aarch64-linux-gnu/bin/
git clone https://github.com/dani-garcia/bitwarden_rs/
cd bitwarden_rs/
mkdir .cargo
rustup target install aarch64-unknown-linux-gnu
echo '[target.aarch64-unknown-linux-gnu]' > .cargo/config
echo 'linker = "aarch64-linux-gnu-gcc"' >> .cargo/config
sed -i '/\[features\]/a\openssl-vendored = ["openssl/vendored"]' Cargo.toml 
cargo build --target="aarch64-unknown-linux-gnu" --release --features "sqlite" --features "openssl-vendored"

编译安装web-vault,内存需4G以上,不然可能会出错。已编译版本:https://github.com/dani-garcia/bw_web_builds/releases

curl -sL https://deb.nodesource.com/setup_10.x | bash -
apt install nodejs
git clone https://github.com/bitwarden/web.git web-vault
cd web-vault
git checkout v2.18.2
#2.18版本先执行再patch
npm run sub:init
wget https://raw.githubusercontent.com/dani-garcia/bw_web_builds/master/patches/v2.18.1.patch
git apply v2.18.1.patch
npm install
npm run dist
#新版本
npm run dist:oss:selfhost
cp -r build /usr/local/bitwarden/web-vault
export PATH=/usr/local/bitwarden/:$PATH

如果遇到以下错误:
ERROR in node_modules/sweetalert/typings/sweetalert.d.ts(4,9): error TS2403: Subsequent variable declarations must have the same type. Variable 'swal' must be of type 'typeof import("/usr/local/src/web-vault/node_modules/sweetalert/typings/sweetalert")', but here has type 'SweetAlert'.
则:

sed -i 's/const swal/\/\/const swal/' node_modules/sweetalert/typings/sweetalert.d.ts

启动:

export WEB_VAULT_FOLDER=/usr/local/bitwarden/web-vault
export DATA_FOLDER=/usr/local/bitwarden/data
bitwarden_rs

systemd:

[Unit]
Description=Bitwarden Server (Rust Edition)
Documentation=https://github.com/dani-garcia/bitwarden_rs
After=network.target

[Service]
User=bitwarden
Group=bitwarden
EnvironmentFile=/etc/bitwarden/config.env
ExecStart=/usr/local/bin/bitwarden_rs
LimitNOFILE=1048576
LimitNPROC=64
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=strict
WorkingDirectory=/etc/bitwarden/
ReadWriteDirectories=/etc/bitwarden/
ReadWriteDirectories=/run/log/bitwarden/
AmbientCapabilities=CAP_NET_BIND_SERVICE
Restart=always
RestartSec=5
StartLimitBurst=3
StartLimitInterval=60
StandardOutput=null
StandardError=null

[Install]
WantedBy=multi-user.target

添加运行用户:

useradd -r bitwarden  -s /usr/sbin/nologin

/etc/bitwarden/config.env文件:

WEB_VAULT_FOLDER="/usr/local/web-vault"
DATA_FOLDER="/etc/bitwarden/data"
ROCKET_ADDRESS="127.0.0.1"
ROCKET_PORT="8080"
SIGNUPS_ALLOWED="false"
INVITATIONS_ALLOWED="false"
DOMAIN="https://www.haiyun.me"
SHOW_PASSWORD_HINT="false"
LOG_FILE="/run/log/bitwarden/bitwarden.log"
EXTENDED_LOGGING="true"
#"trace", "debug", "info", "warn", "error" or "off".
LOG_LEVEL="info"

nginx配置:

server {
  listen       0.0.0.0:443 ssl http2;
  server_name www.haiyun.me;

  ssl_certificate /etc/acme/www.haiyun.me_ecc/fullchain.cer;
  ssl_certificate_key /etc/acme/www.haiyun.me_ecc/www.haiyun.me.key;
  ssl_protocols      TLSv1.2 TLSv1.3;
  #ssl_ciphers         HIGH:!aNULL:!MD5;
  ssl_ciphers TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA;
  ssl_prefer_server_ciphers   off; 

  ssl_early_data on;
  ssl_session_timeout 1d;
  ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
  ssl_session_tickets off;

  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_trusted_certificate /etc/acme/www.haiyun.me_ecc/ca.cer;

  root   /var/www/html;
  index  index.html index.htm;

  location / {
    proxy_redirect off;
    #proxy_pass http://127.0.0.1:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
  access_log /run/log/nginx/www.haiyun.me.log ssl;
  error_log  /run/log/nginx/www.haiyun.me_error.log;
}

https://github.com/dani-garcia/bitwarden_rs/wiki/Building-binary
https://github.com/t4t5/sweetalert/issues/890
https://www.reddit.com/r/Bitwarden/comments/dg78bi/building_selfhosted_bitwarden_via_bitwarden_rs/
https://www.ixsystems.com/community/threads/how-to-build-your-own-bitwarden_rs-jail.81389/

标签:bitwarden

有 7 条 关于" ubuntu编译安装bitwarden_rs和web-vault "的评论

  1. 1

    請問你編譯的arm64可以正常運行麽,我按照您發的編譯出來報錯。

    1. 海运

      正常运行

      1. 1

        能共享下发邮箱么,我这编译出来运行报错如下
        /--------------------------------------------------------------------\
        | Starting Bitwarden_RS |
        | Version 1.16.0-fd1354d0 |
        |--------------------------------------------------------------------|
        | This is an *unofficial* Bitwarden implementation, DO NOT use the |
        | official channels to report bugs/features, regardless of client. |
        | Send usage/configuration questions or feature requests to: |
        | https://bitwardenrs.discourse.group/ |
        | Report suspected bugs/issues in the software itself at: |
        | https://github.com/dani-garcia/bitwarden_rs/issues/new |
        \--------------------------------------------------------------------/

        thread 'main' panicked at 'Valid log level: ParseLevelError(())', src/main.rs:67:51
        note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

        1. 海运

          你配置变量有问题?LOG_LEVEL?
          https://github.com/dani-garcia/bitwarden_rs/blob/253faaf02372ec0ce198e2ee480de4a59986d8a6/.env.template#L46-L50

          1. 1

            我源碼沒有任何修改,同樣編譯的在X86上可以正常運行。然後原封不動編譯aarch64就提示以上錯誤。

            1. 海运

              LOG_LEVEL是配置文件变量,本文配置使用systemd启动在EnvironmentFile=/etc/bitwarden/config.env。

  2. 1

    thread 'main' panicked at 'Valid log level: ParseLevelError(())', src/main.rs:67:51
    note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

发表评论

分类
最新文章
最近回复
  • koldjf: 不能过滤
  • 杰迪武士: 此文甚好甚强巨,依照此文在树莓派2 + Rasbian上部署成功 感谢博主美文共赏
  • 海运: ups不知有没选项可设置此参数,不过你可以在另外一台电脑上安装nut客户端自动关机。
  • kgami: 想请教一下,设置了的电脑自动关机之后,几秒后UPS怎么也跟着关机了,导致另外一台电脑没关机就断...
  • 海运: 写的很详细了啊,/etc/nut/hosts.conf用以nut-cgi连接nut服务器参数,...
  • ryan: 请问下nginx配置好了,怎么和这个nut链接呢?最后可视化管理这块能给个详细一点的教程么?谢谢。
  • 1: /etc/config/fstab配置文件 https://openwrt.org/zh/do...
  • 听雨看雪: 找了好久,终于找到UP主,给出的正确解决方案,太感谢了,困扰大半年的问题,重装了N道PVE系统...
  • zr: 大佬,这个bash-completion是从哪个源搞到的
  • 姚生: 要要下载