1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-25 12:45:18 +01:00

PersistKeysToFileSystem when selfhosted

This commit is contained in:
Kyle Spearrin 2017-08-08 00:02:52 -04:00
parent 3e7c0f7ca1
commit e7905dec04
8 changed files with 51 additions and 12 deletions

View File

@ -4,9 +4,16 @@ services:
mssql:
volumes:
- /etc/bitwarden/mssql_data:/var/opt/mssql/data
web:
volumes:
- /etc/bitwarden/web:/etc/bitwarden/web
api:
volumes:
- /etc/bitwarden/core:/etc/bitwarden/core
identity:
volumes:
- /etc/bitwarden/identity:/etc/bitwarden/identity
- /etc/bitwarden/core:/etc/bitwarden/core
nginx:
volumes:
- /etc/bitwarden/nginx:/etc/bitwarden/nginx

View File

@ -4,9 +4,16 @@ services:
mssql:
volumes:
- mssql_data:/var/opt/mssql/data
web:
volumes:
- c:/bitwarden/web:/etc/bitwarden/web
api:
volumes:
- c:/bitwarden/core:/etc/bitwarden/core
identity:
volumes:
- c:/bitwarden/identity:/etc/bitwarden/identity
- c:/bitwarden/core:/etc/bitwarden/core
nginx:
volumes:
- c:/bitwarden/nginx:/etc/bitwarden/nginx

View File

@ -4,9 +4,16 @@ services:
mssql:
volumes:
- mssql_data:/var/opt/mssql/data
web:
volumes:
- c:/bitwarden/web:/etc/bitwarden/web
api:
volumes:
- c:/bitwarden/core:/etc/bitwarden/core
identity:
volumes:
- c:/bitwarden/identity:/etc/bitwarden/identity
- c:/bitwarden/core:/etc/bitwarden/core
nginx:
volumes:
- c:/bitwarden/nginx:/etc/bitwarden/nginx

View File

@ -1,3 +1,4 @@
*
!obj/Docker/publish/*
!obj/Docker/empty/
!entrypoint.sh

View File

@ -22,4 +22,7 @@ done
WORKDIR /app
EXPOSE 80
COPY obj/Docker/publish .
ENTRYPOINT ["dotnet", "Api.dll"]
COPY entrypoint.sh /
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]

3
src/Api/entrypoint.sh Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
dotnet /app/Api.dll

View File

@ -17,6 +17,7 @@ using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.WindowsAzure.Storage;
using System;
using System.IO;
using SqlServerRepos = Bit.Core.Repositories.SqlServer;
namespace Bit.Core.Utilities
@ -195,10 +196,19 @@ namespace Bit.Core.Utilities
public static void AddCustomDataProtectionServices(
this IServiceCollection services, IHostingEnvironment env, GlobalSettings globalSettings)
{
if(env.IsDevelopment())
{
return;
}
if(globalSettings.SelfHosted)
{
var dir = new DirectoryInfo("/etc/bitwarden/core/aspnet-dataprotection");
services.AddDataProtection().PersistKeysToFileSystem(dir);
}
#if NET461
if(!env.IsDevelopment() && !globalSettings.SelfHosted &&
!string.IsNullOrWhiteSpace(globalSettings.Storage.ConnectionString) &&
!string.IsNullOrWhiteSpace(globalSettings.DataProtection.CertificateThumbprint))
if(!globalSettings.SelfHosted)
{
var dataProtectionCert = CoreHelpers.GetCertificate(globalSettings.DataProtection.CertificateThumbprint);
var storageAccount = CloudStorageAccount.Parse(globalSettings.Storage.ConnectionString);

View File

@ -12,7 +12,7 @@ namespace Setup
private static IDictionary<string, string> _parameters = null;
private static string _domain = null;
private static string _url = null;
private static string _certPassword = null;
private static string _identityCertPassword = null;
private static bool _ssl = false;
private static bool _letsEncrypt = false;
@ -28,21 +28,21 @@ namespace Setup
_ssl = _letsEncrypt || (_parameters.ContainsKey("ssl") ?
_parameters["ssl"].ToLowerInvariant() == "y" : false);
_url = _ssl ? $"https://{_domain}" : $"http://{_domain}";
_certPassword = Helpers.SecureRandomString(32, alpha: true, numeric: true);
_identityCertPassword = Helpers.SecureRandomString(32, alpha: true, numeric: true);
MakeIdentityCert();
MakeCerts();
BuildNginxConfig();
BuildEnvironmentFiles();
BuildAppSettingsFiles();
}
private static void MakeIdentityCert()
private static void MakeCerts()
{
Directory.CreateDirectory("/bitwarden/identity/");
var identityCertResult = Exec("openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout identity.key " +
Exec("openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout identity.key " +
"-out identity.crt -subj \"/CN=bitwarden IdentityServer\" -days 10950");
var identityPfxResult = Exec("openssl pkcs12 -export -out /bitwarden/identity/identity.pfx -inkey identity.key " +
$"-in identity.crt -certfile identity.crt -passout pass:{_certPassword}");
Exec("openssl pkcs12 -export -out /bitwarden/identity/identity.pfx -inkey identity.key " +
$"-in identity.crt -certfile identity.crt -passout pass:{_identityCertPassword}");
}
private static void BuildNginxConfig()
@ -165,6 +165,7 @@ server {{
private static void BuildEnvironmentFiles()
{
Directory.CreateDirectory("/bitwarden/docker/");
var dbPass = _parameters.ContainsKey("db_pass") ? _parameters["db_pass"].ToLowerInvariant() : "REPLACE";
var dbConnectionString = "Server=tcp:mssql,1433;Initial Catalog=vault;Persist Security Info=False;User ID=sa;" +
$"Password={dbPass};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=True;" +
@ -176,7 +177,7 @@ server {{
globalSettings:baseServiceUri:api={_url}/api
globalSettings:baseServiceUri:identity={_url}/identity
globalSettings:sqlServer:connectionString={dbConnectionString}
globalSettings:identityServer:certificatePassword={_certPassword}
globalSettings:identityServer:certificatePassword={_identityCertPassword}
globalSettings:duo:aKey={Helpers.SecureRandomString(32, alpha: true, numeric: true)}
globalSettings:yubico:clientId=REPLACE
globalSettings:yubico:REPLACE");