Jump to content
XPEnology Community

Bitwarden Self-Hosted Password Manager on Docker


shrabok

Recommended Posts

Today i ran into another problem :(

 

After creating an account, there is an option to send an email to unlock all features. After pressing the button, it says, that the email was sent correctly, but unfortunately no email arrived. Neither in Spamfolder.

I could not find any options to configure an emailserver

Link to comment
Share on other sites

In the bitwarden documentation there is additional details on configuring the smtp as well as in the main post:

On 4/1/2018 at 1:42 PM, shrabok said:
  • Additional changes to consider:
    • modify your bwdata/env/global.override.env for the following features
      • add smtp email
      • disable registrations after you create your accounts
      • other override features specific to your use case
    • restart containers after change to global environment vars
Link to comment
Share on other sites

Hi again! ;)

 

I ran into another little problem today with bitwarden on Synology.

I can access the admin page after creating the local port in docker-admin container and the file in nginx. I do also get the email with the secure link to login, but i am not able to enter the admin page.

After clicking the link in the email, i just get redirected to the login page.

Link to comment
Share on other sites

  • 1 year later...

Hi @Ashvini jain, I recommend reaching out to the bitwarden support forums or bitwarden github to get assistance with bitwarden features unrelated to the Synology part of the install. I did respond to your DM with details on mssql connection strings and resource values you'll likely use. Also see this post for additional information https://github.com/bitwarden/server/issues/473.

Link to comment
Share on other sites

  • 1 month later...

Hi @shrabok

 

I used your way to install bitwarden as docker on a ds918+. Everything is working fine, bw is reachable under localhost:8123, but my reverse proxy is not working. I created the certificate, mapped the certificate to reverse proxy, but when accessing https://bw.domain.com I got the DS-Admin-Login-Page with certificate-warning (default-cert home.domain.com).

 

Any ideas, why my reverse proxy is not working? 

 

Kind regards!

 

Update: Created a HTTP reverse proxy which is working fine... only HTTPS redirects me to :5000 instead the port configured in reverse proxy. 

 

Update2: Found the reason: Portforward in firewall was from 443 to 5001 (DSM default) and not 443. Reverse-Proxy must be 5001 incoming or Portforward changed to 443.

 

Best regards!

Edited by eyeSome
Link to comment
Share on other sites

  • 1 month later...

Hi @Dimebag Darrell,

 

I'm assuming you're referring to the bwdata/logs/ folders?

I checked my bwdata/logs/nginx/access.log and I do see some really old entries.

Checking on the nginx container I do see /etc/logrotate.d/nginx config file to rotate the logs but the logrotate command is not found (which could explain why we're not seeing the rotation occur. 
 

/var/log/nginx/*.log {
        daily
        missingok
        rotate 52
        compress
        delaycompress
        notifempty
        create 640 nginx adm
        sharedscripts
        postrotate
                if [ -f /var/run/nginx.pid ]; then
                        kill -USR1 `cat /var/run/nginx.pid`
                fi
        endscript
}

 

I noticed here https://github.com/bitwarden/server/tree/master/util/Nginx there is another logrotate.sh script (which is not on my container). Not sure why it's not there, but seems there is a few different things going on with how logrotate should be done.

 

The logs are mounted from the container to your local xpenology bwdata/logs folder. A quick manual fix would be to shrink those files down to free up some space.

In regard to a long term fix, I think it might be worth asking in the bitwarden github or forums to get some additional clarity on how logrotate should work.

 

I also tested their script (logrotate.sh) which does work if you want to manually add them to your container
copy the file to you xpenology box
run command `docker cp logrotate.sh bitwarden-nginx:/`
connect to your container `docker exec -it bitwarden-nginx bash`
run logrotate script `./logrotate.sh`
check for file rotation `ls -al /var/log/nginx`

should see an output like
 

root@ceead6c1a56d:/# ls -al /var/log/nginx/
total 6028
drwxr-xr-x 2 nobody nogroup    4096 Apr  2 15:30 .
drwxr-xr-x 7 root   root       4096 Aug 15  2019 ..
-rwxr-xr-x 1 nobody nogroup 6157854 Apr  2 15:29 access.20200402_153011.log.gz
-rwxr-xr-x 1 nobody nogroup      93 Apr  2 15:30 access.log
-rwxr-xr-x 1 nobody nogroup       0 Apr  2 15:30 error.log

I don't have much time to dig into this further at the moment, but I believe getting clarity from bitwarden support would be best to know the appropriate way for logrotate to work.
I also don't know who that logrotate.sh script is being invoked as i do not see a cron (routine task) to execute it.

 

Hope this provides some help.

Link to comment
Share on other sites

  • 4 weeks later...
Before moving to xpenology I've selfhosted using Debian and used docker utilising an alternative build of the bitwarden discussed here:

https://hub.docker.com/r/bitwardenrs/server

it works very well and is simple to use as an alternative. Apparently it is less resource intensive

 

Edited by surfbum
Link to comment
Share on other sites

  • 2 months later...
  • 4 months later...
Le 26/05/2018 à 21:19, ebell a dit :

In order to access the Bitwarden Admin site on the Synology you will need to perform the following:

  • Modify the bitwarden-admin container
    • Stop the container.
    • Click on Edit
    • Click on the Port Settings tab
    • Add the following settings
      • Local port - 8124
      • Container port - 5000
      • Type - TCP
    • Click Apply
    • Start the container
  • Modify the reverse proxy settings via SSH
    • SSH into your Synology Server
    • Change to this directory: /usr/local/etc/nginx/conf.d
    • Create a file in this director (i.e., www.rproxy.bw_admin.conf)
    • Add the following content
      • 
                location ~ /admin/ {
                    proxy_pass http://localhost:8124;
                }

         

    • Save the file and test the configuration. The following should return "Syntax is OK" and "Test is successful"
      • 
        nginx -T > /tmp/nginx.conf

         

    • Restart nginx
      • 
        nginx -s reload

         

Now bwitwarden.url/admin should redirect you to the appropriate page where you can login with an admin account.

Hi !

I can access the admin portal without modiification by using https://biwarden.mydomain.com/admin/login. And enter an email. Can receive it but after when I click on the link it tries to send me to my portal using https://bitwarden.mydomain.com:5000.. So nothing happens..

Is their a way to keep the default port and reach it ? which file should I modify in order to use the 8123 ? 

 

Link to comment
Share on other sites

Le 27/05/2018 à 07:39, shrabok a dit :

 

Hi @ebell

 

In my current installation I can reach the admin site using https://bitwarden.domain.com/admin/login/  without a dedicated port. There is an issue open regarding the https://bitwarden.domain.com/admin redirecting to a non https port here https://github.com/bitwarden/core/issues/253.

 

Your approach could be interesting alternative as a dedicated url specific to admin that is internal only and not public facing.

 

Also I have edit capability to the orginal post  and will attempt to keep it relevant and recent. 

Hi !

Thanks for the how-to...

I can also reach the admin page and send the email but then when I click I am redirected on port 5000. which doesn't respond. How to make it work ?

Link to comment
Share on other sites

  • 3 weeks later...
On 12/11/2020 at 6:03 AM, Guygox said:

Hi !

Thanks for the how-to...

I can also reach the admin page and send the email but then when I click I am redirected on port 5000. which doesn't respond. How to make it work ?

Hi @Guygox, this issue has been open for some time, there is a need to re-write the url to match the admin portal url as the internal server is unaware of the proxy in synology https://github.com/bitwarden/server/issues/253

Link to comment
Share on other sites

  • 3 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...