[[support] Vaultwarden (formerly Bitwarden_rs)]

Hi everybody,
Did anyone already try to setup a full local selfhosted bitwarden (without any Let's Encrypt) and make it working with Android ?
 
I have bitwarde docker running on my Unraid, reachable on all web browser through https://tower:18443/bitwarden (including Web browsers on my phone) thanks to a self signed certificate with self CA. The only thing I can't have working is the bitwarden Android App which throw me a "Trust anchor for certification path not found" error even though i've imported the CA certificate.
 
Here is how I generate my stuff :

# >>>>> CA Keyopenssl genrsa -des3 -out towerrootCA.key 4096# >>>>> CA Certopenssl req -x509 -new -nodes -key towerrootCA.key -sha256 -extensions v3_ca -config conf.file -days 365 -out towerrootCA.crt# >>>>> Server Keyopenssl genrsa -out tower.key 2048# >>>>> Server csropenssl req -new -sha256 -key tower.key -subj "/C=FR/ST=FR/O=MyNas/CN=tower" -extensions v3_req -out tower.csr# >>>>> Server certopenssl x509 -req -in tower.csr -CA towerrootCA.crt -CAkey towerrootCA.key -CAcreateserial -out tower.crt -extensions v3_req -days 365 -sha256 -extfile conf.file cat tower.crt towerrootCA.crt > finalcertif.crt

 
With my config.file :

[req]distinguished_name = req_distinguished_namex509_extensions = v3_reqprompt = no[req_distinguished_name]C = FRST = FRL = LocalO = MyNasOU = MyNasCN = tower[ v3_ca ]subjectKeyIdentifier=hashauthorityKeyIdentifier=keyid:always,issuerbasicConstraints = critical, CA:TRUE, pathlen:3keyUsage = critical, cRLSign, keyCertSignnsCertType = sslCA, emailCA[v3_req]keyUsage = nonRepudiation, digitalSignature, keyEnciphermentextendedKeyUsage = serverAuthsubjectAltName = u/alt_names[alt_names]DNS.1 = towerDNS.2 = tower.localDNS.3 = tower:18443

 
Thank you for help, have a good day,

If it is anything like the iOS app, if keeps its own chain of certs

[[support] Vaultwarden (formerly Bitwarden_rs)]

I did consider that way when I did my post, and my conclusion is still that it should not be able be reached outside of the lan. I have the port mapped, so I can reach it outside of the reverse proxy, if that's not the case for you, doing a allow/deny is the next best option, outside of just disabling the admin panel in the container.

[[support] Roxedus ts-dnsserver]

10 hours ago, erlipton said:

settings page will not update the auto-filled

This is not a bug. The container has no idea what port you set on the host-side. 

[[support] Vaultwarden (formerly Bitwarden_rs)]

3 hours ago, foR said:

unable to open database file

sounds like the database is missing, corrupted or set to read-only

[[support] Vaultwarden (formerly Bitwarden_rs)]

2 hours ago, SimplifyAndAddCoffee said:

1. I get a 502 bad gateway using the subdomain to try and hit the bitwardenrs docker on 8086. 

Bitwarden_rs runs on port 80 by default, have you changed the app itself to listen to 8086?
 

 

2 hours ago, SimplifyAndAddCoffee said:

2. I don't want bitwarden exposed to the internet

There is two ways you can tackle this. But which to choose depends on two things, do you use dns validation with swag, and do you have a internal dns server?
If the answer to both is yes, you can just set up the local dns to point to swag on your subdomain. If it is no on either of those, you can use allow/deny in nginx to only let the lan subnet connect. 

[[support] Vaultwarden (formerly Bitwarden_rs)]

21 minutes ago, blaine07 said:

Any idea when this will be updated to include their new features and such mate?

Follow the bitwarden_rs project. As stated in the post, i do not create these applications. 

[[support] Vaultwarden (formerly Bitwarden_rs)]

Hi,
why do I not have the Emergency Access option ?
 

It is not implemented in this version.

[How To Publish Docker Templates to Community Applications on unRAID]

The combability aspect is new for me. 
Yea, I plan on expanding the page in the near future

[[Support] selfhosters.net's Template Repository]

On 1/17/2021 at 1:15 PM, kim_sv said:

Can't access web-UI with VPN?

 

Hi!

Been using Speedtest-tracker now for a while and very pleased. Thank you!

 

Figured yesterday that I would try to put it behind my VPN to see what speed I actually get. I have all my downloading containers mapped through binhex-qbittorrent-vpn, so I thought I would map a new speedtest-tracker container through qBit also.

 

But can't get it to work. I'm fairly noob with this so I have probably just made a turd of everything 😁

 

This is how I tried to set it up:

Mapped :8766 in qBittorrent for speedtest-tracker (named it "speedtest-tracker-vpn" to keep them apart)

 

Added "--net=container:binhex-qbittorrentvpn" to 'Extra Parameters' but not sure if it's ok to just add that with a space after "--restart unless-stopped"? Changed 'Network Type' to "None".

Also choose :8766 as port to not interfere with :8765 that the normal speedtest-tracker use.

 

The container starts and seems to run but I can't access the web-UI? Any ideas?

 

You cannot change ports when using the --network argument, it behaves similarly to host. you would have to use port 80.

[[support] Vaultwarden (formerly Bitwarden_rs)]

1 minute ago, J05u said:

it the app i just pointed to the domain name. And plus webpage is not opening also

And just to be sure, other sites on the same domain work? 

[[support] Vaultwarden (formerly Bitwarden_rs)]

Just now, J05u said:

yes, as i said i don't need to be in my local network, any vpn connection on iphone/ipad solves issue, so i am wondering what can be wrong. Why i need to have any vpn turned on to make it working

This just enforces my suspicion of the app using a ip or something

[[support] Vaultwarden (formerly Bitwarden_rs)]

3 minutes ago, J05u said:

Yes. It's working, but only when any vpn is turned on. Even which one is changing some dns if i am right

And you are sure your app i set to connect to the subdomain?

[[support] Vaultwarden (formerly Bitwarden_rs)]

7 hours ago, blaine07 said:

Posting a pic; evidently BW can’t get certain Favicons; is this stuff in life reason for alarm or?

 

 

Im not sure how advanced that feature is, like if it follows the html tag for favicon, or just assumes it lives on /favicon.ico, i have those errors too sometimes, and i havent seen anything bad from it. 

[[support] Vaultwarden (formerly Bitwarden_rs)]

8 hours ago, J05u said:

Hello, i have very weird issue with Bitwarden via my subdomain

When i try to access my bitwarden via my phone lte - can't connect. Once i am turning any vpn, even addblocking like adguard - everything works. What can be wrong?

Are you using the sample in swag?

[How To Publish Docker Templates to Community Applications on unRAID]

Like the video. But my OCD really don't like the output, many of the fields are just not needed, I dedicated whole section on that on my write up on how to create a template.

[[support] Roxedus ts-dnsserver]

17 minutes ago, iTHiNDiL said:

problem is on the container?

It was. They have hid their changelog in a way that there is no reliable way to get notifications. They silently updated the requirements. Runs on latest build

[[support] Vaultwarden (formerly Bitwarden_rs)]

51 minutes ago, Endy said:

The backend points to the ip and port of the bitwarden docker container, encrypt ssl and ssl checks are off.

Its been a while since i used HAProxy, but you need to set it to connect over https, but to not validate the cert, as it is self-signed

[[support] Vaultwarden (formerly Bitwarden_rs)]

On 12/19/2020 at 11:33 PM, Endy said:

HAProxy stats shows that Bitwarden is up.

atleast give some config so we can help. 

[[support] Vaultwarden (formerly Bitwarden_rs)]

3 hours ago, tmor2 said:

I don't understand what "swag" is. I don't understand how the question on "or letsencrypt" is different from my "I have BW with Letsencrypt"? Are you using letsencrypt in some other context?

In what context are you using letsencypt in? 

[[Support] Organzir Organizr]

1 hour ago, tinymegalodon said:

Any suggestions?

You are probably running into this browser resctriction: https://docs.organizr.app/books/troubleshooting/page/redirect-looping---samesite-errors

[Docker Template XML Schema]

Might be worth mentioning somewhere that `https://github.com/<username>.png` works
Pros:

• Easier
• Dynamic
• Prettier

Cons:

•  

[[Support] selfhosters.net's Template Repository]

32 minutes ago, scud133b said:

For paperless-ng, is there an environment variable for a redis password? I've been searching for a while now and can only find detail about the one variable to specify the redis host, but not the password.

Pretty sure you do that in the same variable
> redis://username:password@[IP]:6379

[[support] Roxedus ts-dnsserver]

Are you using macvlan?

 

[[support] Roxedus ts-dnsserver]

As I noted in this PR. Expose is not the issue. https://github.com/Roxedus/docker-TS-DnsServer/pull/2#issuecomment-751127753

[[support] Roxedus ts-dnsserver]

Did you actually enable the DHCP scope? it doesnt listen before there is a enabled DHCP scope.