Am einfachsten Vaultwarden ohne Docker zu installieren ist das Docker Image zu extrahieren. Dieses Vorgehen wird nachfolgend erläutert und basiert auf https://www.bloovis.com/posts/2023-10-06-vaultwarden-without-docker/.
Vorbereitung zur Docker Extraktion:
mkdir vw-image cd vw-image wget https://raw.githubusercontent.com/jjlin/docker-image-extract/main/docker-image-extract chmod +x docker-image-extract
Extraktion des Docker Image:
./docker-image-extract vaultwarden/server:latest
Erstellung der notwendigen Verzeichnisse:
mkdir /opt/vaultwarden mkdir /var/lib/vaultwarden mkdir /var/lib/vaultwarden/data
Erstellung eines Benutzers und dessen Berechtigungen:
useradd vaultwarden chown -R vaultwarden:vaultwarden /var/lib/vaultwarden
Verschieben der Vaultwarden Dateien in die neuen Verzeichnisse:
mv output/vaultwarden /opt/vaultwarden mv output/web-vault /var/lib/vaultwarden
Löschen der nicht mehr benötigten Dateien:
rm -Rf output rm -Rf docker-image-extract
Hash Generierung des Adminpassworts
/opt/vaultwarden/vaultwarden hash
Anlegen der Konfigurationsdatei /var/lib/vaultwarden/.env
ROCKET_ADDRESS=<IP ADRESSE des Interface> DOMAIN=https://www.example.com/vaultwarden/ ORG_CREATION_USERS=user@example.com ADMIN_TOKEN='<hash produced by vaultwarden hash earlier>' SIGNUPS_ALLOWED=false SMTP_HOST=smtp.example.com SMTP_FROM=vaultwarden@example.com SMTP_FROM_NAME=Vaultwarden SMTP_PORT=587 # Ports 587 (submission) and 25 (smtp) are standard without encryption and with encryption via STARTTLS (Explicit TLS). Port 465 is outdated and us> SMTP_SSL=true # (Explicit) - This variable by default configures Explicit STARTTLS, it will upgrade an insecure connection to a secure one. Unless SMTP_EXPLICIT_> SMTP_EXPLICIT_TLS=false # (Implicit) - N.B. This variable configures Implicit TLS. It's currently mislabelled (see bug #851) - SMTP_SSL Needs to be set to true for this o> SMTP_USERNAME=user@example.com SMTP_PASSWORD=mysmtppassword SMTP_TIMEOUT=15
Erstellung der Dienstdatei
[Unit] Description=Bitwarden Server (Rust Edition) Documentation=https://github.com/dani-garcia/vaultwarden After=network.target [Service] User=vaultwarden Group=vaultwarden EnvironmentFile=/var/lib/vaultwarden/.env ExecStart=/opt/vaultwarden/vaultwarden LimitNOFILE=1048576 LimitNPROC=64 PrivateTmp=true PrivateDevices=true ProtectHome=true ProtectSystem=strict WorkingDirectory=/var/lib/vaultwarden ReadWriteDirectories=/var/lib/vaultwarden AmbientCapabilities=CAP_NET_BIND_SERVICE [Install] WantedBy=multi-user.target
Autostart des Dienst && starten des Dienstes
systemctl enable vaultwarden systemctl start vaultwarden systemctl status vaultwarden
Create empty script file and make it executable.
touch /root/Update_Vaultwarden.sh chmod +x /root/Update_Vaultwarden.sh
Paste the following content into the file
#!/bin/bash ### Author Oliver Lehmann ### Date: 12 January 2024 echo "Stopping service." systemctl stop vaultwarden echo "Creating Backup of Credentials Store." rm -R /root/Backups cd /var/lib/vaultwarden mkdir /root/Backups tar cfz /root/Backups/vaultwarden.tar.gz data .env &> /dev/null echo "Removing old directories." rm -R /opt/vaultwarden rm -R /var/lib/vaultwarden echo "Getting new Docker Version and Extractor" mkdir /root/vw-image cd /root/vw-image wget https://raw.githubusercontent.com/jjlin/docker-image-extract/main/docker-image-extract &> /dev/null chmod +x docker-image-extract ./docker-image-extract vaultwarden/server:latest &> /dev/null #./docker-image-extract vaultwarden/server:testing &> /dev/null echo "Setting up directories & moving new files." mkdir /opt/vaultwarden mkdir /var/lib/vaultwarden mv output/vaultwarden /opt/vaultwarden mv output/web-vault /var/lib/vaultwarden echo "Restoring backups and setting access permissions." cd /var/lib/vaultwarden tar xfz /root/Backups/vaultwarden.tar.gz chown -R vaultwarden:vaultwarden /var/lib/vaultwarden echo "Removing installation files." cd rm -R vw-image echo "Starting vaultwarden." systemctl start vaultwarden echo "****************************************************************" echo "" echo " The Backup will be removed with the next run of this script " echo "" echo "****************************************************************"