lasers/bitwarden_rs
1
0
Fork 0
mirror of https://github.com/dani-garcia/bitwarden_rs synced 2024-11-29 05:21:22 +01:00
Code Issues Projects Releases Wiki Activity

Add hint of the X-Robots-Tag in the Caddyfile to Prevent search engines from indexing

Jacobite89 2019-11-14 09:03:00 +01:00
parent 1b2bf6f46b
commit d7df0adb85
1 changed files with 21 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
Using-Docker-Compose.md

@ -4,9 +4,8 @@ This guide is based on [#126 (comment)](https://github.com/dani-garcia/bitwarden
Create a `docker-compose.yml` file based on this: Create a `docker-compose.yml` file based on this:
```yml ```yml
#docker-compose.yml # docker-compose.yml
version: '3'
version: "3"
services: services:
bitwarden: bitwarden:
@ -15,8 +14,8 @@ services:
volumes: volumes:
- ./bw-data:/data - ./bw-data:/data
environment: environment:
WEBSOCKET_ENABLED: "true" # Required to use websockets WEBSOCKET_ENABLED: 'true' # Required to use websockets
SIGNUPS_ALLOWED: "true" # set to false to disable signups SIGNUPS_ALLOWED: 'true' # set to false to disable signups
caddy: caddy:
image: abiosoft/caddy image: abiosoft/caddy
@ -28,19 +27,20 @@ services:
- 80:80 # needed for Let's Encrypt - 80:80 # needed for Let's Encrypt
- 443:443 - 443:443
environment: environment:
ACME_AGREE: "true" # agree to Let's Encrypt Subscriber Agreement ACME_AGREE: 'true' # agree to Let's Encrypt Subscriber Agreement
DOMAIN: "bitwarden.example.org" # CHANGE THIS! Used for Auto Let's Encrypt SSL DOMAIN: 'bitwarden.example.org' # CHANGE THIS! Used for Auto Let's Encrypt SSL
EMAIL: "bitwarden@example.org" # CHANGE THIS! Optional, provided to Let's Encrypt EMAIL: 'bitwarden@example.org' # CHANGE THIS! Optional, provided to Let's Encrypt
volumes: volumes:
caddycerts: caddycerts:
``` ```
and the corresponding `Caddyfile` (does not need to be modified): and the corresponding `Caddyfile` (does not need to be modified):
```nginx ```nginx
#Caddyfile # Caddyfile
{$DOMAIN} { {$DOMAIN} {
tls {$EMAIL} tls {$EMAIL}
gzip
header / { header / {
# Enable HTTP Strict Transport Security (HSTS) # Enable HTTP Strict Transport Security (HSTS)
@ -49,6 +49,8 @@ and the corresponding `Caddyfile` (does not need to be modified):
X-XSS-Protection "1; mode=block" X-XSS-Protection "1; mode=block"
# Disallow the site to be rendered within a frame (clickjacking protection) # Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "DENY" X-Frame-Options "DENY"
# Prevent search engines from indexing (optional)
#X-Robots-Tag "none"
} }
# The negotiation endpoint is also proxied to Rocket # The negotiation endpoint is also proxied to Rocket
@ -80,31 +82,25 @@ docker-compose down
stops and destroys the containers. stops and destroys the containers.
If there's no need for websocket notifications, you can run Bitwarden_rs alone. Here's my example. Actually I'm running Bitwarden_rs on my Raspberry Pi and I'm using bitwardenrs/server:raspberry image. If you want to do the same, remember to change it to the example. If there's no need for websocket notifications, you can run Bitwarden_rs alone. Here's my example. Actually I'm running Bitwarden_rs on my Raspberry Pi and I'm using bitwardenrs/server:raspberry image. If you want to do the same, remember to change it to the example.
``` ```yml
#docker-compose.yml # docker-compose.yml
version: '3' version: '3'
services: services:
bitwarden: bitwarden:
image: bitwardenrs/server image: bitwardenrs/server
restart: always restart: always
volumes: volumes:
- ./bw-data/:/data/ - ./bw-data:/data
- /home/pi/ssl/:/ssl/ - ./ssl:/ssl
ports:
- 443:80
environment: environment:
ROCKET_TLS: '{certs = "/ssl/fullchain.pem", key = "/ssl/key.pem"}' ROCKET_TLS: '{certs = "/ssl/fullchain.pem", key = "/ssl/key.pem"}'
SIGNUPS_ALLOWED: "true" LOG_FILE: '/data/bitwarden.log'
SMTP_HOST: "smtp.host.net" SIGNUPS_ALLOWED: 'true'
SMTP_FROM: "no-reply@home.example.com"
SMTP_PORT: "587"
SMTP_SSL: "true"
SMTP_USERNAME: "xxx"
SMTP_PASSWORD: "yyy"
LOG_FILE: "/data/bitwarden.log"
ports:
- 192.168.1.20:443:80 #Server's home IP
``` ```
Even the server is running at the home network behind the NAT, I wanted to have Let's Encrypt's certificate. I followed this guide https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode. First set domain cname. And with CloudFlare export CF_Key and CF_Email or CF_Token and CF_Account_ID. https://github.com/Neilpang/acme.sh/wiki/dnsapi Then issue a cert. Finally install cert. `acme.sh --install-cert -d home.example.com --key-file /home/pi/ssl/key.pem --fullchain-file /home/pi/ssl/fullchain.pem` Even the server is running at the home network behind the NAT, I wanted to have Let's Encrypt's certificate. I followed this guide https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode. First set domain cname. And with CloudFlare export CF_Key and CF_Email or CF_Token and CF_Account_ID. https://github.com/Neilpang/acme.sh/wiki/dnsapi Then issue a cert. Finally install cert. `acme.sh --install-cert -d home.example.com --key-file /home/pi/ssl/key.pem --fullchain-file /home/pi/ssl/fullchain.pem`
Or simply use `acme.sh --issue -d home.example.com --challenge-alias otherdomain.com --dns dns_cf --key-file /home/pi/ssl/key.pem --fullchain-file /home/pi/ssl/fullchain.pem` Or simply use `acme.sh --issue -d home.example.com --challenge-alias otherdomain.com --dns dns_cf --key-file /home/pi/ssl/key.pem --fullchain-file /home/pi/ssl/fullchain.pem`
My domain's A record points to the binded IP on the last line of docker-compose.yml and there are no complaints about certificate. My domain's A record points to the binded IP on the last line of docker-compose.yml and there are no complaints about certificate.