Rough Notes on Deploying Vaultwarden & NextCloud Bookmarks
I’ve been struggling for years on two things: synchronize passwords and blog posts I have read across devices. The problem kills me so much since my devices, an Android mobile, an Ubuntu laptop and an iPad, are less supported by big App companies. Aside, I want to gain control for all my data, so there should better exist a self-hosted solution. The problem are partially solved recently by deploying Vaultwarden and NextCloud on VPS. This blog post dictates the setup process and problems I met, in case anyone searching for this topic.
Install Vaultwarden and NextCloud on VPS
The two services are both luckily dockerized. To install there’s nothing more complicated than a command:
mkdir vaultwarden && cd vaultwarden
mkdir data
docker run -d --name vaultwarden \
-v $HOME/vaultwarden/data/:/data/ \
-p 29999:80 vaultwarden/server:latest
mkdir nc && cd nc
mkdir data
docker run -d --name nextcloud \
-v $HOME/nc/data:/var/www/html \
-p 14514:80 nextcloud
External mounted volumes here are for persisting service data inside containers. The folders should be back-up periodically, in case for potential data loss.
Enable HTTPS for Both Services
Several options exist to enable HTTPS for the sites. I pick the one that hides both services behind an nginx, which deals with SSL connection from clients and bypasses the content to the containers. This setup would require an nginx config like:
server {
listen 80;
server_name nc.hsfzxjy.site;
location / {
proxy_pass http://localhost:14514;
}
}
server {
listen 80;
server_name v.hsfzxjy.site;
location / {
proxy_pass http://localhost:29999;
}
}
With configs ready, we use certbot
to issue certificates for them.
certbot
certbot is a CLI tool from Let’s Encrypt, easing the effort to setup an HTTPS-enabled site. Install certbot
on Ubuntu for nginx following the instruction
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --nginx
# select the domain names to issue in the interactive interface
Note that the issuer server is banned by GFW, and you might need a proxy to get it passed. certbot
also edits nginx config files automatically to enable the certificates, so all you need to do is to reload the nginx service.
Update Config for NextCloud
NextCloud needs re-configuration to support the nginx proxying. Edit file ~/nc/data/config/config.php
and add the following lines
$CONFIG = array(
'overwriteprotocol' => 'https',
'overwrite.cli.url' => 'https://nc.hsfzxjy.site',
'overwritehost' => 'nc.hsfzxjy.site',
'trusted_domains' =>
array (
0 => 'nc.hsfzxjy.site',
),
);
The snippet is necessary, since otherwise the clients will stuck on “Grant Access”. See this thread for a full discussion.
Install Bookmarks App on NextCloud
Bookmarks synchronization is powered by the NextCloud app “Bookmarks”. Download it from here and extract under ~/nc/data/apps/
to install. After which, enable the app in NextCloud settings from web interface.
Clients
Laptop
Since most of my daily work is accomplished in web browsers on laptop, I choose Chrome extensions as clients. Luckily, both services provide chrome extensions, with Bitwarden for Vaultwarden and floccus for NextCloud Bookmarks.
Mobile
I use the apps “Bitwarden” (com.x8bit.bitwarden) and “Bookmarks” (de.emasty.bookmarks) for Android, both of which can be downloaded from Google Play Store.
For Bitwarden, turn on “Auto Filling services” in its settings to enable password auto-filling. If you are using MIUI, enable the application priviledge「后台弹出界面」to allow pop-up on clicking the drop-down box.
Auto-Backup Service Data
Since my VPS is hosted on Tencent Cloud, Tencent COS would be a good choice for data backup storage. The platform would not charge your network fees if VPS and COS bucket are within the same region. All you need to pay is merely the storage cost.
A back-up service can be simply set up with CRON service and a bash script:
#!/bin/bash
sudo python3 -m pip install coscmd
cd /home/ubuntu
tar czvf /tmp/services.tgz nc/ vaultwarden/
coscmd -c /home/ubuntu/tools/cosconfig upload /tmp/services.tgz services.tgz
Place the script at /etc/cron.hourly/backup-services
to enable it. You would also need to create a file named cosconfig
following the doc for bucket configuration. Afterwards the backup service should be invoked per hour.
Initially I’ve encountered a strange problem that CRON would not run the script. The crux is I have named it
backup-services.sh
, but CRON does not accept a file name with dot.
inside. Check this answer for details.
Problems Remained
Password auto-filling is not available in non-Chrome browsers on Android like UC browser or MIUI’s default browser. Currently I have to copy them manually from Bitwarden app.
作者:hsfzxjy
链接:
许可:CC BY-NC-ND 4.0.
著作权归作者所有。本文不允许被用作商业用途,非商业转载请注明出处。
OOPS!
A comment box should be right here...But it was gone due to network issues :-(If you want to leave comments, make sure you have access to disqus.com.