backup/restore bitwarden docker in a new machine + yubikey support
date
May 6, 2022
slug
bitwarden-docker-yubikey-2fa
status
Published
summary
小技巧 自建密码服务
tags
tip
type
Post
URL
Problem & Summary
Solution
export QH13=/drive/qh13_webdav_remote/webdav_remote
tail $QH13/_host/$(hostname)/$(hostname).log
docker stop bitwarden
mkdir -p /data/bitwarden; cd /data/bitwarden
cp /data/gd_stanford/_host/bwh5g5t/2022-05-06/bitwarden.backup.datafolder.2022-05-06-125035.zip .
unzip *.zip && rm *.zip
mv data data_tmp
mv data_tmp/bitwarden/data .
rm -rf data_tmp
cd data
mv db.sqlite3 db.sqlite3.bak
# 之前通过这个备份
# sqlite3 -stats db.sqlite3 ".backup db.sqlite3.backup_by_commandline"
sqlite3 -stats db.sqlite3 ".restore db.sqlite3.backup_by_commandline"
# refresh everything
rm rsa_key.*
# check tmp_qh_all
YUB_ID=66333
YUB_KEY=ImiWwxLY61NRKoRQ
docker run -d \
--name bitwarden \
-p 18080:80 \
-p 18081:3012 \
--restart=always \
-e SIGNUPS_ALLOWED=true \
-e WEB_VAULT_ENABLED=true \
-e WEBSOCKET_ENABLED=true \
-e YUBICO_CLIENT_ID=${YUB_ID} \
-e YUBICO_SECRET_KEY=${YUB_KEY} \
-v /data/bitwarden/data:/data \
vaultwarden/server:latest
# or simply
docker restart bitwarden
sleep 1s; docker logs -f bitwarden反代 18080
但要改一下反代配置 - 主要加上 /notifications/hub
#PROXY-START/
location ~* \.(php|jsp|cgi|asp|aspx)$
{
proxy_pass http://127.0.0.1:18080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
}
location /
{
proxy_pass http://127.0.0.1:18080; # -> 80
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
add_header X-Cache $upstream_cache_status;
#Set Nginx Cache
add_header Cache-Control no-cache;
expires 12h;
}
location /notifications/hub {
proxy_pass http://127.0.0.1:18081; # -> 3012
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /notifications/hub/negotiate {
proxy_pass http://127.0.0.1:18080; # -> 80
}
#PROXY-END/最主要的需要备份的的文件
