mirror of
				https://github.com/dani-garcia/vaultwarden.git
				synced 2025-10-27 00:10:02 +02:00 
			
		
		
		
	Fixed docker build and implemented automatic creation of JWT signing keys on platforms with OpenSSL (it needs to be on the PATH)
This commit is contained in:
		| @@ -9,13 +9,9 @@ data | |||||||
| .idea | .idea | ||||||
| *.iml | *.iml | ||||||
|  |  | ||||||
| # Git and Docker files | # Git files | ||||||
| .git | .git | ||||||
| .gitignore | .gitignore | ||||||
| .gitmodules |  | ||||||
| Dockerfile |  | ||||||
| docker-compose.yml |  | ||||||
| .dockerignore |  | ||||||
|  |  | ||||||
| # Documentation | # Documentation | ||||||
| *.md | *.md | ||||||
|   | |||||||
| @@ -10,19 +10,17 @@ FROM rustlang/rust:nightly as build | |||||||
| RUN apt-get update && \ | RUN apt-get update && \ | ||||||
| 	apt-get install -y sqlite3 | 	apt-get install -y sqlite3 | ||||||
|  |  | ||||||
| # Install the diesel_cli tool, to manage migrations |  | ||||||
| # RUN cargo install diesel_cli --no-default-features --features sqlite |  | ||||||
| 	 |  | ||||||
| # Creates a dummy project used to grab dependencies | # Creates a dummy project used to grab dependencies | ||||||
| RUN USER=root cargo new --bin app | RUN USER=root cargo new --bin app | ||||||
| WORKDIR /app | WORKDIR /app | ||||||
|  |  | ||||||
| # Copies over *only* your manifests and vendored dependencies | # Copies over *only* your manifests and vendored dependencies | ||||||
| COPY ./Cargo.* ./ | COPY ./Cargo.* ./ | ||||||
| COPY ./_libs ./_libs | COPY ./libs ./libs | ||||||
|  |  | ||||||
| # Builds your dependencies and removes the | # Builds your dependencies and removes the | ||||||
| # dummy project, except the target folder | # dummy project, except the target folder | ||||||
|  | # This folder contains the compiled dependencies | ||||||
| RUN cargo build --release | RUN cargo build --release | ||||||
| RUN find . -not -path "./target*" -delete | RUN find . -not -path "./target*" -delete | ||||||
|  |  | ||||||
|   | |||||||
							
								
								
									
										42
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										42
									
								
								README.md
									
									
									
									
									
								
							| @@ -6,12 +6,26 @@ docker build -t dani/bitwarden_rs . | |||||||
|  |  | ||||||
| # Run the docker image with a docker volume: | # Run the docker image with a docker volume: | ||||||
| docker volume create bw_data | docker volume create bw_data | ||||||
| docker run --name bitwarden_rs -it --init --rm --mount source=bw_data,target=/data -p 8000:80 dani/bitwarden_rs | docker run --name bitwarden_rs -t --init --rm --mount source=bw_data,target=/data -p 8000:80 dani/bitwarden_rs | ||||||
|  |  | ||||||
| # OR, Run the docker image with a host bind, where <absolute_path> is the absolute path to a folder in the host: |  | ||||||
| docker run --name bitwarden_rs -it --init --rm --mount type=bind,source=<absolute_path>,target=/data -p 8000:80 dani/bitwarden_rs |  | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
|  | #### Other possible Docker options | ||||||
|  |  | ||||||
|  | To run the container in the background, add the `-d` parameter. | ||||||
|  |  | ||||||
|  | To check the logs when in background, run `docker logs bitwarden_rs` | ||||||
|  |  | ||||||
|  | To stop the container in background, run `docker stop bitwarden_rs` | ||||||
|  |  | ||||||
|  | To make sure the container is restarted automatically, add the `--restart unless-stopped` parameter | ||||||
|  |  | ||||||
|  | To run the image with a host bind, change the `--mount` parameter to: | ||||||
|  | ``` | ||||||
|  | --mount type=bind,source=<absolute_path>,target=/data | ||||||
|  | ``` | ||||||
|  | Where <absolute_path> is an absolute path in the hosts file system (e.g. C:\bitwarden\data) | ||||||
|  |  | ||||||
|  |  | ||||||
| ## How to compile bitwarden_rs | ## How to compile bitwarden_rs | ||||||
| Install `rust nightly`, in Windows the recommended way is through `rustup`. | Install `rust nightly`, in Windows the recommended way is through `rustup`. | ||||||
|  |  | ||||||
| @@ -27,6 +41,7 @@ cargo build | |||||||
|  |  | ||||||
| ## How to update the web-vault used | ## How to update the web-vault used | ||||||
| Install `node.js` and either `yarn` or `npm` (usually included with node) | Install `node.js` and either `yarn` or `npm` (usually included with node) | ||||||
|  |  | ||||||
| Clone the web-vault outside the project: | Clone the web-vault outside the project: | ||||||
| ``` | ``` | ||||||
| git clone https://github.com/bitwarden/web.git web-vault | git clone https://github.com/bitwarden/web.git web-vault | ||||||
| @@ -58,22 +73,6 @@ npx gulp dist:selfHosted | |||||||
|  |  | ||||||
| Finally copy the contents of the `web-vault/dist` folder into the `bitwarden_rs/web-vault` folder. | Finally copy the contents of the `web-vault/dist` folder into the `bitwarden_rs/web-vault` folder. | ||||||
|  |  | ||||||
| ## How to create the RSA signing key for JWT |  | ||||||
| Generate the RSA key: |  | ||||||
| ``` |  | ||||||
| openssl genrsa -out data/private_rsa_key.pem |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| Convert the generated key to .DER: |  | ||||||
| ``` |  | ||||||
| openssl rsa -in data/private_rsa_key.pem -outform DER -out data/private_rsa_key.der |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| And generate the public key: |  | ||||||
| ``` |  | ||||||
| openssl rsa -in data/private_rsa_key.der -inform DER -RSAPublicKey_out -outform DER -out data/public_rsa_key.der |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| ## How to recreate database schemas | ## How to recreate database schemas | ||||||
| Install diesel-cli with cargo: | Install diesel-cli with cargo: | ||||||
| ``` | ``` | ||||||
| @@ -87,8 +86,7 @@ If you want to modify the schemas, create a new migration with: | |||||||
| diesel migration generate <name> | diesel migration generate <name> | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| Modify the *.sql files, making sure that any changes are reverted | Modify the *.sql files, making sure that any changes are reverted in the down.sql file. | ||||||
| in the down.sql file. |  | ||||||
|  |  | ||||||
| Apply the migrations and save the generated schemas as follows: | Apply the migrations and save the generated schemas as follows: | ||||||
| ``` | ``` | ||||||
|   | |||||||
							
								
								
									
										77
									
								
								src/main.rs
									
									
									
									
									
								
							
							
						
						
									
										77
									
								
								src/main.rs
									
									
									
									
									
								
							| @@ -67,17 +67,57 @@ fn main() { | |||||||
|     let connection = db::get_connection().expect("Can't conect to DB"); |     let connection = db::get_connection().expect("Can't conect to DB"); | ||||||
|     embedded_migrations::run_with_output(&connection, &mut io::stdout()).expect("Can't run migrations"); |     embedded_migrations::run_with_output(&connection, &mut io::stdout()).expect("Can't run migrations"); | ||||||
|  |  | ||||||
|     // Validate location of rsa keys |     check_rsa_keys(); | ||||||
|     if !util::file_exists(&CONFIG.private_rsa_key) { |  | ||||||
|         panic!("private_rsa_key doesn't exist"); |  | ||||||
|     } |  | ||||||
|     if !util::file_exists(&CONFIG.public_rsa_key) { |  | ||||||
|         panic!("public_rsa_key doesn't exist"); |  | ||||||
|     } |  | ||||||
|  |  | ||||||
|     init_rocket().launch(); |     init_rocket().launch(); | ||||||
| } | } | ||||||
|  |  | ||||||
|  | fn check_rsa_keys() { | ||||||
|  |     // If the RSA keys don't exist, try to create them | ||||||
|  |     if !util::file_exists(&CONFIG.private_rsa_key) | ||||||
|  |         || !util::file_exists(&CONFIG.public_rsa_key) { | ||||||
|  |         println!("JWT keys don't exist, checking if OpenSSL is available..."); | ||||||
|  |         use std::process::{exit, Command}; | ||||||
|  |  | ||||||
|  |         Command::new("openssl") | ||||||
|  |             .arg("version") | ||||||
|  |             .output().unwrap_or_else(|_| { | ||||||
|  |             println!("Can't create keys because OpenSSL is not available, make sure it's installed and available on the PATH"); | ||||||
|  |             exit(1); | ||||||
|  |         }); | ||||||
|  |  | ||||||
|  |         println!("OpenSSL detected, creating keys..."); | ||||||
|  |  | ||||||
|  |         let mut success = Command::new("openssl").arg("genrsa") | ||||||
|  |             .arg("-out").arg(&CONFIG.private_rsa_key_pem) | ||||||
|  |             .output().expect("Failed to create private pem file") | ||||||
|  |             .status.success(); | ||||||
|  |  | ||||||
|  |         success &= Command::new("openssl").arg("rsa") | ||||||
|  |             .arg("-in").arg(&CONFIG.private_rsa_key_pem) | ||||||
|  |             .arg("-outform").arg("DER") | ||||||
|  |             .arg("-out").arg(&CONFIG.private_rsa_key) | ||||||
|  |             .output().expect("Failed to create private der file") | ||||||
|  |             .status.success(); | ||||||
|  |  | ||||||
|  |         success &= Command::new("openssl").arg("rsa") | ||||||
|  |             .arg("-in").arg(&CONFIG.private_rsa_key) | ||||||
|  |             .arg("-inform").arg("DER") | ||||||
|  |             .arg("-RSAPublicKey_out") | ||||||
|  |             .arg("-outform").arg("DER") | ||||||
|  |             .arg("-out").arg(&CONFIG.public_rsa_key) | ||||||
|  |             .output().expect("Failed to create public der file") | ||||||
|  |             .status.success(); | ||||||
|  |  | ||||||
|  |         if success { | ||||||
|  |             println!("Keys created correcty."); | ||||||
|  |         } else { | ||||||
|  |             println!("Error creating keys, exiting..."); | ||||||
|  |             exit(1); | ||||||
|  |         } | ||||||
|  |     } | ||||||
|  | } | ||||||
|  |  | ||||||
| lazy_static! { | lazy_static! { | ||||||
|     // Load the config from .env or from environment variables |     // Load the config from .env or from environment variables | ||||||
|     static ref CONFIG: Config = Config::load(); |     static ref CONFIG: Config = Config::load(); | ||||||
| @@ -86,10 +126,13 @@ lazy_static! { | |||||||
| #[derive(Debug)] | #[derive(Debug)] | ||||||
| pub struct Config { | pub struct Config { | ||||||
|     database_url: String, |     database_url: String, | ||||||
|     private_rsa_key: String, |  | ||||||
|     public_rsa_key: String, |  | ||||||
|     icon_cache_folder: String, |     icon_cache_folder: String, | ||||||
|     attachments_folder: String, |     attachments_folder: String, | ||||||
|  |  | ||||||
|  |     private_rsa_key: String, | ||||||
|  |     private_rsa_key_pem: String, | ||||||
|  |     public_rsa_key: String, | ||||||
|  |  | ||||||
|     web_vault_folder: String, |     web_vault_folder: String, | ||||||
|  |  | ||||||
|     signups_allowed: bool, |     signups_allowed: bool, | ||||||
| @@ -100,12 +143,18 @@ impl Config { | |||||||
|     fn load() -> Self { |     fn load() -> Self { | ||||||
|         dotenv::dotenv().ok(); |         dotenv::dotenv().ok(); | ||||||
|  |  | ||||||
|  |         let df = env::var("DATA_FOLDER").unwrap_or("data".into()); | ||||||
|  |         let key = env::var("RSA_KEY_NAME").unwrap_or("rsa_key".into()); | ||||||
|  |  | ||||||
|         Config { |         Config { | ||||||
|             database_url: env::var("DATABASE_URL").unwrap_or("data/db.sqlite3".into()), |             database_url: env::var("DATABASE_URL").unwrap_or(format!("{}/{}", &df, "db.sqlite3")), | ||||||
|             private_rsa_key: env::var("PRIVATE_RSA_KEY").unwrap_or("data/private_rsa_key.der".into()), |             icon_cache_folder: env::var("ICON_CACHE_FOLDER").unwrap_or(format!("{}/{}", &df, "icon_cache")), | ||||||
|             public_rsa_key: env::var("PUBLIC_RSA_KEY").unwrap_or("data/public_rsa_key.der".into()), |             attachments_folder: env::var("ATTACHMENTS_FOLDER").unwrap_or(format!("{}/{}", &df, "attachments")), | ||||||
|             icon_cache_folder: env::var("ICON_CACHE_FOLDER").unwrap_or("data/icon_cache".into()), |  | ||||||
|             attachments_folder: env::var("ATTACHMENTS_FOLDER").unwrap_or("data/attachments".into()), |             private_rsa_key: format!("{}/{}.der", &df, &key), | ||||||
|  |             private_rsa_key_pem: format!("{}/{}.pem", &df, &key), | ||||||
|  |             public_rsa_key: format!("{}/{}.pub.der", &df, &key), | ||||||
|  |  | ||||||
|             web_vault_folder: env::var("WEB_VAULT_FOLDER").unwrap_or("web-vault/".into()), |             web_vault_folder: env::var("WEB_VAULT_FOLDER").unwrap_or("web-vault/".into()), | ||||||
|  |  | ||||||
|             signups_allowed: util::parse_option_string(env::var("SIGNUPS_ALLOWED").ok()).unwrap_or(false), |             signups_allowed: util::parse_option_string(env::var("SIGNUPS_ALLOWED").ok()).unwrap_or(false), | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user