baldnerd/password-manager-server-appliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Working, but incomplete

Browse Source
This commit is contained in:
Robbie Ferguson
2025-07-11 13:51:53 -04:00
parent d95bb1b94b
commit a7e6715082
3 changed files with 52 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
installer.sh
View File

@ -92,7 +92,7 @@ fi
# Update system and install dependencies
echo "Installing dependencies..."
apt update && apt upgrade -y
apt install -y curl gnupg2 software-properties-common apt-transport-https lsb-release mariadb-server mariadb-client nginx unzip ufw git build-essential pkg-config libssl-dev libmariadb-dev libmariadb-dev-compat sudo xxd
apt install -y curl gnupg2 software-properties-common apt-transport-https lsb-release mariadb-server mariadb-client nginx unzip ufw git build-essential pkg-config libssl-dev libmariadb-dev libmariadb-dev-compat sudo xxd openssl
ufw allow OpenSSH
ufw allow 'Nginx Full'
@ -240,40 +240,31 @@ if [ -f /etc/nginx/sites-enabled/default ]; then
rm -f /etc/nginx/sites-enabled/default
fi
# Basic NGINX placeholder config
# HTTPS self-signed cert
mkdir -p /etc/ssl/private
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vaultwarden-selfsigned.key -out /etc/ssl/certs/vaultwarden-selfsigned.crt -subj "/CN=localhost"
# NGINX vhost config
cat <<"EOF" > /etc/nginx/sites-available/vaultwarden
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name _;
ssl_certificate /etc/ssl/certs/vaultwarden-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/vaultwarden-selfsigned.key;
root /var/www/html/vaultinfo;
index index.php;
# Main landing page
location / {
try_files $uri $uri/ /index.php?$args;
}
# Serve PHP files
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
}
# Setup interface
location /setup {
root /var/www/html;
index index.php;
location ~ ^/setup/.*\.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
}
}
# Vaultwarden Admin Panel
location ^~ /admin/ {
proxy_pass http://127.0.0.1:8080/admin/;
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
@ -283,11 +274,21 @@ server {
proxy_set_header X-Forwarded-Proto $scheme;
}
# Vaultwarden static files (referenced from root!)
location ~ ^/(bootstrap|admin|vaultwarden|.*\.(css|js|png|ico|woff2?)$) {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Host $host;
# Serve PHP files
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
}
# First-Run Activation
location /activate {
root /var/www/html;
index index.php;
location ~ ^/activate/.*\.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
}
}
# WebSocket
@ -297,6 +298,11 @@ server {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
}
}
EOF
@ -326,10 +332,10 @@ chmod 640 /var/lib/vaultwarden/.env.user
# Download and deploy setup wizard
echo "Installing PHP and deploying setup page..."
apt install -y php php-fpm php-cli php-common php-mbstring php-json php-curl php-xml php-zip php-gd
apt install -y php php-fpm php-cli php-common php-mbstring php-json php-curl php-xml php-zip php-gd php-bcmath
cd "$INSTALLER_DIR"
cp -R ./setup /var/www/html/
chown -R www-data:www-data /var/www/html/setup
cp -R ./activate /var/www/html/
chown -R www-data:www-data /var/www/html/activate
# Welcome page with /setup condition check
cat <<"EOF" > /var/www/html/vaultinfo/index.php