团队内部密码共享方案： Bitwarden

自建Bitwarden服务端

# docker pull bitwardenrs/server:latest
# useradd bitwarden
# su - bitwarden
$ mkdir ~/data/

环境变量配置：

$ cat config.env
SIGNUPS_ALLOWED=true
DOMAIN=https://192.168.x.x
DATABASE_URL=/home/bitwarden/data/bw.db
ROCKET_WORKERS=10
WEB_VAULT_ENABLED=true
ADMIN_TOKEN=xxxx
WEBSOCKET_ENABLED=true

docker-compose配置

# wget https://hub.fastgit.org/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64 -O  /usr/local/bin/docker-compose
# chmod +x /usr/local/bin/docker-compose
# cat /home/bitwarden/docker-compose.yml
version: '3'
services:
  bitwarden:
    image: bitwardenrs/server:latest
    container_name: bitwarden
    restart: always
    volumes:
      - /home/bitwarden/data:/data
    env_file:
      - config.env
    ports:
      - "8080:80"
      - "3012:3012"
# docker-compose -f /home/bitwarden/docker-compose.yml  up -d

安装nginx

# docker run -it -d --name nginx -v /home/bitwarden/nginx:/etc/nginx/  -p 80:80 -p 443:443  nginx:latest

nginx配置：

$ cat ~/nginx/conf.d/default.conf
server {
    listen       80;
  return 301 https://$host$request_uri; #将http的域名请求转成https
    server_name  localhost;
}


server {
  listen 443;
  server_name localhost;
  ssl on;
  ssl_certificate /etc/nginx/com.crt;
  ssl_certificate_key /etc/nginx/com.key;
  ssl_session_timeout 5m;
  ssl_ciphers HIGH:!aNULL:!MD5;
  ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;

  #配置反向代理，请求代理发送到8080端口
  location / {
   proxy_pass http://127.0.0.1:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
}

bitwarden 客户端/浏览器插件 下载

https://bitwarden.com/download/