BitWarden - self hosted password manager using vaultwarden/server image

Docker BitWarden - self hosted password manager using vaultwarden/server image

Currently reading
Docker BitWarden - self hosted password manager using vaultwarden/server image

5
0
NAS
DS1511+
Router
  1. RT2600ac
  2. MR2200ac
Mobile operating system
  1. iOS
Good point here from @one-eyed-king, I did not notice you tried to pass http resquests to you https port in this declaration.
One more question : are you using the same domain name to access DSM and Bitwarden ?
If so, that may explain why you can't access DSM anymore once you have this custom config file activated.
It will redirect anything that has mydomain.net to what you have set in this file.
I am using the same domain name for DSM, Bitwarden and may other local services. They all just run on different ports
 
Last edited:
Did you check /var/log/nginx/error.log for errors?
It should give you an indication wether something in your configuration prevents nginx to start.

Just out of curriousity, Where did you put your configuration file? /etc/nginx/sites-enabled? /etc/nginx/app.d?
Your snippet is taken from /etc/nginx/app.d/server.ReverseProxy.conf, isn't it? All reverse proxy rules created in the application portal seem to end up there...
 

Rusty

Moderator
NAS Support
3,636
1,049
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
I am using the same domain name for DSM, Bitwarden and may other local services. They all just run on different ports
Ok if you are running this on 4545/https and your BW is running on 4544 then why are you using internal docker container ports and not the local ones?
 
8
3
NAS
DS918+
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. iOS
Hi Rusty, I had managed to setup Bitwarden with your guide as well as the reverse proxy somehow from another guide online.

I have a question or rather a problem.
I could not get the icons to work, either there are Error downloading icon: Empty response or Download failed for http://.
Screen Shot 04-28-20 at 11.39 PM.PNG


I had tried several solutions, increase the worker and the ICON_DOWNLOAD_TIMEOUT.

Is there anything I am missing?


thanks.
 

Rusty

Moderator
NAS Support
3,636
1,049
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Hi Rusty, I had managed to setup Bitwarden with your guide as well as the reverse proxy somehow from another guide online.

I have a question or rather a problem.
I could not get the icons to work, either there are Error downloading icon: Empty response or Download failed for http://.
View attachment 1367

I had tried several solutions, increase the worker and the ICON_DOWNLOAD_TIMEOUT.

Is there anything I am missing?


thanks.
I have to say you got me on this one. Never have I had a problem with BW not beings able to download icons. I’ll have to look into this a bit and get back to you. Nothing on the github for this image?
 

Rusty

Moderator
NAS Support
3,636
1,049
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
@BlueBulb have you tried to setup 2 more additional variables?

-e ICON_CACHE_TTL=0
-e ICON_CACHE_NEGTTL=86400

1st one - will keep the already downloaded icons forever (standard is 30 days) so once it succeeds, it will keep them forever.
2nd one - attempt to download the icons at least once a day (value in seconds)

Also, go to your BW folder into icon_cache folder and delete all the files that have *.miss extension
 
8
3
NAS
DS918+
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. iOS
I had tried the solutions on this thread

there are like 99% of the icons in the icon_cache folder with .miss extension (due to fail to download or no response)

the working ones, are domain.png most of the time it is not loading for me on my phone/browser extensions.

Screen Shot 04-29-20 at 12.10 AM.PNG


Syncing of the vault is perfect.
But once the docker starts to request or pull icons, the docker hangs and I would have to restart it.
Else nothing would work.
 
8
3
NAS
DS918+
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. iOS
@BlueBulb have you tried to setup 2 more additional variables?

-e ICON_CACHE_TTL=0
-e ICON_CACHE_NEGTTL=86400

1st one - will keep the already downloaded icons forever (standard is 30 days) so once it succeeds, it will keep them forever.
2nd one - attempt to download the icons at least once a day (value in seconds)

Also, go to your BW folder into icon_cache folder and delete all the files that have *.miss extension

these are my values in the config file.

"icon_cache_ttl": 15768000,
"icon_cache_negttl": 86400,
"icon_download_timeout": 60,

and these are additional env variables

Screen Shot 04-29-20 at 12.20 AM.PNG
 

Rusty

Moderator
NAS Support
3,636
1,049
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
How is your reverse configured for this container?
 
8
3
NAS
DS918+
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. iOS
Last edited:
How is your reverse configured for this container?

I update the LE cert in control panel > security > cert > follow by keying in the additional subdomain name with port number.

before that I created a reverse proxy in App Portal > reverse proxy and point it to http://nas-ip:bitwardenlocalport(tagged t0 container port 80)

then I did a port forwarding on my router to associate the port to my nas BW port.

I tested on both external and local network it is working.
able to access and sync.


the only thing that is not working is the Icon_cache :(

whenever it starts to pull/get the icons, it would hang the docker.

I would not be able to sync/save anything to the vault.

i had to either wait it out or restart the container.
 

Rusty

Moderator
NAS Support
3,636
1,049
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
If I find something that you haven't tested I'll let you know
 
364
144
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
If you open up the admin page in bitwarden, have the environment variables registered as expected, particularly with respect to the icon_cache folder? And is the icon_cache folder owned by root?
1588095148644.png
 
8
3
NAS
DS918+
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. iOS
Last edited:
If you open up the admin page in bitwarden, have the environment variables registered as expected, particularly with respect to the icon_cache folder? And is the icon_cache folder owned by root?
View attachment 1371

yes they are.

yes.

I do not think I need to set domain URL in the General Settings ya?
Screen Shot 04-29-20 at 02.16 AM.PNG
 
149
39
NAS
DS918+ (8GB RAM, 4x WD RED 4TB SHR) ; EATON Ellipse PRO 1200FR
Operating system
  1. Windows
Mobile operating system
  1. Android
Hi @BlueBulb ,

I had an issue with BW not able to get the icons. Turned out it was related to DNS resolution for all my containers.
There might be something about this in the forum since I found the solution here :) ==> THERE IT IS
Might want to check if your container is able to solve internet names.
 
8
3
NAS
DS918+
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. iOS
Last edited:
Hi @BlueBulb ,

I had an issue with BW not able to get the icons. Turned out it was related to DNS resolution for all my containers.
There might be something about this in the forum since I found the solution here :) ==> THERE IT IS
Might want to check if your container is able to solve internet names.

thank you.
I just read the thread,

I am running pihole on my nas through vm.
I had tried to disable the pihole and see if the fetching of icons work, but nope it is not working still.
I even check the settings, nothing is blocking it.

Docker containers are on bridge network.

yeah the docker is in different network(bridged - 172.17.0.0/16), but i had allowed the docker container ports in my NAS firewall as well prior to the setup of bitwarden.

can I do the nslookup in docker itself?

PS. I am pretty new to docker.

is there anything I am missing?
 
149
39
NAS
DS918+ (8GB RAM, 4x WD RED 4TB SHR) ; EATON Ellipse PRO 1200FR
Operating system
  1. Windows
Mobile operating system
  1. Android
@BlueBulb ,
You can use netshoot like I did to try to know if my container was able to get solve names.
In the thread I pointed before, I did not mention that it was also not able to fetch the icons since it was not able to solve domain names.
Did you configure email notifications ? Do they work ?
I found the hint for a name resolution issue when I tried to install iptools in the bitwarden container and it threw this error : Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease Temporary failure resolving 'deb.debian.org'
So I decided to run netshoot to check for any network issue
This is how I ran my test with ssh access to my NAS (quoted from the netshoot github page) :
  • Container's Network Namespace: If you're having networking issues with your application's container, you can launch netshoot with that container's network namespace like this : $ docker run -it --net container:<container_name> nicolaka/netshoot
Maybe you can give it a try to see if it can narrow the possible issues :)

Suggestion, can we move this to another topic of your own ?
It might be helpfull for anybody having the same issue as you have.
 
8
3
NAS
DS918+
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. iOS
@BlueBulb ,
You can use netshoot like I did to try to know if my container was able to get solve names.
In the thread I pointed before, I did not mention that it was also not able to fetch the icons since it was not able to solve domain names.
Did you configure email notifications ? Do they work ?
I found the hint for a name resolution issue when I tried to install iptools in the bitwarden container and it threw this error : Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease Temporary failure resolving 'deb.debian.org'
So I decided to run netshoot to check for any network issue
This is how I ran my test with ssh access to my NAS (quoted from the netshoot github page) :
  • Container's Network Namespace: If you're having networking issues with your application's container, you can launch netshoot with that container's network namespace like this : $ docker run -it --net container:<container_name> nicolaka/netshoot
Maybe you can give it a try to see if it can narrow the possible issues :)

Suggestion, can we move this to another topic of your own ?
It might be helpfull for anybody having the same issue as you have.

No, I did not setup email notifications.

Basically I did abit of read up on the netshoot.
After cross referencing with your thread as well,

I installed the container, ssh into the NAS.

through docker root, I could not perform nslookup.

root @ /
[1] 🐳 → nslookup smtp.gmail.com
;; connection timed out; no servers could be reached

ip route show and ip neigh show are very barebone minimum as well.

so I decided to follow what @wwwampy suggested and go ahead to add the following in my NAS Firewall rule.

1588145204737.png



I went to the web portal of my BitWarden docker container,
All the ICONS are coming in and loading as intended.

icon_cache are loading the correct png file as well.

Thank you everyone.
 
3
0
NAS
DS216+II
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. iOS
So thanks very much for the installation guide. I've got BitWarden running, using a reverse proxy and everything seems to be working fine. What I can't get working is the Websocket LiveSync.

If my reverse proxy is - Source: HTTPS, my.domain.me, port:5001 - Destination: HTTP, localhost, port: 5151

What should listen port, and the three proxy_pass lines read in your custom_rp.conf file?
 

Rusty

Moderator
NAS Support
3,636
1,049
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
So thanks very much for the installation guide. I've got BitWarden running, using a reverse proxy and everything seems to be working fine. What I can't get working is the Websocket LiveSync.

If my reverse proxy is - Source: HTTPS, my.domain.me, port:5001 - Destination: HTTP, localhost, port: 5151

What should listen port, and the three proxy_pass lines read in your custom_rp.conf file?
Are you using rp for bw as a custom conf file or what?
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top