Depolying your own password management tool -- KeeWeb Depoly your flask app into Heroku Fix shit IE code manually ISBN to Book Category by Scraping DangDang A Generic Makefile for C/C++ Program Configure Raspberry pi Remove watermark with PyPDF2 tips for docker Anaconda+TensorFlow+CUDA Snippets Configure Remote Mathematica Kernel Build your own ngrok server Access Array SSL VPN 使用Rstudio制作html5幻灯片 tips for Mac OS X system Tips for ipython notebook 配置Ubuntu server + Openbox (Obuntu) tips for Vimperator tips for Vim 安装CUDA My First Jekyll Blog rsync常见选项 在Linux中读取Ipod touch的文件 tip for texmacs 在VPS上建站的一些tip Gnuplot绘图札记 Samba系统和autofs自动挂载 Linux中alsamixer声卡无法录音 搭建自己的RSS订阅器——Tiny Tiny RSS Grub2引导安装Ubuntu awk tips 将Ubuntu系统装入U盘 The Great Rtorrent 编译GCC 再这样剁手!!!该死的libgd 使用ulimit进行资源限制 使用SSH代理上IPV6 使用RCurl抓取网页数据 修复Ubuntu Grub记 openbox中的文件关联 在Ubuntu 12.04下编译qtiplot 处理BCM4312网卡驱动纪实 配置我的Ubuntu Server记 Cygwin杂记 Linux 使普通用户具有以超级权限执行脚本 让firefox自定义地处理文件类型 WordPress优秀主题及插件 在phpcloud上搭建wordpress UBUNTU下用pptpd做VPN server ubuntu升级内核过后的一些问题 安装telnet服务 kubuntu札记 64位kubuntu札记 统计软件R virtualbox stardict星际译王 Ubuntu重装windows系统后的grub引导修复 SSH服务及花生壳域名解析 采用cbp2make工具由code::blocks工程创建makefile文件 UBUNTU 札记

Depolying your own password management tool -- KeeWeb

2019年03月15日

KeeWeb is a web based password managing system. It is compatible with KeePass, which is a very famous .net based software on Windows. KeeWeb basically save all the information into a single database file which have a suffix .kdbx.

Host the static KeeWeb in nginx

We might need some more functions from nginx, so we would better compile the nginx ourself or pull the official docker image with docker pull nginx.

cd ${NGINX_ROOT}
# clone the web html
git clone -b gh-pages https://github.com/keeweb/keeweb.git

cd keeweb
# give the KeeWeb a default [config.json](https://github.com/keeweb/keeweb/wiki/Configuration) for personal use.
## setup the default language/plugin and keystore file path
cat > default_config.json <<EOF
{
	"settings": {
		"theme": "fb",
		"locale": "zh-CN",
		"expandGroups": true,
		"listViewWidth": null,
		"menuViewWidth": null,
		"tagsViewHeight": null,
		"autoUpdate": "install",
		"clipboardSeconds": 0,
		"autoSave": true,
		"autoSaveInterval": 1,
		"rememberKeyFiles": "data",
		"idleMinutes": 5,
		"minimizeOnClose": false,
		"tableView": false,
		"colorfulIcons": true,
		"titlebarStyle": "default",
		"lockOnMinimize": true,
		"lockOnCopy": false,
		"lockOnAutoType": false,
		"lockOnOsLock": false,
		"helpTipCopyShown": false,
		"templateHelpShown": false,
		"skipOpenLocalWarn": false,
		"hideEmptyFields": false,
		"skipHttpsWarning": false,
		"demoOpened": false,
		"fontSize": 2,
		"tableViewColumns": null,
		"generatorPresets": null,
		"cacheConfigSettings": false,
		"canOpen": true,
		"canOpenDemo": true,
		"canOpenSettings": true,
		"canCreate": true,
		"canImportXml": true,
		"canRemoveLatest": true,
		"dropbox": false,
		"webdav": true,
		"gdrive": false,
		"onedrive": false
	},
	"plugins": [
		{"url": "https://plugins.keeweb.info/translations/zh-CN"}
	],
	"files": [
		{
			"storage": "webdav", 
			"name": "keystore", 
			"path": "https://your-nginx-webdav-server/dav_path/keystore.kdbx"
		}
	]
}
EOF

## and then make keeweb use this default configure file
sed -i 's#<meta name="kw-config" content="(no-config)">#<meta name="kw-config" content="default_config.json">#' index.html

enable nginx webdav function

Noticed that we have give KeeWeb a default WebDav file position, you can use a webdav service or host one with the same nginx.

  • Always using SSL (ssl_certificate_key) for webdav is a good idea.

  • The official nginx do not have dav_ext module enabled but [http_dav_module](http://nginx.org/en/docs/http/ngx_http_dav_module.html) is already enough because we not need to list the files or so.

  • Use a basic auth method (auth_basic_user_file) is crucial for webdav.

The nginx configure file basiclly looks like this:

server {
        listen 443;
        server_name your.server.name;

        ssl on;
        ssl_certificate /path/to/your/ssl/Public.crt;
        ssl_certificate_key /path/to/your/ssl/Private.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-    SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
        ssl_session_cache shared:SSL:50m;
        ssl_prefer_server_ciphers on;

        root /var/www/;
        index  index.html index.htm;

	location /dav/ {
		root      /var/www/your/dav/directory/; 
		client_body_temp_path /var/www/your/dav/directory/dav/temp;
		dav_methods     PUT DELETE MKCOL COPY MOVE;
		#dav_ext_methods   PROPFIND OPTIONS;
		create_full_put_path  on;
		dav_access    user:rw group:rw all:rw;
		#autoindex     on;

		##maybe some access restrictions
		#limit_except GET PROPFIND OPTIONS{
		#  allow 192.168.0.0/16;
		#  deny  all;
		#}
		auth_basic "Restricted Content"; 
		auth_basic_user_file /path/to/your/htpasswd_private;
	}
}

There are multiple ways to generate the basic auth file. Command echo "${USERNAME}:$(openssl passwd -apr1 -salt ${SALT} ${PASSWORD})" > htpasswd or python3 -c "import passlib.hash as p; print('${USERNAME}:'+p.apr_md5_crypt.encrypt('${PASSWORD}', salt='${SALT}'))" both do the work. The Apache-defined APR1 hashing format (see the $apr1$ inside the file)” is used to include a 48-bit salt value.

For the webdav, we can not list the files, but upload/update/delete should work. curl is a good tool to do this.

curl --user 'user:pass' 'https://example.com/webdav'
curl -X DELETE 'https://example.com/webdav/test'
curl -X MOVE --header 'Destination:http://example.org/new.txt' 'https://example.com/old.txt'
curl -X MKCOL 'https://example.com/new_folder'
curl -T '/path/to/local/file.txt' 'https://example.com/test/'

Add some password

The next step might be transfer some password into KeeWeb. It seems a XML format document can be imported into KeeWeb but I do not know the correct forma. Another easy way is to use AppleScript to simulate the manually input process.

Like following script,press Command-N to create a new entry and then input the URL, then press TAB, then new information and finally ENTER.

sleep 5s
osascript -e 'tell application "System Events" to keystroke "N" using {command down}'
osascript -e 'tell application "System Events" to keystroke "{url}"'
osascript -e 'tell application "System Events" to keystroke tab'
osascript -e 'tell application "System Events" to keystroke "{hostname}"'
osascript -e 'tell application "System Events" to key code 36'