Jump to content

kilobit

Members
  • Content Count

    53
  • Joined

  • Last visited

Community Reputation

4 Neutral

About kilobit

  • Rank
    Advanced Member

Converted

  • Gender
    Undisclosed

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Wow I am really liking this docker man. Im getting much faster speed with cloudfare udp over tls on this. Thanks
  2. If your just doing a local install then map a different port on your docker container and accept the certificate error. I don't believe this will run unencrypted.
  3. Beware of putting anything important in the vault area. I had put some stuff in there a couple weeks ago and now when I try to download an attachment on the vault it says unknown error. I'll have to dig around in the logs to see what's going on I'll post back.
  4. Ok, here is everything you need to do to get this working. First edit bitwarden container then click on "advanced" Extra Parameters: -e LOG_FILE=/log/bitwarden.log -e LOG_LEVEL=warn -e EXTENDED_LOGGING=true Then add path: container path: /log host path: /mnt/user/syslog (unraid share you want bitwarden to log to) access mode: read/write #apply/done Next edit letsencrypt container then add path: container path: /log host path: /mnt/user/syslog (unraid share you want bitwarden to log to) access mode: read/write #apply/done Now edit ../appdata/letsencrypt/fail2ban/jail.local * at the BOTTOM of the file add: [bitwarden] enabled = true port = http,https filter = bitwarden action = iptables-allports[name=bitwarden] logpath = /log/bitwarden.log maxretry = 3 bantime = 14400 findtime = 14400 #save/close Then create and edit ../appdata/letsencrypt/fail2ban/filter.d/bitwarden.conf and add: [INCLUDES] before = common.conf [Definition] failregex = ^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$ ignoreregex = #save and close #restart letsencrypt container ***Testing Use your phone or something outside your lan and once you fail 3 logins you will be banned. To show banned ips and unban enter the letsencrypt console from the docker window. Lists banned ips: iptables -n -L --line-numbers Unbans ip: fail2ban-client set bitwarden unbanip 107.224.235.134 exit -End
  5. Its not the money for me but the security. To be honest they maybe have an even better setup than we can offer but every day something is getting breached.
  6. I got fail2ban installed but my regex is terrible and the default one isnt working for some reason and its not seeing the log. I had to apt-get update and apt-get install fail2ban. Then I removed the jails in the default conf that was causing a problem. Followed this link https://github.com/dani-garcia/bitwarden_rs/wiki/Fail2Ban-Setup and I have ran out of time today.
  7. This docker is not secure as is for outside access. Digging around so far I found that logging was not enabled so I enabled it on the template under advanced, then extra parameters -e LOG_FILE=/data/bitwarden.log -e LOG_LEVEL=warn -e EXTENDED_LOGGING=true and now it logs into the /data/bitwarden.log file. Now I cant execute fail2ban so maybe its not installed either because its not where the link you send shows it to be. I am not that familiar with docker honestly so I wouldnt know where to begin with that. I love this app and thanks for getting it for us worst case scenario I can have it log to letsencrypt and configure a jail for it in there.
  8. This seems to be a full dns server, whereas pihole is just a dns forwarder if im correct. I am still testing this and I like that I can add dns entries. It seems faster than pihole as im boucing between both testing stuff. You can also use pihole for encrypted dns by using ONLY cloudfare servers on port 853. You might also need to block local request on the firewall for port 53 or you may have leaks.
  9. I noticed that this docker has a logfile called "faillog" but didnt find any fail2ban configs anywhere. Whats going to stop someone from bruteforcing the login? Also, where are the log files?
  10. **For anyone that has a problem installing this to remove the files*** I have these .SquidBait files scattered all over my array.. what a mess! find /mnt/user/* -name ".SquidBait*" -exec rm -fv {} \; Bam no more **Remove the -exec rm -fv {} \; part if you want to see their location to remove manually. ***Also, I just realized some are not hidden either so run that again using "Squidbait* without the dot "."
  11. There is no need if your doing your backups regularly. <borg backup>
  12. I get this in syslog when I install Feb 6 15:17:17 Tower root: plugin: creating: /boot/config/plugins/ssh/read_me.txt - downloading from URL https://github.com/docgyver/unraid-v6-plugins/releases/download/ssh/read_me.txt Feb 6 15:17:24 Tower root: plugin: running: anonymous
  13. Not seeing anything in mine tower-diagnostics-20200206-1508.zip
  14. This looks like what I've wanted for ages, been forwarding my pfsense/pihole dns queries over port 853 to cloudfare for a while. I will post back thanks for contributing.
  15. This is a perfectly normal default setting. Welcome to Unraid