6.) Installing Bitwarden
- typecreate in:
docker pull bitwardenrs/server:latest-arm32v6docker-compose.yml
- create your certifikat :
- typepaste in:
openssl
version: genpkey'3'
services:
bitwarden:
image: bitwardenrs/server
restart: always
ports:
-algorithm RSA6500:80
volumes:
-aes128 -out./bw-data:/data
private-ca.keyenvironment:
-outformWEBSOCKET_ENABLED: PEM'true' -pkeyopt# rsa_keygen_bits:2048 #you needRequired to use websockets
SIGNUPS_ALLOWED: 'true' # set a password at the end
- type in:
openssl req -x509 -new -nodes -sha256 -days 3650 -key private-ca.key -out self-signed-ca-cert.crt #type the password from above; it's up to youfalse to filldisable out the fields or type in just a .
- type in:
openssl genpkey -algorithm RSA -out bitwarden.key -outform PEM -pkeyopt rsa_keygen_bits:2048
- type in:
openssl req -new -key bitwarden.key -out bitwarden.csr #fill out the fields like you want, but at 'common name' you must type in the ip adress of your pi
- type in:
sudo nano bitwarden.ext
signups
- paste in:in
docker-compose up -d
[alt_names]DNS.1 = bitwarden.local #replace it with your domainDNS.2 = www.bitwarden.localIP.1 = 192.168.178.1 #replace it with the adress of your pi
- save and exit the file
- type in :
openssl x509 -req -in bitwarden.csr -CA self-signed-ca-cert.crt -CAkey private-ca.key -CAcreateserial -out bitwarden.crt -days 365 -sha256 -extfile bitwarden.ext #password from above ; certificats need to be renewed after 365 days
- type in:
sudo mv bitwarden.crt bitwarden.key /etc/ssl/certs
- now copy the certificats via filezilla (for Windows) to your computer #connection via ftps ; user = pi ; password = same as ssh password
- install the certificats on your computer, phoe etc.
- type in:
docker run -d --name bitwarden --restart unless-stopped -v /media/dockerdata/bw-data:/data -v /etc/ssl/certs:/ssl -e ROCKET_TLS='{certs="/ssl/bitwarden.crt",key="/ssl/bitwarden.key"}' -p 6500:80 bitwardenrs/server:latest-arm32v6
- creat your host for Bitwarden in Nginx if you want access to it over the internet; the port is 6500
- type in your browser your Bitwarden url
- create your account
- if you open your Bitwarden to the internet, everyone can create an account on your system!!
closing your Bitwarden for new users:
- there are two ways, one fast and one which gives you also access to the admin web page (which allows more settings to set up)
1.
- when all users you want to add are created on Bitwarden, go to portainer and duplicate the Bitwarden container
- add an ENV with : SIGNUPS_ALLOWED = false # the button will still be there on the bitwarden-website, but an arror accours when trying to create a new user
2.
- in order to get the Bitwarden admin web page:
- generate a token: type in your console:
openssl rand -base64 64
- copy the generated token
- in portainer, duplicate the Bitwarden container:
- add a ENV:
ADMIN_TOKEN = "paste_in_the_token_from_above"
- deploy the container
- you get to the admin page via https://your-bitwarden-url/admin
- under general setting type in your Bitwarden-url and save it
- now you can make the changes you want, disallow new signups etc.
- tip: if you set up the smtp email settings you can now invite new users via email