安装配置文件

安装配置文件用于生成必要的安装资产(如 Bitwarden 实例的端口、证书文件路径等),以便 Bitwarden 脚本用于安装操作。

安装配置文件位于 ./bwdata/config.yml

其默认内容如下:

config.yml
#
# Note: After making changes to this file you need to run the `rebuild` or `update`
# command for them to be applied.
#
# Full URL for accessing the installation from a browser. (Required)
url: https://vault.bitwarden.in
#
# Auto-generate the `./docker/docker-compose.yml` config file.
# WARNING: Disabling generated config files can break future updates. You will be
# responsible for maintaining this config file.
# Template: https://github.com/bitwarden/server/blob/master/util/Setup/Templates/DockerCompose.hbs
generate_compose_config: true
#
# Auto-generate the `./nginx/default.conf` file.
# WARNING: Disabling generated config files can break future updates. You will be
# responsible for maintaining this config file.
# Template: https://github.com/bitwarden/server/blob/master/util/Setup/Templates/NginxConfig.hbs
generate_nginx_config: true
#
# Docker compose file port mapping for HTTP. Leave empty to remove the port mapping.
# Learn more: https://docs.docker.com/compose/compose-file/#ports
http_port: 80
#
# Docker compose file port mapping for HTTPS. Leave empty to remove the port mapping.
# Learn more: https://docs.docker.com/compose/compose-file/#ports
https_port: 443
#
# Docker compose file version. Leave empty for default.
# Learn more: https://docs.docker.com/compose/compose-file/compose-versioning/
compose_version:
#
# Configure Nginx for SSL.
ssl: true
#
# SSL versions used by Nginx (ssl_protocols). Leave empty for recommended default.
# Learn more: https://wiki.mozilla.org/Security/Server_Side_TLS
ssl_versions:
#
# SSL ciphersuites used by Nginx (ssl_ciphers). Leave empty for recommended default.
# Learn more: https://wiki.mozilla.org/Security/Server_Side_TLS
ssl_ciphersuites:
#
# Installation uses a managed Let's Encrypt certificate.
ssl_managed_lets_encrypt: false
#
# The actual certificate. (Required if using SSL without managed Let's Encrypt)
# Note: Path uses the container's ssl directory. The `./ssl` host directory is mapped to
# `/etc/ssl` within the container.
ssl_certificate_path: /etc/ssl/vault.bitwarden.in/certificate.crt
#
# The certificate's private key. (Required if using SSL without managed Let's Encrypt)
# Note: Path uses the container's ssl directory. The `./ssl` host directory is mapped to
# `/etc/ssl` within the container.
ssl_key_path: /etc/ssl/vault.bitwarden.in/private.key
#
# If the certificate is trusted by a CA, you should provide the CA's certificate.
# Note: Path uses the container's ssl directory. The `./ssl` host directory is mapped to
# `/etc/ssl` within the container.
ssl_ca_path: /etc/ssl/vault.bitwarden.in/ca.crt
#
# Diffie Hellman ephemeral parameters
# Learn more: https://security.stackexchange.com/q/94390/79072
# Note: Path uses the container's ssl directory. The `./ssl` host directory is mapped to
# `/etc/ssl` within the container.
ssl_diffie_hellman_path:
#
# Communicate with the Bitwarden push relay service (push.bitwarden.com) for mobile
# app live sync.
push_notifications: true
#
# Use a docker volume (`mssql_data`) instead of a host-mapped volume for the persisted database.
# WARNING: Changing this value will cause you to lose access to the existing persisted database.
# Learn more: https://docs.docker.com/storage/volumes/
database_docker_volume: false
#
# Defines "real" IPs in nginx.conf. Useful for defining proxy servers that forward the
# client IP address.
# Learn more: https://nginx.org/en/docs/http/ngx_http_realip_module.html
real_ips:

更改安装配置文件后,需要运行重建命令以使更改生效:

./bitwarden.sh rebuild