davrot/vaultwardenub
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
vaultwardenub/README.md
David Rotermund bd3fd5ac99
Update README.md
2024-07-16 00:57:59 +02:00

131 lines
2.8 KiB
Markdown
Raw Blame History

# What we need
* server with Ubuntu
* DNS entry
* SSL certificates via https://onlinetools.zfn.uni-bremen.de/server/content/onlinetools/
# Install notes
```
apt update
apt upgrade
apt install git pkg-config libssl-dev curl mc argon2 ca-certificates net-tools
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
echo "{" > /etc/docker/daemon.json
echo ' "iptables": false' >> /etc/docker/daemon.json
echo "}" >> /etc/docker/daemon.json
systemctl restart docker
sed -i -e 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/g' /etc/default/ufw
ufw reload
iptables -t nat -A POSTROUTING ! -o docker0 -s 172.18.0.0/16 -j MASQUERADE
ufw allow in on docker0
ufw route allow in on docker0
ufw route allow out on docker0
ufw allow 22
ufw allow 443
ufw enable
ufw status verbose
docker run hello-world
mkdir /root/nginx
mkdir /root/vaultwarden
```
# Check the ports with an external computer
```
nmap -v -A vaultwarden.neuro.uni-bremen.de
```
# What now?
## We need this in /root/mysql:
* .env: Change both passwords
* compose.yml
In /root/mysql
Start docker:
```
docker compose up -d
```
Stop docker:
```
docker compose down
```
Show logs continously:
```
docker compose logs -f
```
## We need this in /root/nginx:
* ca.pem : Public Key plus certificate chain
* key.pem : Private SSL key decrypted
* nginx.conf
We want this file modes:
```
-rw------- 1 root root 3268 Jun 28 17:30 key.pem
-rw------- 1 root root 8964 Jun 28 17:30 ca.pem
-rw-r--r-- 1 root root 1327 Jun 28 17:47 nginx.conf
```
## We need this in /root/vaultwarden:
* .env: Change three passwords (mysql passwords need to be the same as above) and the email user name; obviously you want to change the domainname
* add_admin_token.sh : Change password and run ONCE: sh add_admin_token.sh
* compose.yml : Look for neuro.uni-bremen.de related stuff and change it...
In /root/vaultwarden
Start docker:
```
docker compose up -d
```
Stop docker:
```
docker compose down
```
Show logs continously:
```
docker compose logs -f
```
# Disable YubiCo and Duo special support
Use the admin console to disable them. We only want tot use the FIDO2 Webauth mode.
# Options to think about:
* Separate SSL Proxy and Vaultwarden / MariaDB
* Allow only 134.102.0.0/16 und 2001:638:708::/48? But then the smartphones need VPN access to the University IP range.
Reference in a new issue View git blame Copy permalink