Rough Notes on Deploying Vaultwarden & NextCloud Bookmarks

I’ve been struggling for years on two things: synchronize passwords and blog posts I have read across devices. The problem kills me so much since my devices, an Android mobile, an Ubuntu laptop and an iPad, are less supported by big App companies. Aside, I want to gain control for all my data, so there should better exist a self-hosted solution. The problem are partially solved recently by deploying Vaultwarden and NextCloud on VPS. This blog post dictates the setup process and problems I met, in case anyone searching for this topic.

Install Vaultwarden and NextCloud on VPS

The two services are both luckily dockerized. To install there’s nothing more complicated than a command:

mkdir vaultwarden && cd vaultwarden
mkdir data
docker run -d --name vaultwarden \
-v $HOME/vaultwarden/data/:/data/ \
-p 29999:80 vaultwarden/server:latest
mkdir nc && cd nc
mkdir data
docker run -d --name nextcloud \
-v $HOME/nc/data:/var/www/html \
-p 14514:80 nextcloud

External mounted volumes here are for persisting service data inside containers. The folders should be back-up periodically, in case for potential data loss.

Enable HTTPS for Both Services

Several options exist to enable HTTPS for the sites. I pick the one that hides both services behind an nginx, which deals with SSL connection from clients and bypasses the content to the containers. This setup would require an nginx config like:

server {
listen 80;
server_name nc.hsfzxjy.site;

location / {
proxy_pass http://localhost:14514;
}
}

server {
listen 80;
server_name v.hsfzxjy.site;

location / {
proxy_pass http://localhost:29999;
}
}

With configs ready, we use certbot to issue certificates for them.

certbot

certbot is a CLI tool from Let’s Encrypt, easing the effort to setup an HTTPS-enabled site. Install certbot on Ubuntu for nginx following the instruction

sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --nginx
# select the domain names to issue in the interactive interface

Note that the issuer server is banned by GFW, and you might need a proxy to get it passed. certbot also edits nginx config files automatically to enable the certificates, so all you need to do is to reload the nginx service.

Update Config for NextCloud

NextCloud needs re-configuration to support the nginx proxying. Edit file ~/nc/data/config/config.php and add the following lines

$CONFIG = array(
'overwriteprotocol' => 'https',
'overwrite.cli.url' => 'https://nc.hsfzxjy.site',
'overwritehost' => 'nc.hsfzxjy.site',
'trusted_domains' =>
array (
0 => 'nc.hsfzxjy.site',
),

);

The snippet is necessary, since otherwise the clients will stuck on “Grant Access”. See this thread for a full discussion.

Install Bookmarks App on NextCloud

Bookmarks synchronization is powered by the NextCloud app “Bookmarks”. Download it from here and extract under ~/nc/data/apps/ to install. After which, enable the app in NextCloud settings from web interface.

Clients

Laptop

Since most of my daily work is accomplished in web browsers on laptop, I choose Chrome extensions as clients. Luckily, both services provide chrome extensions, with Bitwarden for Vaultwarden and floccus for NextCloud Bookmarks.

Mobile

I use the apps “Bitwarden” (com.x8bit.bitwarden) and “Bookmarks” (de.emasty.bookmarks) for Android, both of which can be downloaded from Google Play Store.

For Bitwarden, turn on “Auto Filling services” in its settings to enable password auto-filling. If you are using MIUI, enable the application priviledge「后台弹出界面」to allow pop-up on clicking the drop-down box.

Auto-Backup Service Data

Since my VPS is hosted on Tencent Cloud, Tencent COS would be a good choice for data backup storage. The platform would not charge your network fees if VPS and COS bucket are within the same region. All you need to pay is merely the storage cost.

A back-up service can be simply set up with CRON service and a bash script:

#!/bin/bash

sudo python3 -m pip install coscmd

cd /home/ubuntu
tar czvf /tmp/services.tgz nc/ vaultwarden/
coscmd -c /home/ubuntu/tools/cosconfig upload /tmp/services.tgz services.tgz

Place the script at /etc/cron.hourly/backup-services to enable it. You would also need to create a file named cosconfig following the doc for bucket configuration. Afterwards the backup service should be invoked per hour.

Initially I’ve encountered a strange problem that CRON would not run the script. The crux is I have named it backup-services.sh, but CRON does not accept a file name with dot . inside. Check this answer for details.

Problems Remained

Password auto-filling is not available in non-Chrome browsers on Android like UC browser or MIUI’s default browser. Currently I have to copy them manually from Bitwarden app.


作者:hsfzxjy
链接:
许可:CC BY-NC-ND 4.0.
著作权归作者所有。本文不允许被用作商业用途,非商业转载请注明出处。

«Understanding pickle in Python

OOPS!

A comment box should be right here...But it was gone due to network issues :-(If you want to leave comments, make sure you have access to disqus.com.