No description
Find a file
2024-06-29 12:23:35 +02:00
nginx Rename nginx.conf to nginx/nginx.conf 2024-06-29 12:22:55 +02:00
vaultwarden Rename .env to vaultwarden/.env 2024-06-29 12:23:35 +02:00
add_admin_token.sh Create add_admin_token.sh 2024-06-29 02:28:40 +02:00
LICENSE Initial commit 2024-06-29 02:25:06 +02:00
README.md Update README.md 2024-06-29 03:54:50 +02:00

What we need

Install notes

apt update
apt upgrade

apt install git pkg-config libssl-dev curl mc argon2 ca-certificates net-tools

install -m 0755 -d /etc/apt/keyrings

curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc

chmod a+r /etc/apt/keyrings/docker.asc

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

apt-get update

apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

echo "{" > /etc/docker/daemon.json
echo '  "iptables": false' >> /etc/docker/daemon.json 
echo "}" >> /etc/docker/daemon.json  

systemctl restart docker

ufw allow in on docker0
ufw route allow in on docker0
ufw route allow out on docker0

ufw allow 22
ufw allow 443
ufw enable

ufw status verbose

docker run hello-world

mkdir /root/nginx
mkdir /root/vaultwarden

Check the ports with an external computer

nmap -v -A vaultwarden.neuro.uni-bremen.de

What now?

We need this in /root/nginx:

  • ca.pem : Public Key plus certificate chain
  • key.pem : Private SSL key decrypted
  • nginx.conf

We want this file modes:

-rw------- 1 root root 3268 Jun 28 17:30 key.pem
-rw------- 1 root root 8964 Jun 28 17:30 ca.pem
-rw-r--r-- 1 root root 1327 Jun 28 17:47 nginx.conf

We need this in /root/vaultwarden:

  • .env: Change both passwords
  • add_admin_token.sh : Change password and run ONCE: sh add_admin_token.sh
  • compose.yml

In /root/vaultwarden

Start docker:

docker compose up -d

Stop docker:

docker compose down

Show logs continously:

docker compose logs -f

TODO:

SMTP mit SIGNUPS_VERIFY=true

SMTP_HOST=smtp.domain.tld
SMTP_FROM=vaultwarden@domain.tld
SMTP_FROM_NAME=Vaultwarden
SMTP_USERNAME=username
SMTP_PASSWORD=password
SMTP_TIMEOUT=15
SIGNUPS_VERIFY=true
SMTP_SECURITY=starttls
SMTP_PORT=587

Options to think about:

ORG_CREATION_USERS=none
INVITATIONS_ALLOWED=false
EMAIL_CHANGE_ALLOWED=false