BitWarden - self hosted password manager using bitwardenrs/server image

Docker BitWarden - self hosted password manager using bitwardenrs/server image

Currently reading
Docker BitWarden - self hosted password manager using bitwardenrs/server image

Rusty

Moderator
NAS Support
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
RT1900ac, RT2600ac, MR2200ac
Rusty submitted a new resource:

BitWarden - self hosted password manager using mprasil/bitwarden image - Quick tutorial on how to run this in docker

Considering that there are several people interested in this solution, maybe a quick tutorial on how to run this in docker will help.

Let's start.

1st thing - install Docker via Package center or if your NAS doesnt support it, install it manually by downloading the package from Syno site. After that you can use the Manual install button in Pacakge Center to install Docker. Keep in mind that this is not 100% supported and some features of docker will still not function. If your nas is from...
Read more about this resource...
 

Telos

Mega Poster
NAS
DS418play, DS213j, DSM 7.0.1-14401
Why not leave port 3012 mapped to "auto"? Do we interact with that port in anyway? Is it related to BW's email invitations?
 

Rusty

Moderator
NAS Support
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
RT1900ac, RT2600ac, MR2200ac
Why not leave port 3012 mapped to "auto"?
Sure you can leave it on auto. Personally, I don't like to do that and have all those dynamic ports set as static. When you have several containers running sure but when you have 30,40+ it gets hectic. This port is for WebSockets notifications, yes.
 

wwwampy

Mega Poster
NAS
DS418play
Router
RT2600ac
Operating system
macOS, Windows
Mobile operating system
iOS
Now that you have your new BW selfhosted instance running, enjoy it and prepare to make it accessible via the internet using a valid SSL certificate, a custom domain name and revers proxy. More on that in the upcoming tutorial.
Hope all that can be done via Let's encrypt on my NAS for certificate and synology domain that I use for my DDNS ;)
 

wwwampy

Mega Poster
NAS
DS418play
Router
RT2600ac
Operating system
macOS, Windows
Mobile operating system
iOS
33MB RAM usage. Is that ok? I limit it to 50 MB according to the tutorial.
 

Rusty

Moderator
NAS Support
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
RT1900ac, RT2600ac, MR2200ac
Hope all that can be done via Let's encrypt on my NAS for certificate and synology domain that I use for my DDNS
Well, ofc it can. If you already have a LE cert and ddns domain on your NAS active, then just use the Control Panel > Application Portal > Revers proxy to configure record that will point a custom name to your docker BW installation.

Do you have a preferred url in mind?
 

Rusty

Moderator
NAS Support
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
RT1900ac, RT2600ac, MR2200ac

wwwampy

Mega Poster
NAS
DS418play
Router
RT2600ac
Operating system
macOS, Windows
Mobile operating system
iOS
Do you have a preferred url in mind?
I already have Synology DDNS URL. Do I have to create a new one for Bitwarden?


You've lost me here:

37



:coffee:
 

Rusty

Moderator
NAS Support
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
RT1900ac, RT2600ac, MR2200ac
I already have Synology DDNS URL. Do I have to create a new one for Bitwarden?


You've lost me here:

View attachment 37


:coffee:
So, Source needs to be your end result url and port, and a destination is your local docker container destination.

In your case, the source will be https, url, and port (guessing 443 if you don't wanna use a custom number in the url). On the destination side it will be http, ip address of your nas and port that bw is using (the port that you have used against bw port 80).

For example, it should look like this:

38
 

wwwampy

Mega Poster
NAS
DS418play
Router
RT2600ac
Operating system
macOS, Windows
Mobile operating system
iOS
Hm, set it up, but can't connect to my https://[name].synology.me:[myportnumber].

Should I open that port on my router?

Or should I create new synology.me name for Bitwarden?
 

Rusty

Moderator
NAS Support
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
RT1900ac, RT2600ac, MR2200ac
1st off if your are using any port (even 443) you will have to sort port forwarding, ofc. 2nd if your certificate doesn't cover any other subdomain names, then yes you will have to have a different cert.

One option would be a wild card certificate the other would be a regular cert that has multiple SAN (subject alternate names) values in it.
 

wwwampy

Mega Poster
NAS
DS418play
Router
RT2600ac
Operating system
macOS, Windows
Mobile operating system
iOS
1st off if your are using any port (even 443) you will have to sort port forwarding
So I'll need to add [myportnumber] to my router port forwarding?


2nd if your certificate doesn't cover any other subdomain names, then yes you will have to have a different cert.
It covers that [name].synology.me I already have, so I guess that's ok.
 

Rusty

Moderator
NAS Support
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
RT1900ac, RT2600ac, MR2200ac
So I'll need to add [myportnumber] to my router port forwarding?
Yes, the port number you wanna use when accessing needs to be passed to your NAS
 

wwwampy

Mega Poster
NAS
DS418play
Router
RT2600ac
Operating system
macOS, Windows
Mobile operating system
iOS
Ok, I set ports that I choose for BW in Docker in DSM > Router configuration and on my router (for IP I set my NAS IP).

Nothing happens. Not sure if I'm doing this right...
 

Rusty

Moderator
NAS Support
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
RT1900ac, RT2600ac, MR2200ac
The port that you will use when accessing BW from the internet needs to be forwarded to your NAS IP. On top of this, you need to configure reverse record that will use that forwarded port (added in source section) to your docker container port for bw web ui (in the destination section).
 

wwwampy

Mega Poster
NAS
DS418play
Router
RT2600ac
Operating system
macOS, Windows
Mobile operating system
iOS
The port that you will use when accessing BW from the internet needs to be forwarded to your NAS IP.
I add this to my router port forwarding:
41



On top of this, you need to configure reverse record that will use that forwarded port (added in source section) to your docker container port for bw web ui (in the destination section).
Lost me again... Sorry, I'm still new to all this networking stuff. :(
 

Rusty

Moderator
NAS Support
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
RT1900ac, RT2600ac, MR2200ac
Ok forward is fine.

Now use that same port 10xx as a port in Revers proxy source port and use the BW container port in the destination one.
 

wwwampy

Mega Poster
NAS
DS418play
Router
RT2600ac
Operating system
macOS, Windows
Mobile operating system
iOS
Hm, I already have this in reverse proxy rules:

42



It will not allow me to set another rule with my 10xx port.
 

wwwampy

Mega Poster
NAS
DS418play
Router
RT2600ac
Operating system
macOS, Windows
Mobile operating system
iOS
Actually, to be exact, it loads on http, but it does not work on https for that domain.
 

Rusty

Moderator
NAS Support
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
RT1900ac, RT2600ac, MR2200ac
wait a min... you port forward 443 then not your 10xx port. If 10xx is your docker container port thats not the port you want to be open towards the internet. Just the port you want to use as your final Internet port.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Top