KeeWeb is a web based password managing system. It is compatible with KeePass, which is a very famous .net based software on Windows. KeeWeb basically save all the information into a single database file which have a suffix .kdbx.
Host the static KeeWeb in nginx
We might need some more functions from nginx, so we would better compile the nginx ourself or pull the official docker image with docker pull nginx.
cd ${NGINX_ROOT}
# clone the web html
git clone -b gh-pages https://github.com/keeweb/keeweb.git
cd keeweb
# give the KeeWeb a default [config.json](https://github.com/keeweb/keeweb/wiki/Configuration) for personal use.
## setup the default language/plugin and keystore file path
cat > default_config.json <<EOF
{
"settings": {
"theme": "fb",
"locale": "zh-CN",
"expandGroups": true,
"listViewWidth": null,
"menuViewWidth": null,
"tagsViewHeight": null,
"autoUpdate": "install",
"clipboardSeconds": 0,
"autoSave": true,
"autoSaveInterval": 1,
"rememberKeyFiles": "data",
"idleMinutes": 5,
"minimizeOnClose": false,
"tableView": false,
"colorfulIcons": true,
"titlebarStyle": "default",
"lockOnMinimize": true,
"lockOnCopy": false,
"lockOnAutoType": false,
"lockOnOsLock": false,
"helpTipCopyShown": false,
"templateHelpShown": false,
"skipOpenLocalWarn": false,
"hideEmptyFields": false,
"skipHttpsWarning": false,
"demoOpened": false,
"fontSize": 2,
"tableViewColumns": null,
"generatorPresets": null,
"cacheConfigSettings": false,
"canOpen": true,
"canOpenDemo": true,
"canOpenSettings": true,
"canCreate": true,
"canImportXml": true,
"canRemoveLatest": true,
"dropbox": false,
"webdav": true,
"gdrive": false,
"onedrive": false
},
"plugins": [
{"url": "https://plugins.keeweb.info/translations/zh-CN"}
],
"files": [
{
"storage": "webdav",
"name": "keystore",
"path": "https://your-nginx-webdav-server/dav_path/keystore.kdbx"
}
]
}
EOF
## and then make keeweb use this default configure file
sed -i 's#<meta name="kw-config" content="(no-config)">#<meta name="kw-config" content="default_config.json">#' index.htmlenable nginx webdav function
Noticed that we have give KeeWeb a default WebDav file position, you can use a webdav service or host one with the same nginx.
-
Always using SSL (
ssl_certificate_key) for webdav is a good idea. -
The official nginx do not have
dav_extmodule enabled but[http_dav_module](http://nginx.org/en/docs/http/ngx_http_dav_module.html)is already enough because we not need to list the files or so. -
Use a basic auth method (
auth_basic_user_file) is crucial for webdav.
The nginx configure file basiclly looks like this:
server {
listen 443;
server_name your.server.name;
ssl on;
ssl_certificate /path/to/your/ssl/Public.crt;
ssl_certificate_key /path/to/your/ssl/Private.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128- SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
ssl_session_cache shared:SSL:50m;
ssl_prefer_server_ciphers on;
root /var/www/;
index index.html index.htm;
location /dav/ {
root /var/www/your/dav/directory/;
client_body_temp_path /var/www/your/dav/directory/dav/temp;
dav_methods PUT DELETE MKCOL COPY MOVE;
#dav_ext_methods PROPFIND OPTIONS;
create_full_put_path on;
dav_access user:rw group:rw all:rw;
#autoindex on;
##maybe some access restrictions
#limit_except GET PROPFIND OPTIONS{
# allow 192.168.0.0/16;
# deny all;
#}
auth_basic "Restricted Content";
auth_basic_user_file /path/to/your/htpasswd_private;
}
}There are multiple ways to generate the basic auth file. Command echo "${USERNAME}:$(openssl passwd -apr1 -salt ${SALT} ${PASSWORD})" > htpasswd or python3 -c "import passlib.hash as p; print('${USERNAME}:'+p.apr_md5_crypt.encrypt('${PASSWORD}', salt='${SALT}'))" both do the work. The Apache-defined APR1 hashing format (see the $apr1$ inside the file)” is used to include a 48-bit salt value.
For the webdav, we can not list the files, but upload/update/delete should work. curl is a good tool to do this.
curl --user 'user:pass' 'https://example.com/webdav'
curl -X DELETE 'https://example.com/webdav/test'
curl -X MOVE --header 'Destination:http://example.org/new.txt' 'https://example.com/old.txt'
curl -X MKCOL 'https://example.com/new_folder'
curl -T '/path/to/local/file.txt' 'https://example.com/test/'Add some password
The next step might be transfer some password into KeeWeb. It seems a XML format document can be imported into KeeWeb but I do not know the correct forma. Another easy way is to use AppleScript to simulate the manually input process.
Like following script,press Command-N to create a new entry and then input the URL, then press TAB, then new information and finally ENTER.
sleep 5s
osascript -e 'tell application "System Events" to keystroke "N" using {command down}'
osascript -e 'tell application "System Events" to keystroke "{url}"'
osascript -e 'tell application "System Events" to keystroke tab'
osascript -e 'tell application "System Events" to keystroke "{hostname}"'
osascript -e 'tell application "System Events" to key code 36'