进入你的项目目录#

1
$ cd <your vaultwarden project path>

创建 docker-compose.yml#

1
services:
2
  vaultwarden:
3
    image: vaultwarden/server:latest
4
    container_name: vaultwarden
5
    restart: always
6
    environment:
7
      DOMAIN: <your vaultwarden domain>
8
      # SIGNUPS_ALLOWED: "false" # 是否允许注册
9
      ROCKET_TLS: '{certs="/ssl/certificate.crt",key="/ssl/private.key"}'
10
    volumes:
11
      - <宿主机挂载数据目录路径>:/data
12
      - <宿主机证书存放目录>:/ssl # 与上面ROCKET_TLS配置对应
13
    ports:
14
      - <宿主机端口>:80

运行服务#

1
$ docker-compose up -d

配置 VPS nginx#

1
server {
2
    listen <VPS监听 PORT> ssl;
3
    server_name <your vaultwarden domain>;
4

5
    ssl_protocols TLSv1.2 TLSv1.3;
6
    ssl_certificate /path/to/certificate.crt; # ssl证书存储路径
7
    ssl_certificate_key /path/to/private.key; # 秘钥存储路径
8

9
    client_max_body_size 0;
10
    proxy_buffering off;
11
    ignore_invalid_headers off;
12

13
    location / {
14
        proxy_set_header Host $http_host;
15
        proxy_set_header X-Real-IP $remote_addr;
16
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
17
        proxy_set_header X-Forwarded-Proto $scheme;
18
        proxy_set_header X-NginX-Proxy true;
19

20
        real_ip_header X-Real-IP;
21

22
        proxy_connect_timeout 300;
23
        proxy_http_version 1.1;
24
        proxy_set_header Upgrade $http_upgrade;
25
        proxy_set_header Connection "upgrade";
26

27
        proxy_pass https://<家里云 IP>:<家里云 监听 PORT>;
28
    }
29
}