[support] Vaultwarden (formerly Bitwarden_rs)


Recommended Posts

Hello everyone, I have bitwardenrs installed on my unraid server and all set up. I have smtp setup, etc. When I go to login I get the "This browser requires HTTPS to use the web vault, Check the bitwarden_rs wiki for details on how to enable it."

 

After reading through this I see that this is meant to be ran with a reverse proxy. Is there a way to set this up locally? I don't want to use a dns. I would like to be able to just enter the dockers ip to access.

 

I tried reading through and figuring out the cert stuff, but this is a little over my head. 

 

Could someone walk me through how to set this up and get the files I need and copied to bitwardenrs so I can use this locally if it is possible?

 

I was able to make the "ssl" folder in my /appdata/bitwarden/, and that was about it

 

Thank you so much,

Josh

Link to comment

I think I have make headway. I made the cert.pem and key.pem files and added them to the SSL folder. I then opened the console for the container and pasted:

docker run -d --name bitwarden \
  -e ROCKET_TLS='{certs="/ssl/certs.pem",key="/ssl/key.pem"}' \
  -v /ssl/keys/:/ssl/ \
  -v /bw-data/:/data/ \
  -p 443:80 \
  bitwardenrs/server:latest

 

But in the log I get:

[start][INFO] Rocket has launched from http://0.0.0.0:80

 

But I need it to start on https://10.10.60.100

 

Edit:

Is "-v /bw-data/:/data/ \" correct for this specific docker? I think both

  -v /ssl/keys/:/ssl/ \
  -v /bw-data/:/data/ \

Could be wrong for me here, I have my ssl folder here: 

     "appdata\bitwarden\ssl"

 

Also on my certs when it asked for common name I did: "10.10.60.100" should I have done "https://10.10.60.100"?

Edited by cgi2099
Link to comment
  • 3 weeks later...
  • 2 weeks later...
    # Proxy!
    include conf.d/include/proxy.conf;
  }

  location /admin {
        return 404;
  }

  # Custom
  include /data/nginx/custom/server_proxy[.]conf;
}

 I did it like this and it's working great. When I access admin page through the internet (with domain) I get 404 error, when I do it through local address I can access it just fine.

And yes, I'm using Nginx Proxy Manager.

Edited by yogy
Link to comment
8 minutes ago, yogy said:

    # Proxy!
    include conf.d/include/proxy.conf;
  }

  location /admin {
        return 404;
  }

  # Custom
  include /data/nginx/custom/server_proxy[.]conf;
}

 I did it like this and it's working great. When I access admin page through the internet (with domain) I get 404 error, when I do it through local address I can access to it just fine.

And yes, I'm using Nginx Proxy Manager.

This worked perfectly! Thank you very much!

Link to comment

Hello all, 

 

There is a way to use bitwarden local only? I dont want to use with reverse proxy. I have wireguard and its good for me. 

At the moment I can use bitwarden from android app, but I can not login in with chrome becouse of the https.

Any help or tips? 

Thank you

Link to comment
6 hours ago, yogy said:

    # Proxy!
    include conf.d/include/proxy.conf;
  }

  location /admin {
        return 404;
  }

  # Custom
  include /data/nginx/custom/server_proxy[.]conf;
}

 I did it like this and it's working great. When I access admin page through the internet (with domain) I get 404 error, when I do it through local address I can access it just fine.

And yes, I'm using Nginx Proxy Manager.

Does this just get pasted in the Advanced section for the Proxy Entry?

image.png.49daadca674eb41dc619e3793894665c.png

Link to comment
On 4/7/2021 at 12:08 AM, norbertt said:

Hello all, 

 

There is a way to use bitwarden local only? I dont want to use with reverse proxy. I have wireguard and its good for me. 

At the moment I can use bitwarden from android app, but I can not login in with chrome becouse of the https.

Any help or tips? 

Thank you

You can access Bitwarden server through the browser by entering local IPaddress:port assigned by unRAID (only https is allowed). Don't know if Android app and browser extension works with local IP. I don't know why you don't use Nginx Proxy Manager, it's very safe if you own a domain name and use it with Let's Encrypt certificate. To double your security you should enable two factor authentication.

 

On 4/7/2021 at 2:29 AM, JT24 said:

Easy, just don't forward ports.
You'll still probably need a certificate though.

 

You don't need to forward any ports with Nginx Proxy Manager in your Router (except the ones used by NPM). Also for local access you don't need any port forwarding.

 

On 4/7/2021 at 2:34 AM, JT24 said:

Does this just get pasted in the Advanced section for the Proxy Entry?

image.png.49daadca674eb41dc619e3793894665c.png

 No, this is done through Command Line / Terminal in unRAID. You can use Putty for that. You need to know where NPM is located (ussually /mnt/user/appdata/NginxProxyManager/nginx/proxy_host or similar). You need to access coresponding *.conf file with vi or nano command to add those lines.

 

On 4/7/2021 at 7:43 AM, norbertt said:

How should I manage that from Unraid?

Thank you 

You don't manage port forwarding from unRAID. In this case you don't have to do anything on your router / firewall. Look for the IP address and port for Bitwarden docker container and put this in your browser. That's how you access Bitwarden localy. But again, I don't see much use of it this way.

Edited by yogy
Link to comment
  • 2 weeks later...
  • Roxedus changed the title to [support] Vaultwarden (formerly Bitwarden_rs)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.