#!/usr/bin/env bash set -euo pipefail # ============================================ # Vaultwarden 一键部署脚本 # 自动安装 Docker + Nginx + SSL + Vaultwarden # ============================================ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" cd "$SCRIPT_DIR" # ===== 加载公共基础函数 ===== BASE_DIR="$(cd "$SCRIPT_DIR/../base" 2>/dev/null && pwd)" || true if [ -z "$BASE_DIR" ] || [ ! -f "$BASE_DIR/setup.sh" ]; then echo "[ERROR] base/setup.sh 未找到" >&2 echo "请确保目录结构如下:" >&2 echo " /opt/base/setup.sh" >&2 echo " /opt/vaultwarden/deploy.sh (当前脚本)" >&2 exit 1 fi source "$BASE_DIR/setup.sh" # ============================================================= # Vaultwarden 专用函数 # ============================================================= # 生成随机密码 generate_password() { openssl rand -base64 32 | tr -d '/+=' | head -c 32 } init_env() { step "初始化 Vaultwarden 配置" if [ ! -f .env ]; then if [ ! -f .env.example ]; then error "缺少 .env.example 模板文件" exit 1 fi cp .env.example .env # 自动生成 ADMIN_TOKEN local admin_token admin_token=$(generate_password) sed -i "s/^ADMIN_TOKEN=$/ADMIN_TOKEN=${admin_token}/" .env log "已自动生成 ADMIN_TOKEN" log "已生成 .env 文件" echo "" warn "┌──────────────────────────────────────────────────────┐" warn "│ 请编辑 .env 文件,至少修改以下配置: │" warn "│ │" warn "│ VAULTWARDEN_DOMAIN=vault.yourdomain.com │" warn "│ CERTBOT_EMAIL=you@yourdomain.com │" warn "│ │" warn "│ ADMIN_TOKEN 已自动生成,请妥善保存 │" warn "│ │" warn "│ 编辑命令: vi $SCRIPT_DIR/.env │" warn "│ 编辑完成后重新运行: bash deploy.sh │" warn "└──────────────────────────────────────────────────────┘" exit 0 fi fix_crlf .env set -a; source .env; set +a local has_error=0 if [[ -z "${VAULTWARDEN_DOMAIN:-}" ]] || [[ "${VAULTWARDEN_DOMAIN}" == "vault.example.com" ]]; then error "请在 .env 中将 VAULTWARDEN_DOMAIN 修改为你的实际域名" has_error=1 fi if [[ -z "${CERTBOT_EMAIL:-}" ]] || [[ "${CERTBOT_EMAIL}" == "admin@example.com" ]]; then error "请在 .env 中将 CERTBOT_EMAIL 修改为你的实际邮箱" has_error=1 fi if [[ -z "${ADMIN_TOKEN:-}" ]]; then error "ADMIN_TOKEN 未设置" has_error=1 fi [ "$has_error" -eq 1 ] && { error "请修改 .env 后重新运行"; exit 1; } log "配置检查通过" log " 域名: ${VAULTWARDEN_DOMAIN}" log " 邮箱: ${CERTBOT_EMAIL}" log " 注册: ${SIGNUPS_ALLOWED:-true}" } create_dirs() { step "创建数据目录" local data_dir="${VAULTWARDEN_DATA_DIR:-/var/lib/vaultwarden}" local backup_dir="${BACKUP_DIR:-/var/backups/vaultwarden}" mkdir -p "$data_dir" "$backup_dir" log "数据目录: $data_dir" log "备份目录: $backup_dir" } start_services() { step "启动 Vaultwarden 服务" log "正在拉取镜像..." docker compose pull log "正在启动容器..." docker compose up -d local port="${VAULTWARDEN_PORT:-8080}" log "等待 Vaultwarden 就绪..." local max_wait=30 for i in $(seq 1 "$max_wait"); do if curl -sf "http://127.0.0.1:${port}/alive" &> /dev/null; then log "Vaultwarden 启动成功!" return fi sleep 2 done warn "Vaultwarden 可能仍在启动中,请稍后检查: docker compose logs -f" } show_info() { set -a; source .env; set +a echo "" echo -e "${GREEN}╔══════════════════════════════════════════════════════════╗${NC}" echo -e "${GREEN}║ Vaultwarden 部署完成! ║${NC}" echo -e "${GREEN}╠══════════════════════════════════════════════════════════╣${NC}" echo -e "${GREEN}║${NC}" echo -e "${GREEN}║${NC} Web 访问: ${CYAN}https://${VAULTWARDEN_DOMAIN}${NC}" echo -e "${GREEN}║${NC} 管理后台: ${CYAN}https://${VAULTWARDEN_DOMAIN}/admin${NC}" echo -e "${GREEN}║${NC}" echo -e "${GREEN}║${NC} 数据目录: ${VAULTWARDEN_DATA_DIR:-/var/lib/vaultwarden}" echo -e "${GREEN}║${NC} 备份目录: ${BACKUP_DIR:-/var/backups/vaultwarden}" echo -e "${GREEN}║${NC}" echo -e "${GREEN}║${NC} ${YELLOW}管理员令牌保存在 .env 文件的 ADMIN_TOKEN 中${NC}" echo -e "${GREEN}║${NC}" echo -e "${GREEN}║${NC} 客户端下载:" echo -e "${GREEN}║${NC} 浏览器插件: ${CYAN}https://bitwarden.com/download/${NC}" echo -e "${GREEN}║${NC} 桌面客户端: ${CYAN}https://bitwarden.com/download/${NC}" echo -e "${GREEN}║${NC} 移动端: ${CYAN}https://bitwarden.com/download/${NC}" echo -e "${GREEN}║${NC}" echo -e "${GREEN}║${NC} ${RED}⚠ 客户端连接时,服务器 URL 填写:${NC}" echo -e "${GREEN}║${NC} ${CYAN} https://${VAULTWARDEN_DOMAIN}${NC}" echo -e "${GREEN}║${NC}" if [[ "${SIGNUPS_ALLOWED:-true}" == "true" ]]; then echo -e "${GREEN}║${NC} ${YELLOW}⚠ 注册功能已开启,注册完账号后建议关闭:${NC}" echo -e "${GREEN}║${NC} ${YELLOW} 修改 .env 中 SIGNUPS_ALLOWED=false${NC}" echo -e "${GREEN}║${NC} ${YELLOW} 然后 docker compose restart${NC}" fi echo -e "${GREEN}║${NC}" echo -e "${GREEN}╚══════════════════════════════════════════════════════════╝${NC}" echo "" echo "常用命令:" echo " 查看日志: cd $SCRIPT_DIR && docker compose logs -f" echo " 重启服务: cd $SCRIPT_DIR && docker compose restart" echo " 停止服务: cd $SCRIPT_DIR && docker compose down" echo " 备份数据: cd $SCRIPT_DIR && bash backup.sh" echo "" } # ============================================================= # 主流程 # ============================================================= main() { echo -e "${CYAN}" echo " __ __ _ _" echo " \\ \\ / /_ _ _ _| | |___ ____ _ _ __ ____| | ___ _ __" echo " \\ \\ / / _\` | | | | | __\\ \\ /\\ / / _\` | '__/ _ | |/ _ \\ '_ \\" echo " \\ V / (_| | |_| | | |_ \\ V V / (_| | | | (_| | __/ | | |" echo " \\_/ \\__,_|\\__,_|_|\\__| \\_/\\_/ \\__,_|_| \\__,_|\\___|_| |_|" echo -e "${NC}" echo "" check_root load_base_env "$BASE_DIR" # Step 1: 系统初始化 init_system # Step 2: 安装 Docker install_docker # Step 3: 安装 Nginx install_nginx # Step 4: 初始化配置 init_env # Step 5: 配置 Docker 镜像加速 configure_docker_mirrors # Step 6: 创建数据目录 create_dirs # Step 7: 配置防火墙 setup_firewall_base # Step 8: 配置 SSL 证书 setup_ssl_cert "${VAULTWARDEN_DOMAIN}" "${CERTBOT_EMAIL}" "vaultwarden" # Step 9: 部署 Nginx 反向代理 deploy_nginx_conf "$SCRIPT_DIR/nginx/vaultwarden.conf" "${VAULTWARDEN_DOMAIN}" "vaultwarden" # Step 10: 启动服务 start_services # 显示部署信息 show_info log "===== Vaultwarden 部署完成 =====" } main "$@"