diff --git a/.env.template b/.env.template index cad8b55..508a076 100644 --- a/.env.template +++ b/.env.template @@ -18,6 +18,32 @@ SMTP_SSL=SSLv3 SMTP_USERNAME=apikey SMTP_PASSWORD= +################# +### WebSocket ### +################# + +## Enable websocket notifications +ENABLE_WEBSOCKET=true + +########################## +### Push notifications ### +########################## + +## Enables push notifications (requires key and id from https://bitwarden.com/host) +## Details about mobile client push notification: +## - https://github.com/dani-garcia/vaultwarden/wiki/Enabling-Mobile-Client-push-notification +PUSH_ENABLED=true +PUSH_INSTALLATION_ID= +PUSH_INSTALLATION_KEY= + +# WARNING: Do not modify the following settings unless you fully understand their implications! +# Default Push Relay and Identity URIs +# PUSH_RELAY_URI=https://push.bitwarden.com +# PUSH_IDENTITY_URI=https://identity.bitwarden.com +# European Union Data Region Settings +# If you have selected "European Union" as your data region, use the following URIs instead. +# PUSH_RELAY_URI=https://api.bitwarden.eu +# PUSH_IDENTITY_URI=https://identity.bitwarden.eu ### BITWARDEN VARIABLES ### diff --git a/README.md b/README.md index 5d2602f..46ba5f7 100644 --- a/README.md +++ b/README.md @@ -108,6 +108,19 @@ $ sudo journalctl -u google-startup-scripts.service Now the script will wait until a reboot is pending and then schedule a reboot for the time configured in the script. +## Configure Push Notifications(_optional_) +From `1.29.0`,Vaultwarden support automatically sync in mobile app depends on push notifications. + +1. Go to https://bitwarden.com/host/ insert your email address and you'll get an INSTALLATION ID and KEY. + +2. Insert the correct ID and the KEY from the previous step into `.env` file: + +```yaml +PUSH_ENABLED=true +PUSH_INSTALLATION_ID= +PUSH_INSTALLATION_KEY= +``` + ## Step 3: Start Services To start up, use `docker-compose`: diff --git a/docker-compose.yml b/docker-compose.yml index ee8754e..4cfd04e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,6 +1,3 @@ -version: '3' - - services: bitwarden: # Standard Bitwarden is very resource-heavy and cannot run on micro cloud instances @@ -13,7 +10,7 @@ services: - ${PWD}/bitwarden:/data environment: - LOG_FILE=/dev/stdout - - WEBSOCKET_ENABLED=true # required for websockets + - ENABLE_WEBSOCKET=true - SHOW_PASSWORD_HINT=false - DOMAIN=https://${DOMAIN} # DOMAIN is set in .env but doesn't have protocol prefix - SMTP_FROM_NAME=Bitwarden (${DOMAIN}) @@ -42,7 +39,7 @@ services: - ${PWD}/nginx/sites-enabled:/etc/nginx/sites-enabled:ro cloudflared: - image: cloudflare/cloudflared:2021.9.2-amd64 + image: cloudflare/cloudflared:latest restart: always user: root entrypoint: cloudflared --credentials-file /etc/cloudflared/tunnel.json --url http://proxy:80 tunnel run $CLOUDFLARED_TUNNEL_NAME diff --git a/nginx/sites-enabled/bitwarden b/nginx/sites-enabled/bitwarden index 602ec7f..1fc1efb 100644 --- a/nginx/sites-enabled/bitwarden +++ b/nginx/sites-enabled/bitwarden @@ -1,22 +1,28 @@ +# Needed to support websocket connections +# See: https://nginx.org/en/docs/http/websocket.html +# Instead of "close" as stated in the above link we send an empty value. +# Else all keepalive connections will not work. +map $http_upgrade $connection_upgrade { + default upgrade; + '' ""; +} + server { listen [::]:80; listen 80; - + server_name _; - + location / { - proxy_pass http://bitwarden:80; + proxy_http_version 1.1; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - } - location /notifications/hub { - proxy_pass http://bitwarden:3012; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } - location /notifications/hub/negotiate { + proxy_pass http://bitwarden:80; } }