安装Create a Secure Web Based Password Vault with Keepass Web

Log into the Debian device
Run the following commands in a terminal:
# update repositories and install any available software updates
sudo apt update
sudo apt upgrade
# install apache2
sudo apt install apache2
# download and extract keepass web
wget https://github.com/keeweb/keeweb/archive/gh-pages.zip
sudo unzip gh-pages.zip -d /var/www/html/
sudo mv /var/www/html/keeweb-gh-pages /var/www/html/keepass
# create webdav directory and set permissions
sudo mkdir /var/www/html/webdav
sudo chown -R www-data:www-data /var/www/html/webdav
# change permissions on the newly setup application folder
sudo chown -R www-data:www-data /var/www/html/keepass
# create a new keepass.conf file to configure the site
sudo nano /etc/apache2/sites-available/keepass.conf
Paste the following directives into keepass.conf
DavLockDB "/var/www/html/webdav/DavLock"
<Location /keepass >
RewriteEngine on
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ blank.html [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}]
# Don't require LDAP authentication for a healthcheck
SetEnvIf Request_URI "^/healhcheck" accessgranted=1
Order deny,allow
Satisfy any
Deny from all
Allow from env=accessgranted
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL "ldap://i12bretro.local:389/DC=i12bretro,DC=local?sAMAccountName?sub?(objectClass=user)" NONE
AuthLDAPBindDN "readonly_svc@i12bretro.local"
AuthLDAPBindPassword "Read0nly!!"
AuthName "Restricted Area [i12bretro.local]"
# to authenticate a domain group, specify the full DN
AuthLDAPGroupAttributeIsDN on
require ldap-group CN=WebAuthAccess,CN=Users,DC=i12bretro,DC=local
</Location>
<Location "/webdav">
DAV On
AuthType "Basic"
AuthName "webdav"
Options Indexes
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Headers "origin, content-type, cache-control, accept, authorization, if-match, destination, overwrite"
Header always set Access-Control-Expose-Headers "ETag"
Header always set Access-Control-Allow-Methods "GET, HEAD, POST, PUT, OPTIONS, MOVE, DELETE, COPY, LOCK, UNLOCK"
Header always set Access-Control-Allow-Credentials "true"
</Location>
Edit the index.html file and modify the kw-config meta tag, setting the value to config.json
#
sudo nano /var/www/html/keepass/index.html
Press CTRL+O, Enter, CTRL+X to write the changes to index.html
Create and edit config.json to by running the following command:
sudo nano /var/www/html/keepass/config.json
Paste the following in to config.json
{
   "settings": {
       "theme": "fb",
       "autoSave": true,
       "autoSaveInterval": 1,
       "canOpenDemo": false,
       "dropbox": false,
       "gdrive": false,
       "onedrive": false,
       "canExportXml": true
   },
   "files": [{
       "storage": "webdav",
       "name": "Database",
       "path": "/webdav/database.kdbx"
   }]
}
Press CTRL+O, Enter, CTRL+X to write the changes to config.json
Continue by executing the following commands in terminal:
# enable the keepass site and required Apache modules
sudo a2ensite keepass
sudo a2enmod dav dav_fs ldap authnz_ldap rewrite headers
# restart apache2 service for the changes to take effect
sudo systemctl restart apache2
Open a web browser and navigate to http://DNSorIP/keepass
Authenticate with a valid LDAP user account
Click the New icon
Click the New link in the lower left hand corner
Enter a Master password and re-type it to confirm
Enter a Name for the keepass database
Click the Save to... button > File
Save the database to ~/database.kdbx
Close the browser
Continue by executing the following commands in terminal:
# copy the keepass database to webdav directory
sudo mv ~/database.kdbx /var/www/html/webdav/
Open a web browser and navigate to http://DNSorIP/keepass
Enter the master password created earlier
Enjoy your web based keepass editor