Skip to main content

6.) Installing Bitwarden

- type in: docker pull bitwardenrs/server:latest-arm32v6

- create your certifikat :

- type in: openssl genpkey -algorithm RSA -aes128 -out private-ca.key -outform PEM -pkeyopt rsa_keygen_bits:2048                                                                         #you need to set a password at the end

- type in: openssl req -x509 -new -nodes -sha256 -days 3650 -key private-ca.key -out self-signed-ca-cert.crt                                                            #type the password from above; it's up to you to fill out the fields or type in just a .

- type in: openssl genpkey -algorithm RSA -out bitwarden.key -outform PEM -pkeyopt rsa_keygen_bits:2048

- type in: openssl req -new -key bitwarden.key -out bitwarden.csr                                                                                                                          #fill out the fields like you want, but at 'common name' you must type in the ip adress of your pi

- type in: sudo nano bitwarden.ext

- paste in:

 

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1 = bitwarden.local                                         #replace it with your domain
DNS.2 = www.bitwarden.local
IP.1 = 192.168.178.1                                                #replace it with the adress of your pi

 


- save and exit the file

- type in :openssl x509 -req -in bitwarden.csr -CA self-signed-ca-cert.crt -CAkey private-ca.key -CAcreateserial -out bitwarden.crt -days 365 -sha256 -extfile bitwarden.ext                                                                                                                                                                                        #password from above ; certificats need to be renewed after 365 days

- type in: sudo mv bitwarden.crt bitwarden.key /etc/ssl/certs

- now copy the certificats via filezilla (for Windows) to your computer                                                                                                                                        #connection via ftps ; user = pi ; password = same as ssh password
- install the certificats on your computer, phoe etc.

- type in: docker run -d --name bitwarden --restart unless-stopped -v /media/dockerdata/bw-data:/data -v /etc/ssl/certs:/ssl -e ROCKET_TLS='{certs="/ssl/bitwarden.crt",key="/ssl/bitwarden.key"}' -p 6500:80 bitwardenrs/server:latest-arm32v6

- creat your host for Bitwarden in Nginx if you want access to it over the internet; the port is 6500

- type in your browser your Bitwarden url

- create your account

- if you open your Bitwarden to the internet, everyone can create an account on your system!!

- closing your Bitwarden for new users:

- there are two ways, one fast and one which gives you also access to the admin web page (which allows more settings to set up)

 1.

- when all users you want to add are created on Bitwarden, go to portainer an duplicate the Bitwarden container                    - and add an ENV with : SIGNUPS_ALLOWED = false                                                                                                                        (the button will still be there on the site, but an arror accours when trying to create a new user) 

 2.

- in order to get the Bitwarden admin web page:
 - generate a token: type in your console: openssl rand -base64 64
- copy the generated token
- in portainer duplicate the Bitwarden container:
- add a ENV: ADMIN_TOKEN = "paste_in_the_token_from_above"
- deploy the container
- you get to the admin page via https://your-bitwarden-url/admin
- under general setting type in your Bitwarden url and save
- now you can make the changes you want, disallow new signups
- tip: if you set up the smtp email settings you can now invite new users via there email adress