Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up

Free cross-platform password manager compatible with KeePass

License

NotificationsYou must be signed in to change notification settings

keeweb/keeweb

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

KeeWeb Password Manager🔑


KeeWeb is a browser and desktop password manager which is capable of opening up existing KeePass database `kdbx` files, or creating new vaults to store your important credentials in.



VersionTestsDownloadsSizeLast CommitContributors







About

KeeWeb is a password manager which supports managingkdbx files created by other applications such as KeePass, KeePassXC, etc. You choose the platform you wish to run; as KeeWeb supports being installed and ran as either a Desktop application, or in your web-browser.


With support for Linux, Windows, and MacOS, we give you the tools to seamlessly manage your most important credentials across multiple applications and platforms.


Decide how you want to save your credential vault, KeeWeb supports saving your database as a local file, or you can store your password vault with some of the most popular cloud services such as Dropbox, Google Drive, and Microsoft OneDrive.


Quick Links

Review some of our most important links below to learn more about KeeWeb and who we are:


TopicLinksDescription
AppsWeb,DesktopTry out our application
DemosWeb,BetaTest our stable and beta releases of Keeweb
ServicesFavicon GrabberServices integrated within Keeweb
Branchesdocker/alpine-base,docker/keewebImportant branches related to our project
TimelineRelease Notes,TODOSee what we're planning
On one pageFeatures,FAQInformation about Keeweb development
Websitekeeweb.infoVisit our official website
Socialkee_webCheck us out on our social media
DonateOpenCollective,GitHubHelp keep us going



Self-hosting

Want to self-host your copy of KeeWeb? Everything you need to host this app on your server is provided within the package. KeeWeb itself is a single HTML file combined with a service worker (optionally; for offline access).

You can download the latest distribution files fromgh-pages branch.


Docker

If you wish to host Keeweb within a Docker container, we provide pre-built images that you can pull into your environment. This section explains how to run Keeweb usingdocker run, or by setting up adocker-compose.yml file.


Note

For a full set of Docker instructions, visit ourdocker/keeweb readme


Images

Use any of the following images in your📄 docker-compose.yml orrun command:


ServiceVersionImage Link
Docker HubDocker Version🔖 keeweb/keeweb:latest
🔖 keeweb/keeweb:1.19.0
🔖 keeweb/keeweb:1.19.0-amd64
🔖 keeweb/keeweb:1.19.0-arm64
🔖 keeweb/keeweb:development
🔖 keeweb/keeweb:development-amd64
🔖 keeweb/keeweb:development-arm64
GithubGithub Version🔖 ghcr.io/keeweb/keeweb:latest
🔖 ghcr.io/keeweb/keeweb:1.19.0
🔖 ghcr.io/keeweb/keeweb:1.19.0-amd64
🔖 ghcr.io/keeweb/keeweb:1.19.0-arm64
🔖 ghcr.io/keeweb/keeweb:development
🔖 ghcr.io/keeweb/keeweb:development-amd64
🔖 ghcr.io/keeweb/keeweb:development-arm64

Docker Run

If you wish to usedocker run; use the following command:

docker run -d --restart=unless-stopped -p 443:443 --name keeweb -v${PWD}/keeweb:/config ghcr.io/keeweb/keeweb:latest

Docker Compose

For users wishing to usedocker compose, create a newdocker-compose.yml with the following:

services:keeweb:container_name:keewebimage:ghcr.io/keeweb/keeweb:latest# Github image# image: keeweb/keeweb:latest               # Dockerhub imagerestart:unless-stoppedvolumes:            -./keeweb:/configenvironment:            -PUID=1000            -PGID=1000            -TZ=Etc/UTC


Traefik Integration

You can put this container behind Traefik if you want to use a reverse proxy and let Traefik handle the SSL certificate management.


Note

These steps areoptional.

If you do not use Traefik, you can skip this section of steps. This is only for users who wish to put this container behind Traefik.

If you do not wish to use Traefik, remember that if you make your Keeweb container public facing, you will need to utilize a service such ascertbot/lets encrypt to generate SSL certificates.


Our first step is to tell Traefik about our Keeweb container. We highly recommend you utilize a Traefikdynamic file, instead oflabels. Using a dynamic file allows for automatic refreshing without the need to restart Traefik when a change is made.

If you decide to uselabels instead of adynamic file, any changes you want to make to your labels will require a restart of Traefik.


We will be setting up the following:

  • Amiddleware to re-direct http to https
  • Aroute to access Keeweb via http (optional)
  • Aroute to access Keeweb via https (secure)
  • Aservice to tell Traefik how to access your Keeweb container
  • Aresolver so that Traefik can generate and apply a wildcard SSL certificate

Labels

To add Keeweb to Traefik, you will need to open yourdocker-compose.yml and apply the following labels to your Keeweb container. Ensure you changedomain.lan to your actual domain name.

services:keeweb:container_name:keewebimage:ghcr.io/keeweb/keeweb:latest# Github image# image: keeweb/keeweb:latest               # Dockerhub imagerestart:unless-stoppedvolumes:            -./keeweb:/configenvironment:            -PUID=1000            -PGID=1000            -TZ=Etc/UTClabels:#   General          -traefik.enable=true#   Router > http          -traefik.http.routers.keeweb-http.rule=Host(`keeweb.localhost`) || Host(`keeweb.domain.lan`)          -traefik.http.routers.keeweb-http.service=keeweb          -traefik.http.routers.keeweb-http.entrypoints=http          -traefik.http.routers.keeweb-http.middlewares=https-redirect@file#   Router > https          -traefik.http.routers.keeweb-https.rule=Host(`keeweb.localhost`) || Host(`keeweb.domain.lan`)          -traefik.http.routers.keeweb-https.service=keeweb          -traefik.http.routers.keeweb-https.entrypoints=https          -traefik.http.routers.keeweb-https.tls=true          -traefik.http.routers.keeweb-https.tls.certresolver=cloudflare          -traefik.http.routers.keeweb-https.tls.domains[0].main=domain.lan          -traefik.http.routers.keeweb-https.tls.domains[0].sans=*.domain.lan#   Load Balancer          -traefik.http.services.keeweb.loadbalancer.server.port=443          -traefik.http.services.keeweb.loadbalancer.server.scheme=https

After you've added the labels above, skip thedynamic.yml section and go straight to thestatic.yml section.



Dynamic.yml

If you decide to not uselabels and want to use a dynamic file, you will first need to create your dynamic file. the Traefik dynamic file is usually nameddynamic.yml. We need to add a newmiddleware,router, andservice to our Traefik dynamic file so that it knows about our new Keeweb container and where it is.

http:middlewares:https-redirect:redirectScheme:scheme:"https"permanent:truerouters:keeweb-http:service:keewebrule:Host(`keeweb.localhost`) || Host(`keeweb.domain.lan`)entryPoints:                -httpmiddlewares:                -https-redirect@filekeeweb-https:service:keewebrule:Host(`keeweb.localhost`) || Host(`keeweb.domain.lan`)entryPoints:                -httpstls:certResolver:cloudflaredomains:                    -main:"domain.lan"sans:                          -"*.domain.lan"services:keeweb:loadBalancer:servers:                    -url:"https://keeweb:443"

Static.yml

These entries will go in your Traefikstatic.yml file. Any changes made to this file requires that you restart Traefik afterward.


Providers

Note

This step is only for users who opted to use thedynamic file method.

Users who opted to uselabels can skip to the sectioncertificatesResolvers


Ensure you add the following new section to yourstatic.yml:


providers:docker:endpoint:"unix:///var/run/docker.sock"exposedByDefault:falsenetwork:traefikwatch:truefile:filename:"/etc/traefik/dynamic.yml"watch:true

The code above is what enables the use of adynamic file instead of labels. Change/etc/traefik/dynamic.yml if you are placing your dynamic file in a different location. This path is relative to inside the container, not your host machine mounted volume path. Traefik keeps most files in the/etc/traefik/ folder.


After you add the above, open your Traefik'sdocker-compose.yml file and mount a new volume so that Traefik knows where your new dynamic file is:

traefik:container_name:traefikimage:traefik:latestrestart:unless-stoppedvolumes:            -/var/run/docker.sock:/var/run/docker.sock:ro            -/etc/localtime:/etc/localtime:ro            -./config/traefik.yml:/etc/traefik/traefik.yml:ro            -./config/dynamic.yml:/etc/traefik/dynamic.yml:ro

You must ensure you add a new volume like shown above:

  • /config/dynamic.yml:/etc/traefik/dynamic.yml:ro

On your host machine, make sure you place thedynamic.yml file in a sub-folder calledconfig, which should be inside the same folder where your Traefik'sdocker-compose.yml file is. If you want to change this location, ensure you change the mounted volume path above.


After you have completed this, proceed to the sectioncertificatesResolvers.


certificatesResolvers

Note

This step is required no matter which option you picked above, both fordynamic file setups, as well as people usinglabels.


Open your Traefikstatic.yml file. We need to define thecertResolver that we added above either in your dynamic file, or label. To define thecertResolver, we will be adding a new section labeledcertificatesResolvers. We are going to use Cloudflare in this example, you can use whatever from the list at:


certificatesResolvers:cloudflare:acme:email:youremail@address.comstorage:/cloudflare/acme.jsonkeyType:EC256preferredChain:'ISRG Root X1'dnsChallenge:provider:cloudflaredelayBeforeCheck:15resolvers:                    -"1.1.1.1:53"                    -"1.0.0.1:53"disablePropagationCheck:true

Once you pick the DNS / SSL provider you want to use from the code above, you need to see if that provider has any special environment variables that must be set. TheProviders Page lists all providers and also what env variables need set for each one.


In our example, since we are usingCloudflare fordnsChallenge ->provider, we must set the following environment variables:

  • CF_API_EMAIL
  • CF_API_KEY

Create a.env environment file in the same folder where your Traefikdocker-compose.yml file is located, and add the following:

CF_API_EMAIL=yourcloudflare@email.comCF_API_KEY=Your-Cloudflare-API-Key

Save the.env file and exit. For these environment variables to be detected by Traefik, you must give your Traefik container a restart. Until you restart Traefik, it will not be able to generate your new SSL certificates.

You can wait and restart in a moment after you finish editing thestatic.yml file, as there are more items to add below.


entryPoints (Normal)

Finally, inside the Traefikstatic.yml, we need to make sure we have ourentryPoints configured. Add the following to the Traefikstatic.yml file only if youDON'T have entry points set yet:

entryPoints:http:address::80http:redirections:entryPoint:to:httpsscheme:httpshttps:address::443http3:{}http:tls:options:defaultcertResolver:cloudflaredomains:                    -main:domain.lansans:                          -'*.domain.lan'

entryPoints (Cloudflare)

If your website is behind Cloudflare's proxy service, you need to modify yourentryPoints above so that you can automatically allow Cloudflare's IP addresses through. This means your entry points will look a bit different.


In the example below, we will addforwardedHeaders ->trustedIPs and add all of Cloudflare's IPs to the list which are available here:

http:address::80forwardedHeaders:trustedIPs:&trustedIps                -103.21.244.0/22                -103.22.200.0/22                -103.31.4.0/22                -104.16.0.0/13                -104.24.0.0/14                -108.162.192.0/18                -131.0.72.0/22                -141.101.64.0/18                -162.158.0.0/15                -172.64.0.0/13                -173.245.48.0/20                -188.114.96.0/20                -190.93.240.0/20                -197.234.240.0/22                -198.41.128.0/17                -2400:cb00::/32                -2606:4700::/32                -2803:f800::/32                -2405:b500::/32                -2405:8100::/32                -2a06:98c0::/29                -2c0f:f248::/32http:redirections:entryPoint:to:httpsscheme:httpshttps:address::443http3:{}forwardedHeaders:trustedIPs:*trustedIpshttp:tls:options:defaultcertResolver:cloudflaredomains:                    -main:domain.lansans:                          -'*.domain.lan'

Save the files and then give Traefik and your Keeweb containers a restart.



Authentik Integration

This section will not explain how to install and set upAuthentik. We are only going to cover adding Keeweb integration to Authentik.


Sign into the Authentik admin panel, go to the left-side navigation, selectApplications ->Providers. Then at the top of the new page, clickCreate.



For theprovider, selectProxy Provider.



Add the following provider values:

  • Name:Keeweb ForwardAuth
  • Authentication Flow:default-source-authentication (Welcome to authentik!)
  • Authorization Flow:default-provider-authorization-implicit-consent (Authorize Application)

SelectForward Auth (single application):

  • External Host:https://keeweb.domain.lan


Once finished, clickCreate. Then on the left-side menu, selectApplications ->Applications. Then at the top of the new page, clickCreate.



Add the following parameters:

  • Name:Keeweb (Password Manager)
  • Slug:keeweb
  • Group:Security
  • Provider:Keeweb ForwardAuth
  • Backchannel Providers:None
  • Policy Engine Mode:any


Save, and then on the left-side menu, selectApplications ->Outposts:



Find yourOutpost and edit it.


MoveKeeweb (Password Manager) to the right sideSelected Applications box.



If you followed ourTraefik guide above, you were shown how to add your Keeweb container to Traefik using either thedynamic file orlabels. Depending on which option you picked, follow that section's guide below.

  • Forlabel users, go to the sectionLabels below.
  • Fordynamic file users, go to the sectionDynamic File below.

Labels

Open your Keeweb'sdocker-compose.yml and modify your labels to include Authentik as amiddleware by addingauthentik@file to the labeltraefik.http.routers.keeweb-https.middlewares. You should have something similar to the example below:

services:keeweb:container_name:keewebimage:ghcr.io/keeweb/keeweb:latest# Github image# image: keeweb/keeweb:latest               # Dockerhub imagerestart:unless-stoppedvolumes:            -./keeweb:/configenvironment:            -PUID=1000            -PGID=1000            -TZ=Etc/UTClabels:#   General          -traefik.enable=true#   Router > http          -traefik.http.routers.keeweb-http.rule=Host(`keeweb.localhost`) || Host(`keeweb.domain.lan`)          -traefik.http.routers.keeweb-http.service=keeweb          -traefik.http.routers.keeweb-http.entrypoints=http          -traefik.http.routers.keeweb-http.middlewares=https-redirect@file#   Router > https          -traefik.http.routers.keeweb-https.rule=Host(`keeweb.localhost`) || Host(`keeweb.domain.lan`)          -traefik.http.routers.keeweb-https.service=keeweb          -traefik.http.routers.keeweb-https.entrypoints=https          -traefik.http.routers.keeweb-https.middlewares=authentik@file          -traefik.http.routers.keeweb-https.tls=true          -traefik.http.routers.keeweb-https.tls.certresolver=cloudflare          -traefik.http.routers.keeweb-https.tls.domains[0].main=domain.lan          -traefik.http.routers.keeweb-https.tls.domains[0].sans=*.domain.lan#   Load Balancer          -traefik.http.services.keeweb.loadbalancer.server.port=443          -traefik.http.services.keeweb.loadbalancer.server.scheme=https

Dynamic.yml

If you opted to use thedynamic file, open your Traefik'sdynamic.yml file and apply theauthentik@file middleware to look something like the following:


keeweb-https:service:keewebrule:Host(`keeweb.localhost`) || Host(`keeweb.domain.lan`)entryPoints:                -httpsmiddlewares:                -authentik@filetls:certResolver:cloudflaredomains:                    -main:"domain.lan"sans:                          -"*.domain.lan"

After you've done everything above, give yourTraefik andAuthentik containers a restart. Once they come back up; you should be able to accesskeeweb.domain.lan and be prompted now to authenticate with Authentik. Once you authenticate, you should be re-directed to your Keeweb home screen which asks you to load a vault file.




Env & Volumes

This section outlines that environment variables can be specified, and which volumes you can mount when the container is started.


Env Variables

The following env variables can be modified before spinning up this container:


Env VarDefaultDescription
PUID1000User ID running the container
PGID1000Group ID running the container
TZEtc/UTCTimezone
PORT_HTTP80Defines the HTTP port to run on
PORT_HTTPS443Defines the HTTPS port to run on

Volumes

The following volumes can be mounted with this container:


VolumeDescription
./keeweb:/configPath which stores Keeweb, nginx configs, and optional SSL certificate/keys

By mounting the volume above, you should now have access to the following folders:

FolderDescription
📁 keysResponsible for storing your ssl certificatecert.crt + keycert.key
📁 logAll nginx / container logs
📁 nginxContainsnginx.conf,resolver.conf,ssl.conf,site-confs
📁 wwwFolder which stores the Keeweb files, images, and plugins

Dropbox Support

To configure Dropbox support on your self-hosted setupview our Wiki page.




Build From Source

Note

Keeweb v1.19.0+ requires a minimum of Node v20.9.0 LTS in order to build.If you require multiple versions of node, you can installnvm

# install nvmwget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.34.0/install.sh| bash# install node 20nvm install 20# switch to node 20nvm use 20

The easiest way to clone all KeeWeb repos is:

curl https://raw.githubusercontent.com/keeweb/keeweb/develop/dev-env.sh| bash -

KeeWeb can be built utilizing thegrunt commandline. Each platform has multiple commands you can use; pick one:


Platform: Windows

You may build KeeWeb forWindows by executing ONE of the following two commands provided:


Using Grunt

grunt dev-desktop-win32 --skip-sign

Using NPM

npm run dev-desktop-windows

Platform: Linux

You may build KeeWeb forLinux by executing ONE of the following two commands provided:


Using Grunt

grunt dev-desktop-linux --skip-sign

Using NPM

npm run dev-desktop-linux


Platform: MacOS

You may build KeeWeb forMacOS by executing ONE of the following two commands provided:

Using Grunt

grunt dev-desktop-darwin --skip-sign

Using NPM

npm run dev-desktop-macos

Once the build is complete, all (html files will be indist/ folder. To build KeeWeb, utilize the following commands below.


To run the desktop (electron) app without building an installer, build the app withgrunt and then launch KeeWeb with one of the following commands:


npm run devnpm run electron

To debug your build:

  1. runnpm run dev
  2. openhttp://localhost:8085

Once built, the output files will be generated intmp:




Donations

KeeWeb is not free to develop. It takes time, requires paid code signing certificates and domains.
You can help the project or say "thank you" with this button:
OpenCollective


You can also sponsor the developer directlyon GitHub.


Please note: donation does not imply any type of service contract.




Contributors ✨

We are always looking for contributors. If you feel that you can provide something useful to Keeweb or our other projects, then we'd love to review your suggestion. Before submitting your contribution, please review the following resources:


Want to help but can't write code?


Alt

Want to help but can't write code?



[8]ページ先頭

©2009-2025 Movatter.jp