Seafile Garbage Collection. Updated Bitwarden

4 years ago · bd66d85312
2 changed files with 260 additions and 0 deletions
--- a/bitwarden-vaultwarden/readme.md
+++ b/bitwarden-vaultwarden/readme.md
@ -0,0 +1,250 @@
 # Credits
 99% of this guide was written by [DoTheEvo](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/bitwarden_rs)
 The only reason I'm including it here is because bitwarden_rs has changed it's name and repo to vaultwarden.
 The docker-compose.yml has been modified to reflect this change. Using the older docker-compose.yml in 
 DoTheEvo's guide will not get you the latest version.
 # Vaultwarden in docker
 ![logo](https://i.imgur.com/tT3FQLJ.png)
 # Purpose & Overview
 Password manager. 
 * [Official site](https://bitwarden.com/)
 * [Github](https://github.com/dani-garcia/bitwarden_rs)
 * [DockerHub](https://hub.docker.com/r/bitwardenrs/server)
 Bitwarden is a modern popular open source password manager
 with wide cross platform support.
 But the official Bitwarden server is bit over-engineered,
 requiring Microsoft SQL server among other things,
 which makes it not an ideal fit for smaller deployments
 So here is where Bitwarden_rs by Daniel García comes in.</br>
 It is a Bitwarden API implementation written in Rust.
 It's very resource efficient, uses about 10MB of RAM,
 and close to no CPU.</br>
 Webapp part is build using Rocket, a web framework for Rust,
 and user data are stored in a simple sqlite database file.
 All the client apps are still officials coming from bitwarden,
 only the server is a different implementation.
 # Files and directory structure
 ```
 /home/
 └── ~/
    └── docker/
        └── bitwarden/
            ├── bitwarden-data/
            ├── .env
            ├── docker-compose.yml
            └── bitwarden-backup-script.sh
 ```
 * `bitwarden-data/` - a directory where bitwarden will store its database and other data
 * `.env` - a file containing environment variables for docker compose
 * `docker-compose.yml` - a docker compose file, telling docker how to run the container
 * `bitwarden-backup-script.sh` - a backup script if you want it
 You only need to provide the files.</br>
 The directory is created by docker compose on the first run.
 # docker-compose
 [Documentation](https://github.com/dani-garcia/bitwarden_rs/wiki/Using-Docker-Compose) on compose.
 `docker-compose.yml`
 ```yml
 version: "3"
 services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: bitwarden
    hostname: bitwarden
    restart: unless-stopped
    env_file: .env
    volumes:
      - ./vaultwarden-data/:/data/
 networks:
  default:
    external:
      name: $DOCKER_MY_NETWORK
 ```
 `.env`
 ```bash
 # GENERAL
 MY_DOMAIN=example.com
 DOCKER_MY_NETWORK=caddy_net
 TZ=Europe/Bratislava
 # BITWARDEN
 DOMAIN=https://passwd.example.com
 ADMIN_TOKEN=YdLo1TM4MYEQ948GOVZ29IF4fABSrZMpk9
 SIGNUPS_ALLOWED=false
 WEBSOCKET_ENABLED=true
 # USING SENDGRID FOR SENDING EMAILS
 SMTP_SSL=true
 SMTP_EXPLICIT_TLS=true
 SMTP_HOST=smtp.sendgrid.net
 SMTP_PORT=465
 SMTP_FROM=admin@example.com
 SMTP_USERNAME=apikey
 SMTP_PASSWORD=<sendgrid-api-key-goes-here>
 ```
 **All containers must be on the same network**.</br>
 Which is named in the `.env` file.</br>
 If one does not exist yet: `docker network create caddy_net`
 # Reverse proxy
 Caddy v2 is used, details
 [here](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/caddy_v2).</br>
 Bitwarden_rs documentation has a 
 [section on reverse proxy.](https://github.com/dani-garcia/bitwarden_rs/wiki/Proxy-examples)
 `Caddyfile`
 ```
 bitwarden.{$MY_DOMAIN} {
    encode gzip
    header {
        # Enable cross-site filter (XSS) and tell browser to block detected attacks
        X-XSS-Protection "1; mode=block"
        # Disallow the site to be rendered within a frame (clickjacking protection)
        X-Frame-Options "DENY"
        # Prevent search engines from indexing (optional)
        X-Robots-Tag "none"
        # Server name removing
        -Server
    }
    # Notifications redirected to the websockets server
    reverse_proxy /notifications/hub bitwarden:3012
    # Proxy the Root directory to Rocket
    reverse_proxy bitwarden:80
 }
 ```
 # Forward port 3012 TCP on your router
 [WebSocket](https://youtu.be/2Nt-ZrNP22A) protocol is used for notifications
 so that all web based clients, including desktop app,
 can immediately sync when a change happens on the server.
 * environment variable `WEBSOCKET_ENABLED=true` needs to be set in the `.env` file</br>
 * reverse proxy needs to route `/notifications/hub` to port 3012</br>
 * your router/firewall needs to **forward port 3012** to the docker host,
 same as port 80 and 443 are forwarded
 To test if websocket works, have the desktop app open
 and make changes through browser extension, or through the website.
 Changes should immediately appear in the desktop app. If it's not working,
 you need to manually sync for changes to appear.
 # Extra info
 **Bitwarden can be managed** at `<url>/admin` and entering `ADMIN_TOKEN`
 set in the `.env` file. Especially if sign ups are disabled it is the only way
 to invite users.
 **Push notifications** are not working at this moment.
 [Github issue](https://github.com/dani-garcia/bitwarden_rs/issues/126).</br>
 The purpose of [Push notifications](https://www.youtube.com/watch?v=8D1NAezC-Dk)
 is the same as WebSocket notifications, to tell the clients that a change
 happened on the server so that they are synced immediately.
 But they are for apps on mobile devices and it would likely take releasing and
 maintaining own bitwarden_rs version of the Android/iOS mobile apps
 to have them working.</br>
 So you better manually sync before making changes.
 ---
 ![interface-pic](https://i.imgur.com/5LxEUsA.png)
 # Update
 [Watchtower](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/watchtower)
 updates the image automatically.
 Manual image update:
 - `docker-compose pull`</br>
 - `docker-compose up -d`</br>
 - `docker image prune`
 # Backup and restore
 #### Backup
 Using [borg](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/borg_backup)
 that makes daily snapshot of the entire directory.
 #### Restore
 * down the bitwarden container `docker-compose down`</br>
 * delete the entire bitwarden directory</br>
 * from the backup copy back the bitwarden directory</br>
 * start the container `docker-compose up -d`
 # Backup of just user data
 Users data daily export using the
 [official procedure.](https://github.com/dani-garcia/bitwarden_rs/wiki/Backing-up-your-vault)</br>
 For bitwarden_rs it means sqlite database dump and backing up `attachments` directory.</br>
 Daily [borg](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/borg_backup) run
 takes care of backing up the directory.
 So only database dump is needed.</br>
 The created backup sqlite3 file is overwritten on every run of the script,
 but that's ok since borg is making daily snapshots.
 #### Create a backup script
 Placed inside `bitwarden` directory on the host.
 `bitwarden-backup-script.sh`
 ```bash
 #!/bin/bash
 # CREATE SQLITE BACKUP
 docker container exec bitwarden sqlite3 /data/db.sqlite3 ".backup '/data/BACKUP.bitwarden.db.sqlite3'"
 ```
 the script must be **executable** - `chmod +x bitwarden-backup-script.sh`
 #### Cronjob
 Running on the host, so that the script will be periodically run.
 * `su` - switch to root
 * `crontab -e` - add new cron job</br>
 * `0 21 * * * /home/bastard/docker/bitwarden/bitwarden-backup-script.sh`</br>
  runs it every day [at 21:00](https://crontab.guru/#0_21_*_*_*) 
 * `crontab -l` - list cronjobs to check
 # Restore the user data
 Assuming clean start.
 * start the bitwarden container: `docker-compose up -d`
 * let it run so it creates its file structure
 * down the container `docker-compose down`
 * in `bitwarden/bitwarden-data/`</br>
  replace `db.sqlite3` with the backup one `BACKUP.bitwarden.db.sqlite3`</br>
  replace `attachments` directory with the one from the borg repository 
 * start the container `docker-compose up -d`
 Again, the above steps are based on the 
 [official procedure.](https://github.com/dani-garcia/bitwarden_rs/wiki/Backing-up-your-vault)
--- a/seafile/README.md
+++ b/seafile/README.md
@ -132,3 +132,13 @@ Set ```enabled=true```
 Set ```share_name = /```
 Remember to do a docker-compose restart and a caddy exec restart after modifying seafile conf files!
 ### Maintainance - Freeing Space
 When you delete files in seafile and empty trash in the web UI, it doesn't free up space on your server. 
 After emptying trash in the webUI you should run the garbage collector w/ the command below to free up space.
 ```
 docker exec seafile /scripts/gc.sh
 ```