시놀로지 bitwarden 암호관리 설치 및 활용
시놀로지를 이용하여 암호를 관리할 수 있는 툴인 bitwarden을 소개합니다.
bitwarden 를 설치하시전에 도커가 미리 설치가 되어있어여 합니다.
SSH 접속 활성화 하신후 아래와 같이 설치을 진행하시면 됩니다.
cd volume1/docker curl -s -o bitwarden.sh \ https://raw.githubusercontent.com/bitwarden/server/master/scripts/bitwarden.sh \ && chmod +x bitwarden.sh ./bitwarden.sh install root@synology:/volume1/docker# ./bitwarden.sh install _ _ _ _ | |__ (_) |___ ____ _ _ __ __| | ___ _ __ | '_ \| | __\ \ /\ / / _` | '__/ _` |/ _ \ '_ \ | |_) | | |_ \ V V / (_| | | | (_| | __/ | | | |_.__/|_|\__| \_/\_/ \__,_|_| \__,_|\___|_| |_| Open source password management solutions Copyright 2015-2018, 8bit Solutions LLC https://bitwarden.com, https://github.com/bitwarden =================================================== Docker version 17.05.0-ce, build 9f07f0e-synology docker-compose version 1.14.0, build c7bdf9e (!) Enter the domain name for your bitwarden instance (ex. bitwarden.company.com): "" (!) Do you want to use Let's Encrypt to generate a free SSL certificate? (y/n): n 1.17.2: Pulling from bitwarden/setup Digest: sha256:cf55e0288b6392ee9c35022089396c3c561773ddc963945f1afea8fce359757f Status: Image is up to date for bitwarden/setup:1.17.2 (!) Enter your installation id (get it at https://bitwarden.com/host): "" (!) Enter your installation key: "" (!) Do you have a SSL certificate to use? (y/n): n (!) Do you want to generate a self-signed SSL certificate? (y/n): n !!!!!! WARNING !!!!!! mkdir bwdata/core bwdata/core/attachments mkdir bwdata/ca-certificates mkdir bwdata/logs bwdata/logs/admin bwdata/logs/api bwdata/logs/identity bwdata/logs/mssql bwdata/logs/nginx bwdata/logs/notifications bwdata/logs/icons mkdir bwdata/mssql bwdata/mssql/data bwdata/mssql/backups ./bitwarden.sh start ./bitwarden.sh updatedb
제어판 > 응용 프로그램 포털 > 역방향 프록시 > 생성’을 통해 새 규칙을 만듭니다.
vi bwdata/config.yml url: http://bitwarden.your-domain.com generate_compose_config: true generate_nginx_config: true http_port: 8123 https_port: compose_version: ssl: false ssl_versions: ssl_ciphersuites: ssl_managed_lets_encrypt: false ssl_certificate_path: ssl_key_path: ssl_ca_path: ssl_diffie_hellman_path: push_notifications: true database_docker_volume: false
vi bwdata/env/global.override.env globalSettings__yubico__clientId="YOUR_YUBICO_CLIENT_ID" globalSettings__yubico__key="YOUR_YUBICO_KEY" globalSettings__mail__replyToEmail=email@what-you.want globalSettings__mail__smtp__host=smtp.your-host.dev globalSettings__mail__smtp__port=587 globalSettings__mail__smtp__ssl=false globalSettings__mail__smtp__username="YOUR_EMAIL_CREDENTIALS" globalSettings__mail__smtp__password="YOUR_EMAIL_CREDENTIALS" globalSettings__disableUserRegistration=false adminSettings__admins=email@what-you.want
globalSettings__disableUserRegistration 이 항목은 사용자 생성 차단여부를 설정값입니다.
./bitwarden.sh rebuild ./bitwarden.sh restart
– 데이터 백업
Bitwarden의 핵심 데이터는 ./bwdata에 모두 있으며 ./bwdata 폴더 전체를 백업하시면 됩니다.