docker-compose文件
services:
bitwarden:
image: vaultwarden/server:latest
restart: always
volumes:
- ./data:/data
- ./data/cert.pem:/ssl/cert.pem
- ./data/key.pem:/ssl/key.pem
environment:
ROCKET_TLS: '{certs="/ssl/cert.pem", key="/ssl/key.pem"}'
ROCKET_PORT: "443"
WEB_VAULT_ENABLED: "true"
# PUID: 1000
# PGID: 1000
TZ: Asia/Shanghai
SIGNUPS_ALLOWED: false
# LOG_FILE: /data/bitwarden.log
ports:
- "8443:443"
自签名证书生成
使用mkcert工具可以快速创建被本地信任的证书。这个工具会自动生成根证书并安装到系统信任库,省去手动导入的麻烦。具体操作:
# 下载mkcert(以Linux amd64为例)
wget -O mkcert https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-linux-amd64
chmod +x mkcert
# 生成证书(替换192.168.1.100为你的内网IP)
./mkcert -install
./mkcert -cert-file bitwarden.pem -key-file bitwarden-key.pem 192.168.1.100
生成后你会得到三个关键文件:
- bitwarden.pem:服务器证书
- bitwarden-key.pem:私钥
- rootCA.pem:根证书(默认在~/.local/share/mkcert/)