shrabok

Bitwarden Self-Hosted Password Manager on Docker

Recommended Posts

Today i ran into another problem :(

 

After creating an account, there is an option to send an email to unlock all features. After pressing the button, it says, that the email was sent correctly, but unfortunately no email arrived. Neither in Spamfolder.

I could not find any options to configure an emailserver

Share this post


Link to post
Share on other sites

In the bitwarden documentation there is additional details on configuring the smtp as well as in the main post:

On 4/1/2018 at 1:42 PM, shrabok said:
  • Additional changes to consider:
    • modify your bwdata/env/global.override.env for the following features
      • add smtp email
      • disable registrations after you create your accounts
      • other override features specific to your use case
    • restart containers after change to global environment vars

Share this post


Link to post
Share on other sites
10 minutes ago, shrabok said:

In the bitwarden documentation there is additional details on configuring the smtp as well as in the main post:

Thanks a lot! I did not found this information. *shame*

Now all works, like it should!

Share this post


Link to post
Share on other sites

Hi again! ;)

 

I ran into another little problem today with bitwarden on Synology.

I can access the admin page after creating the local port in docker-admin container and the file in nginx. I do also get the email with the secure link to login, but i am not able to enter the admin page.

After clicking the link in the email, i just get redirected to the login page.

Share this post


Link to post
Share on other sites

Hi Could anyone share some knowledge on how to link external mssql to bitwarden on premise. I specifically require how to edit the global.override.env -> global string for data source.
 

Share this post


Link to post
Share on other sites

Hi @Ashvini jain, I recommend reaching out to the bitwarden support forums or bitwarden github to get assistance with bitwarden features unrelated to the Synology part of the install. I did respond to your DM with details on mssql connection strings and resource values you'll likely use. Also see this post for additional information https://github.com/bitwarden/server/issues/473.

Share this post


Link to post
Share on other sites

Hi @shrabok

 

I used your way to install bitwarden as docker on a ds918+. Everything is working fine, bw is reachable under localhost:8123, but my reverse proxy is not working. I created the certificate, mapped the certificate to reverse proxy, but when accessing https://bw.domain.com I got the DS-Admin-Login-Page with certificate-warning (default-cert home.domain.com).

 

Any ideas, why my reverse proxy is not working? 

 

Kind regards!

 

Update: Created a HTTP reverse proxy which is working fine... only HTTPS redirects me to :5000 instead the port configured in reverse proxy. 

 

Update2: Found the reason: Portforward in firewall was from 443 to 5001 (DSM default) and not 443. Reverse-Proxy must be 5001 incoming or Portforward changed to 443.

 

Best regards!

Edited by eyeSome

Share this post


Link to post
Share on other sites

thanks a lot for the tuto

 

Just a quick question, is there any procedure to flush the logs ?

I've noticed an increase of the space used by bitwarden 

 

Share this post


Link to post
Share on other sites

Hi @Dimebag Darrell,

 

I'm assuming you're referring to the bwdata/logs/ folders?

I checked my bwdata/logs/nginx/access.log and I do see some really old entries.

Checking on the nginx container I do see /etc/logrotate.d/nginx config file to rotate the logs but the logrotate command is not found (which could explain why we're not seeing the rotation occur. 
 

/var/log/nginx/*.log {
        daily
        missingok
        rotate 52
        compress
        delaycompress
        notifempty
        create 640 nginx adm
        sharedscripts
        postrotate
                if [ -f /var/run/nginx.pid ]; then
                        kill -USR1 `cat /var/run/nginx.pid`
                fi
        endscript
}

 

I noticed here https://github.com/bitwarden/server/tree/master/util/Nginx there is another logrotate.sh script (which is not on my container). Not sure why it's not there, but seems there is a few different things going on with how logrotate should be done.

 

The logs are mounted from the container to your local xpenology bwdata/logs folder. A quick manual fix would be to shrink those files down to free up some space.

In regard to a long term fix, I think it might be worth asking in the bitwarden github or forums to get some additional clarity on how logrotate should work.

 

I also tested their script (logrotate.sh) which does work if you want to manually add them to your container
copy the file to you xpenology box
run command `docker cp logrotate.sh bitwarden-nginx:/`
connect to your container `docker exec -it bitwarden-nginx bash`
run logrotate script `./logrotate.sh`
check for file rotation `ls -al /var/log/nginx`

should see an output like
 

root@ceead6c1a56d:/# ls -al /var/log/nginx/
total 6028
drwxr-xr-x 2 nobody nogroup    4096 Apr  2 15:30 .
drwxr-xr-x 7 root   root       4096 Aug 15  2019 ..
-rwxr-xr-x 1 nobody nogroup 6157854 Apr  2 15:29 access.20200402_153011.log.gz
-rwxr-xr-x 1 nobody nogroup      93 Apr  2 15:30 access.log
-rwxr-xr-x 1 nobody nogroup       0 Apr  2 15:30 error.log

I don't have much time to dig into this further at the moment, but I believe getting clarity from bitwarden support would be best to know the appropriate way for logrotate to work.
I also don't know who that logrotate.sh script is being invoked as i do not see a cron (routine task) to execute it.

 

Hope this provides some help.

Share this post


Link to post
Share on other sites

I made a pull request to hopefully fix it https://github.com/bitwarden/server/pull/692

Share this post


Link to post
Share on other sites
Posted (edited)
Before moving to xpenology I've selfhosted using Debian and used docker utilising an alternative build of the bitwarden discussed here:

https://hub.docker.com/r/bitwardenrs/server

it works very well and is simple to use as an alternative. Apparently it is less resource intensive

 

Edited by surfbum

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.