6.) Installing Bitwarden
- type in: docker pull bitwardenrs/server:latest-arm32v6
- create your certifikat :
- type in: openssl genpkey -algorithm RSA -aes128 -out private-ca.key -outform PEM -pkeyopt rsa_keygen_bits:2048 #you need to set a password at the end
- type in: openssl req -x509 -new -nodes -sha256 -days 3650 -key private-ca.key -out self-signed-ca-cert.crt #type the password from above; it's up to you to fill out the fields or type in just a .
- type in: openssl genpkey -algorithm RSA -out bitwarden.key -outform PEM -pkeyopt rsa_keygen_bits:2048
- type in: openssl req -new -key bitwarden.key -out bitwarden.csr #fill out the fields like you want, but at 'common name' you must type in the ip adress of your pi
- type in: sudo nano bitwarden.ext
- paste in:
[alt_names]
DNS.1 = bitwarden.local #replace it with your domain
DNS.2 = www.bitwarden.local
IP.1 = 192.168.178.1 #replace it with the adress of your pi
- save and exit the file
- type in :openssl x509 -req -in bitwarden.csr -CA self-signed-ca-cert.crt -CAkey private-ca.key -CAcreateserial -out bitwarden.crt -days 365 -sha256 -extfile bitwarden.ext #password from above ; certificats need to be renewed after 365 days
- type in: sudo mv bitwarden.crt bitwarden.key /etc/ssl/certs
- now copy the certificats via filezilla (for Windows) to your computer #connection via ftps ; user = pi ; password = same as ssh password
- install the certificats on your computer, phoe etc.
- type in: docker run -d --name bitwarden --restart unless-stopped -v /media/dockerdata/bw-data:/data -v /etc/ssl/certs:/ssl -e ROCKET_TLS='{certs="/ssl/bitwarden.crt",key="/ssl/bitwarden.key"}' -p 6500:80 bitwardenrs/server:latest-arm32v6
- creat your host for Bitwarden in Nginx if you want access to it over the internet; the port is 6500
- type in your browser your Bitwarden url
- create your account
- if you open your Bitwarden to the internet, everyone can create an account on your system!!
- closing your Bitwarden for new users:
- there are two ways, one fast and one which gives you also access to the admin web page (which allows more settings to set up)
1.
- when all users you want to add are created on Bitwarden, go to portainer an duplicate the Bitwarden container - and add an ENV with : SIGNUPS_ALLOWED = false (the button will still be there on the site, but an arror accours when trying to create a new user)
2.
- in order to get the Bitwarden admin web page:
- generate a token: type in your console: openssl rand -base64 64
- copy the generated token
- in portainer duplicate the Bitwarden container:
- add a ENV: ADMIN_TOKEN = "paste_in_the_token_from_above"
- deploy the container
- you get to the admin page via https://your-bitwarden-url/admin
- under general setting type in your Bitwarden url and save
- now you can make the changes you want, disallow new signups
- tip: if you set up the smtp email settings you can now invite new users via there email adress