Solved Bitwarden - Enabling HTTPS - NIGHTMARE!

Currently reading
Solved Bitwarden - Enabling HTTPS - NIGHTMARE!

76
19
NAS
DS916+
Operating system
  1. Windows
Mobile operating system
  1. Android
Hello all,

I really need your help as I feel like I’m banging my head against a brick wall. I’ve been on this task all weekend however I'm no further along. I have read countless topics on this issue but can not find the cause of my problems. I've posted on the Bitwarden_rs forums however I've had no reply and so I thought this forum may be able to help me out as my issue(s) would appear to be non-Bitwarden specific.

I have Bitwarden running in a Docker (which I downloaded, not self composed) and it has been working great, both locally and remotely. I wanted to setup 2FA and so tried to login to the vault however I get the message that; “This browser requires HTTPS to use the web vault, Check the bitwarden_rs wiki for details on how to enable it.” And so I set about reading up on everything I could find, however as I am new to all of this it is extremely difficult to make progress.

Here are some of the things I have tried;

I have added the ROCKET_TLS variable as;
{certs="/usr/syno/etc/certificate/ReverseProxy/eca2c826-6adc-4a70-897c-f3bd97110b47/fullchain.pem" , key="/usr/syno/etc/certificate/ReverseProxy/eca2c826-6adc-4a70-897c-f3bd97110b47/privkey.pem"}
However I receive an I/O error when starting Bitwarden (this is most likely because the certificate folder is not mounted).
20200615_105141.jpg


I tried the following SSH command (as someone suggested on another forum) however it returned an error that it can’t connect;
curl -kv https://192.168.1.67:1025

I have tried to follow the following link as much as possible, however when trying to map port 80 to 443 (instead of 1025) I get a conflict error;
dani-garcia/bitwarden_rs
20200615_105014.jpg


Lastly, the above link (Enabling-HTTPS) mentions that I need to mount the folder that the certificates are held in. I've spent the last few hours trying to mount the above certificate folder with a shared folder I set to NFS within Synology DSM. After several hours however I have found out that Synology uses a limited version of Linux, which is missing a number of binaries and may be preventing me from mounting the folder. For instance, one page (DiskStation Manager - Knowledge Base | Synology Inc.) states to run the commands;
apt update
apt install nfs-common
However I receive the following errors;
20200615_164357.jpg


I receive the following error when I try and mount the certificate folder to my NFS shared folder that I setup in DSM;
20200615_164911.jpg


And lastly, I have updated the /etc/exports file to allow the appropriate access rights, however that made no difference.

I have really exhausted my knowledgebase and so any assistance would be greatly appreciated.
 
ROCKET_TLS and NFS solutions: both not required. In you case I wouldn't recommend either of those approaches.

This guide is everything you need to get things up and running. Whatever you coose as the "Local Port" for your Bitwarden container needs to be set as "Destination Port" in the reverse proxy configuration.
 
76
19
NAS
DS916+
Operating system
  1. Windows
Mobile operating system
  1. Android
ROCKET_TLS and NFS solutions: both not required. In you case I wouldn't recommend either of those approaches.

This guide is everything you need to get things up and running. Whatever you coose as the "Local Port" for your Bitwarden container needs to be set as "Destination Port" in the reverse proxy configuration.

Hello,

Thank you so much for taking the time to reply. I will follow this first thing in the morning. I've just poured myself a whisky and I'm going to get blind drunk and try and forget about all things Linux. Hahaha

In all seriousness though, thank you.
 

Shadow

Subscriber
539
175
NAS
DS216+II, DS118, DS718+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. Android
I've also got bitwarden running fine on HTTPS using reverse proxy.
 
76
19
NAS
DS916+
Operating system
  1. Windows
Mobile operating system
  1. Android
ROCKET_TLS and NFS solutions: both not required. In you case I wouldn't recommend either of those approaches.

This guide is everything you need to get things up and running. Whatever you coose as the "Local Port" for your Bitwarden container needs to be set as "Destination Port" in the reverse proxy configuration.

Hello,

Apologies for the late reply, I'm currently in work.

I've looked through the support in that link you provided, unfortunately however my setup follows everything it mentions. Specifically;
  • a registered domain name
  • a valid certificate for that domain name
  • 443 port (or the port of your choice) forwarded on your router towards your NAS local IP address
If it helps in anyway, I went to ssllabs.com and ran a test for my bitwarden url and it passed with flying collours;
20200616_160851.jpg


Shadow - Once I get home from work, if I post several screenshots of my bitwarden setup, would you mind comparing them to yours?
 

Rusty

Moderator
NAS Support
2,495
752
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
You just try and configure it running it via reverse proxy and see where that will get you. Post back then and we will work it out.
 
76
19
NAS
DS916+
Operating system
  1. Windows
Mobile operating system
  1. Android
This one is actually crutial! You did that, didn't you?

Hello,

I tried to set the local port to the same as the container however port 80 is already in use. I was of the belief that the container port can not be changed, have I got this wrong?

Here are my container port settings for bitwarden and my reverse proxy settings;
20200617_090257.jpg

20200617_090344.jpg
 

Rusty

Moderator
NAS Support
2,495
752
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
RP settings look ok. You change the local port values, not the container port ones. So this looks solid. Is BW working for you with this setup atm or are you getting any errors?
 
76
19
NAS
DS916+
Operating system
  1. Windows
Mobile operating system
  1. Android
RP settings look ok. You change the local port values, not the container port ones. So this looks solid. Is BW working for you with this setup atm or are you getting any errors?

Hello,

It's working great to be honest. I can access it via the Bitwarden app on my phone both locally and remotely, however when I try and login to the Vault locally, I get this error;
20200617_091431.jpg
 
137
19
NAS
DS918+
Operating system
  1. macOS
Mobile operating system
  1. iOS
Now you've got it going @Mike12421 tell me the why. Obviously you're storing all your passwords on your NAS. I'm trusting mine with a bunch of Canadians. I'm also paying them to share passwords amongst our 'family'. But it seems if I want to do the same with Bitwarden I have to pay them too.

I've used 1Password for years and it works for me. Is Bitwarden as nice? Can I login to websites with my thumbprint on my iPhone? I think if it does everything 1Password does I might learn from your installation nightmare and give it a shot!
 

Rusty

Moderator
NAS Support
2,495
752
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Can I login to websites with my thumbprint on my iPhone?
You can, yes.

I got several articles on BW setup, you can have a look and see that it is a matter of minutes to get it running when you have all the prerequisites.

 
76
19
NAS
DS916+
Operating system
  1. Windows
Mobile operating system
  1. Android
Now you've got it going @Mike12421 tell me the why. Obviously you're storing all your passwords on your NAS. I'm trusting mine with a bunch of Canadians. I'm also paying them to share passwords amongst our 'family'. But it seems if I want to do the same with Bitwarden I have to pay them too.

I've used 1Password for years and it works for me. Is Bitwarden as nice? Can I login to websites with my thumbprint on my iPhone? I think if it does everything 1Password does I might learn from your installation nightmare and give it a shot!

Hello,

I would certainly recommend the guides Rusty has referenced, they are extremely helpful.

Bitwarden is very streamlined and does everything I ask of it. I have several users registered to use my hosted instance and it runs flawlessly and best of all its free.

I've never used 1Password myself but I have used several other branded managers and I have to admit, I'll be sticking with Bitwarden.

As Rusty mentioned, if you have all the prerequisites in place, it is very straight forward to setup. Please don't let my difficulties put you off, I should have asked for help sooner. As always this forum has been extremely helpful.

Give it a try.
 
137
19
NAS
DS918+
Operating system
  1. macOS
Mobile operating system
  1. iOS
I have several users registered to use my hosted instance and it runs flawlessly and best of all its free.
Does everyone have their own independent vault then? I've only briefly scanned the BW website but it seems even if I self-host I need to pay to share passwords among a group - just like 1Password really.
As always this forum has been extremely helpful.
Oh yes, it is. I know and people really have been helpful and friendly to me while I had a Nextcloud nightmare.
 

Rusty

Moderator
NAS Support
2,495
752
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS

Rusty

Moderator
NAS Support
2,495
752
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
You can create an organization vault, and any user account that was invited to the organization will see the shared items inside it.

Screenshot 2020-06-17 at 15.15.53.png


As you can see I have access to the Organization section inside my on-premise installation.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Similar threads

Similar threads

Trending threads

Top