Welcome Guest ( Log In | Register )

Outline · [ Standard ] · Linear+

Guide Self-hosting Bitwarden password manager, By using Vaultwarden on Docker

views
     
TSxxboxx
post Jul 11 2021, 06:32 PM, updated 2y ago

The mind is for having ideas, not holding them
*******
Senior Member
5,093 posts

Joined: Oct 2004
From: J@Y B33


I have been migrating from online service to self hosting service on whichever stuff that was possible and recently another thing that I was looking to migrate is password manager. Been using Chrome password manager for so long, while I only use it for auto-filling non crucial sites, I still feel uneasy that all my credentials are somewhere in the cloud that was just waiting to be leaked. But on the other hand, having auto-fill by Google no matter on desktop or phone makes my life so easy.

So I was looking for something that can do the same thing but hosted locally, and I found out about self hosting Bitwarden by using Vaultwarden. It ticks almost all the boxes for my requirement. Bitwarden actual service is by using its cloud storage and the basic account is totally free. Premium account is USD$10 per-year. I would recommend using their service if you are not doing self-hosting. The credentials stored in their cloud are encrypted, even Bitwarden themselves can’t decrypt because they don’t know your master password. This also means if you forgot your password, there’s no way to retrieve the data anymore, so make sure to find ways so that you will never lose the master password.

While I was setting it up and scouring the web for info on how to do it properly, I found that everyone saying it needs HTTPS to work. If you’re doing local network hosting that is not reachable by internet, you know how shitty HTTPS is when it’s about certificates. With self hosted Bitwarden, you need to use a DNS server that can divert domain to local IP address, such as pihole. You also need to set a reverse proxy on the self-hosted machine. Then only the Bitwarden HTTPS page is accessible. If you want to remove the “Your connection is not private” page and “Not secure” on the address bar, you also need a valid CA signed certificate.

The HTTPS page is called Web Vault by Bitwarden, in there you can do management stuff such as changing email or master password and sharing credentials with other users through Collection. To import data from another password manager also needs to be done from Web Vault. Enabling 2FA and using TOTP also can only be done there.

When I tried using Bitwarden I found that it still can be used even without accessing the HTTPS page. You will not be able to do what I mentioned in the previous paragraph but the main function of password manager is workable.

user posted image
I’m doing self-hosting using Docker on my Synology NAS. Docker is great for running services that are isolated from the main system. Almost all systems have Docker. First thing is installing Docker from the Package Center or something equivalent in your system.

user posted image
Once Docker is installed, run the program and you’ll be greeted with this window. If you not familiar with Docker it’s advisable to read the Help page first.

user posted image
We are going to use Vaultwarden for self-hosting. Previously it was known as Bitwarden_RS.

user posted image
First thing, we need to get Vaultwarden image.
1. Click on Registry
2. Type vaultwarden on the search box
3. Find and click to highlight “vaultwarden/server”
4. Click on download
5. Make sure it is chosen on latest and click Select

user posted image
While waiting for the image to complete download, next thing we need to do is make a folder where all the configs file and database will be stored. When you install Docker, it will create a shared folder for it. In it create a folder named “bitwarden”, make sure not to use capital letters.

user posted image
Going back to Docker after finish downloading
1. Click on Image to open the download page. You know it’s finished downloading if the icon is not animated anymore and fully blue.
2. Click to highlight the image
3. Click on Launch to create container for Vaultwarden

user posted image
It will open General Settings to configure the container.
1. Click to enable resource limitation and put CPU priority to low
2. Set the memory limit to 50MB. These 2 steps is useful so that it won’t use much resource on your machine.
3. Click on Advanced Settings to configure some more things

user posted image
In here we need to configure some things on 3 tabs
1. Enable auto-restart so that if your system restart it will run back the container
2. Click on Volume to go next tab
3. Click on “Add Folder” to select folder
4. Find and highlight the bitwarden folder we created earlier and click on Select
5. Click on the Mount path box and type “/data”. This way the configs and database will be saved locally, otherwise all data will gone when the container restart
6. Click on “Port Settings” tab, here we can specify the HTTPS and HTTP port at “Local Port” if needed. Local Port with Container Port 3012 is for HTTPS while the other one is for HTTP. You can just leave it as default and the system will auto configure. Don’t change the “Container Port” number.
Click Apply to close Advanced Setting, click Next to complete General Settings, and before clicking Done to close Summary, make sure “Run this container after the wizard is finished” is marked.

user posted image
Now we go back to Docker main page
1. Click on Container to open it’s page
2. Highlight vaultwarden container. Make sure it is running, if not you can run it here
3. Click on details to open the details for vaultwarden container
4. If you didn’t specify the “Local Port” number, you can check here for the HTTPS and HTTP port. We will need these number for later settings

We finish setting up the container.

user posted image
Open new tab in your browser and put http/https and followed by the host machine IP and it's “PORT_IP”
Example is https://10.0.0.1:49153 for HTTPS.
We see that here the page won’t load if use HTTPS. If use HTTP it can load but, when trying to create account it will ask to use HTTPS. We’re stuck here with no way to use both method.

This post has been edited by xxboxx: Jul 17 2021, 07:20 PM
TSxxboxx
post Jul 11 2021, 06:33 PM

The mind is for having ideas, not holding them
*******
Senior Member
5,093 posts

Joined: Oct 2004
From: J@Y B33


user posted image
This is optional, only needed if you want to access Web Vault by HTTPS. If on Synology it is at Control panel > Login Portal > Advanced.
You can have any name for the source Hostname, but make sure not to use the real website name that you visit as it will only direct to your host machine. Don’t use port numbers that are in use by other services on Synology, otherwise it will say the hostname is unavailable.

user posted image
Coming back to the guide, we are now going to use other method to create an account and use the password manager. Bitwarden have desktop app, web browser extension and mobile app. All workable for HTTP. Or command-line if you’re LEET.

user posted image
I’ll be using the Chrome extension. It has the same interface as the phone app. If you are going to key in many credentials into Bitwarden at one time, I suggest using the desktop app as it has 3 panels which makes it easier to organize things.

user posted image
With the extension loaded, now it’s time to make an account and key in credential.
1. Click on it’s icon to show Bitwarden window
2. Click on the cog icon to edit the Web Vault address
3. Enter the HTTP address and port number
4. Click on Save
5. Make sure the checkmark show it have save it

Double check by pressing the cog button again to make sure the address is saved correctly. In my case, after I enter “http://ip_address:49154”, I check back and it saved as “https://http://ip_address:49154”
IMPORTANT! Make sure to change the address before you start creating an account. Otherwise you’ll be creating an account on Bitwarden cloud server instead of your local host.

user posted image
After done all the steps previously, we’ll be creating new account now.
1. Click on Create Account
2. Put in email address and master password
3. Tick ToS
4. Click Submit
5. We now can login using the account that just now was created. In my case I get error when trying to login immediately after created the account, need to wait 5 or 10 seconds then only login. Maybe the container haven’t finish creating the database.

IMPORTANT! You will not be able to recover your data if you forgot the login id or password. Even if you use Bitwarden cloud Web Vault is also the same. There are no recovery tools, so make sure never to lose your id and password.

user posted image
After logged in, quick rundown on the bottom tabs:
Tab is to display the available logins to auto-fill on the current browser page. You need to add the URL when save the login credential.
My Vault is where all the credentials are shown. You also can arrange it into multiple folders.
Send is for sending the credential to others. You can’t see the file if not configured to use HTTPS.
Generator is for creating password or passphrase. For password, can set length, type of character and minimum number and special character. For passphrase, can set the number of words, separator character and whether to capitalize and include number

user posted image
To save new credential, click on My Vault and click the + sign on top-right corner to create new credential. You can give a name for the credential. URI is for adding the URL for site or app name where the credential will be used, this way Bitwarden will auto suggest the correct credential when you visit the site or open the app. For Android app, you need to put it’s URI as such: “androidapp://APP_PACKAGE_NAME”

user posted image
This is an example when I visited Lowyat. It will auto suggest login on Tab page with the matched URI that I save.

user posted image
In Settings there are many things for customization. Most important here is Sync. You need to Sync with vault when you add new or edit credentials. Or you have update on phone or desktop app but here is not yet updated.
You can choose how long for timeout (need to key in master password again) and whether to unlock with PIN or biometrics.
In Option there are few more choices that you can make such as Clear Clipboard after x time and change theme.

That wrap up this guide. You can use browser extension or desktop app or mobile app to access self-hosted Bitwarden by using HTTP connection. You will lose some functions due to unable to access Web Vault but other than that everything else work.

This post has been edited by xxboxx: Jul 17 2021, 07:21 PM
mintgadget
post Jul 17 2021, 02:34 PM

Casual
***
Junior Member
317 posts

Joined: Jun 2008
been using this for the longest time before had to upgrade to vaultwarden recently. this is a great password manager. With so many certificates for all the apps we piling up keeping track of them in Synology is a nightmare. I have move to caddy, lightweight too but probably easier to implement on a LXC or VM. It is also automatic HTTPS and so much easier and very convenient.
TSxxboxx
post Jul 17 2021, 08:03 PM

The mind is for having ideas, not holding them
*******
Senior Member
5,093 posts

Joined: Oct 2004
From: J@Y B33


QUOTE(mintgadget @ Jul 17 2021, 02:34 PM)
been using this for the longest time before had to upgrade to vaultwarden recently. this is a great password manager. With so many certificates for all the apps we piling up keeping track of them in Synology is a nightmare. I have move to caddy, lightweight too but probably easier to implement on a LXC or VM. It is also automatic HTTPS and so much easier and very convenient.
*
I start using Collection to share and remove credentials on device with account that I not always lock. Feels like using user and admin account on Synology.
Caddy looks like got for Docker too.
SUSDennisMay
post Apr 19 2022, 07:59 AM

Getting Started
**
Junior Member
82 posts

Joined: Sep 2020
I also used Vaultwarden at the beginning for work, I didn’t suit a lot of things about hosting, but I liked it. When I started making websites for small businesses, I decided to try another hosting for work. I tried WooCommerce Hosting which is so easy and convenient that even beginners can start working with it. I’m still happy with it, and I suggest you try it too.

This post has been edited by DennisMay: Apr 26 2022, 03:02 AM
Xitox
post Apr 19 2022, 01:30 PM

Getting Started
**
Junior Member
150 posts

Joined: Mar 2013
Cool guide! May I know besides Bitwarded, what else you self hosting?
TSxxboxx
post Apr 19 2022, 03:19 PM

The mind is for having ideas, not holding them
*******
Senior Member
5,093 posts

Joined: Oct 2004
From: J@Y B33


QUOTE(DennisMay @ Apr 19 2022, 07:59 AM)
I want to move to self hosting service as well
this month is the last I use the old hosting service, I guess
*
No need worry about breach and your data leaked to hackers and dark web.

QUOTE(Xitox @ Apr 19 2022, 01:30 PM)
Cool guide! May I know besides Bitwarded, what else you self hosting?
*
Beside this I also use Pihole for DNS server using Docker. As I'm using Synology NAS, everything running on the NAS is self-hosted. They got great software for many other things. Drive for storing files, Photos for pictures. Drive also can access and manage files in Photos, I feel this is an advantage compare to Google offering. Plus not limited to 15GB unless paying makes Photos much more useful. Drive also integrate with 3 productivity software, Document equivalent to Words, Spreadsheet equivalent to Excel, Slides equivalent to Powerpoint. But it only can edit on web browser, there's no mobile app.

I also use Note Station for fast note taking like Google Keep, organizing and linking notes like OneNote, Tasks list like Google Tasks. Calendar also self hosted but Synology doesn't have mobile app, have to use DAVx5 which will sync to my phone then I can access on my mobile phone Calendar app. Audio Station for streaming music from NAS. I also planning to move my contact to self hosted in future.

I also thinking about finding an app that can be used like a notice board. Can easily add or remove text or picture on it and also have mobile app. I feel it is useful for collaborative use, maybe when need buy something can put in the board and others can see it, someone might go buy and update again when it is completed.

Almost any web based or mobile service you using, there's Docker app for it.

 

Change to:
| Lo-Fi Version
0.0145sec    0.11    5 queries    GZIP Disabled
Time is now: 29th March 2024 - 08:05 AM