joywaygamess/server-deploy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
41a586b97b552c35b178e5d7c7f4d5da5b11867b
server-deploy/vaultwarden/deploy.sh

211 lines
8.1 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
# ============================================
# Vaultwarden 一键部署脚本
# 自动安装 Docker + Nginx + SSL + Vaultwarden
# ============================================
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
cd "$SCRIPT_DIR"
# ===== 加载公共基础函数 =====
BASE_DIR="$(cd "$SCRIPT_DIR/../base" 2>/dev/null && pwd)" || true
if [ -z "$BASE_DIR" ] || [ ! -f "$BASE_DIR/setup.sh" ]; then
echo "[ERROR] base/setup.sh 未找到" >&2
echo "请确保目录结构如下:" >&2
echo " /opt/base/setup.sh" >&2
echo " /opt/vaultwarden/deploy.sh (当前脚本)" >&2
exit 1
fi
source "$BASE_DIR/setup.sh"
# =============================================================
# Vaultwarden 专用函数
# =============================================================
# 生成随机密码
generate_password() {
openssl rand -base64 32 | tr -d '/+=' | head -c 32
}
init_env() {
step "初始化 Vaultwarden 配置"
if [ ! -f .env ]; then
if [ ! -f .env.example ]; then
error "缺少 .env.example 模板文件"
exit 1
fi
cp .env.example .env
# 自动生成 ADMIN_TOKEN
local admin_token
admin_token=$(generate_password)
sed -i "s/^ADMIN_TOKEN=$/ADMIN_TOKEN=${admin_token}/" .env
log "已自动生成 ADMIN_TOKEN"
log "已生成 .env 文件"
echo ""
warn "┌──────────────────────────────────────────────────────┐"
warn "│ 请编辑 .env 文件,至少修改以下配置: │"
warn "│ │"
warn "│ VAULTWARDEN_DOMAIN=vault.yourdomain.com │"
warn "│ CERTBOT_EMAIL=you@yourdomain.com │"
warn "│ │"
warn "│ ADMIN_TOKEN 已自动生成,请妥善保存 │"
warn "│ │"
warn "│ 编辑命令: vi $SCRIPT_DIR/.env │"
warn "│ 编辑完成后重新运行: bash deploy.sh │"
warn "└──────────────────────────────────────────────────────┘"
exit 0
fi
set -a; source .env; set +a
local has_error=0
if [[ -z "${VAULTWARDEN_DOMAIN:-}" ]] || [[ "${VAULTWARDEN_DOMAIN}" == "vault.example.com" ]]; then
error "请在 .env 中将 VAULTWARDEN_DOMAIN 修改为你的实际域名"
has_error=1
fi
if [[ -z "${CERTBOT_EMAIL:-}" ]] || [[ "${CERTBOT_EMAIL}" == "admin@example.com" ]]; then
error "请在 .env 中将 CERTBOT_EMAIL 修改为你的实际邮箱"
has_error=1
fi
if [[ -z "${ADMIN_TOKEN:-}" ]]; then
error "ADMIN_TOKEN 未设置"
has_error=1
fi
[ "$has_error" -eq 1 ] && { error "请修改 .env 后重新运行"; exit 1; }
log "配置检查通过"
log " 域名: ${VAULTWARDEN_DOMAIN}"
log " 邮箱: ${CERTBOT_EMAIL}"
log " 注册: ${SIGNUPS_ALLOWED:-true}"
}
create_dirs() {
step "创建数据目录"
local data_dir="${VAULTWARDEN_DATA_DIR:-/var/lib/vaultwarden}"
local backup_dir="${BACKUP_DIR:-/var/backups/vaultwarden}"
mkdir -p "$data_dir" "$backup_dir"
log "数据目录: $data_dir"
log "备份目录: $backup_dir"
}
start_services() {
step "启动 Vaultwarden 服务"
log "正在拉取镜像..."
docker compose pull
log "正在启动容器..."
docker compose up -d
local port="${VAULTWARDEN_PORT:-8080}"
log "等待 Vaultwarden 就绪..."
local max_wait=30
for i in $(seq 1 "$max_wait"); do
if curl -sf "http://127.0.0.1:${port}/alive" &> /dev/null; then
log "Vaultwarden 启动成功!"
return
fi
sleep 2
done
warn "Vaultwarden 可能仍在启动中,请稍后检查: docker compose logs -f"
}
show_info() {
set -a; source .env; set +a
echo ""
echo -e "${GREEN}╔══════════════════════════════════════════════════════════╗${NC}"
echo -e "${GREEN}║ Vaultwarden 部署完成! ║${NC}"
echo -e "${GREEN}╠══════════════════════════════════════════════════════════╣${NC}"
echo -e "${GREEN}${NC}"
echo -e "${GREEN}${NC} Web 访问: ${CYAN}https://${VAULTWARDEN_DOMAIN}${NC}"
echo -e "${GREEN}${NC} 管理后台: ${CYAN}https://${VAULTWARDEN_DOMAIN}/admin${NC}"
echo -e "${GREEN}${NC}"
echo -e "${GREEN}${NC} 数据目录: ${VAULTWARDEN_DATA_DIR:-/var/lib/vaultwarden}"
echo -e "${GREEN}${NC} 备份目录: ${BACKUP_DIR:-/var/backups/vaultwarden}"
echo -e "${GREEN}${NC}"
echo -e "${GREEN}${NC} ${YELLOW}管理员令牌保存在 .env 文件的 ADMIN_TOKEN 中${NC}"
echo -e "${GREEN}${NC}"
echo -e "${GREEN}${NC} 客户端下载:"
echo -e "${GREEN}${NC} 浏览器插件: ${CYAN}https://bitwarden.com/download/${NC}"
echo -e "${GREEN}${NC} 桌面客户端: ${CYAN}https://bitwarden.com/download/${NC}"
echo -e "${GREEN}${NC} 移动端: ${CYAN}https://bitwarden.com/download/${NC}"
echo -e "${GREEN}${NC}"
echo -e "${GREEN}${NC} ${RED}⚠ 客户端连接时,服务器 URL 填写:${NC}"
echo -e "${GREEN}${NC} ${CYAN} https://${VAULTWARDEN_DOMAIN}${NC}"
echo -e "${GREEN}${NC}"
if [[ "${SIGNUPS_ALLOWED:-true}" == "true" ]]; then
echo -e "${GREEN}${NC} ${YELLOW}⚠ 注册功能已开启,注册完账号后建议关闭:${NC}"
echo -e "${GREEN}${NC} ${YELLOW} 修改 .env 中 SIGNUPS_ALLOWED=false${NC}"
echo -e "${GREEN}${NC} ${YELLOW} 然后 docker compose restart${NC}"
fi
echo -e "${GREEN}${NC}"
echo -e "${GREEN}╚══════════════════════════════════════════════════════════╝${NC}"
echo ""
echo "常用命令:"
echo " 查看日志: cd $SCRIPT_DIR && docker compose logs -f"
echo " 重启服务: cd $SCRIPT_DIR && docker compose restart"
echo " 停止服务: cd $SCRIPT_DIR && docker compose down"
echo " 备份数据: cd $SCRIPT_DIR && bash backup.sh"
echo ""
}
# =============================================================
# 主流程
# =============================================================
main() {
echo -e "${CYAN}"
echo " __ __ _ _"
echo " \\ \\ / /_ _ _ _| | |___ ____ _ _ __ ____| | ___ _ __"
echo " \\ \\ / / _\` | | | | | __\\ \\ /\\ / / _\` | '__/ _ | |/ _ \\ '_ \\"
echo " \\ V / (_| | |_| | | |_ \\ V V / (_| | | | (_| | __/ | | |"
echo " \\_/ \\__,_|\\__,_|_|\\__| \\_/\\_/ \\__,_|_| \\__,_|\\___|_| |_|"
echo -e "${NC}"
echo ""
check_root
load_base_env "$BASE_DIR"
# Step 1: 系统初始化
init_system
# Step 2: 安装 Docker
install_docker
# Step 3: 安装 Nginx
install_nginx
# Step 4: 初始化配置
init_env
# Step 5: 配置 Docker 镜像加速
configure_docker_mirrors
# Step 6: 创建数据目录
create_dirs
# Step 7: 配置防火墙
setup_firewall_base
# Step 8: 配置 SSL 证书
setup_ssl_cert "${VAULTWARDEN_DOMAIN}" "${CERTBOT_EMAIL}" "vaultwarden"
# Step 9: 部署 Nginx 反向代理
deploy_nginx_conf "$SCRIPT_DIR/nginx/vaultwarden.conf" "${VAULTWARDEN_DOMAIN}" "vaultwarden"
# Step 10: 启动服务
start_services
# 显示部署信息
show_info
log "===== Vaultwarden 部署完成 ====="
}
main "$@"
Reference in New Issue View Git Blame Copy Permalink