BitWarden - self hosted password manager using vaultwarden/server image

Docker BitWarden - self hosted password manager using vaultwarden/server image

Currently reading
Docker BitWarden - self hosted password manager using vaultwarden/server image

60
18
NAS
DS1618+, DS918+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. Android
I have just done the update to 1.26 (didn't had time over the weekend) with 0 issues.

Looking at the git change log, no breaking changes, but there is one BUG active for users using the outside DB (not your case).

Tested creating, editing and deleting an item with no issues at all.

View attachment 11092

Can you try and make a new contianer and connect it to the existing volume content? Have you tried that?
Didn't try yet, I will try. Can I use the same ports? I suppose yes, but not sure. Also, should I try the Recreate or Duplicate/Edit option (button) from the Portainer? Or delete it completely (both image and container - first backup my settings) and start from the scratch? What would you recommend first?
 

Rusty

Moderator
NAS Support
6,082
1,783
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Can I use the same ports? I suppose yes, but not sure
Ofc, as long as those current one are not in use.

What would you recommend first?
Just nuke the contianer and start fresh. If you have run it via portainer, configure it as a stack (docker-compose), and run it that way.

Then you will be able to reconfigure and recrate as needed.

Example:

YAML:
version: "3.5"
services:
  bw:
    image: vaultwarden/server
    container_name: "bw"
    ports:
      -  "80:80"
      -  "3012:3012"
    volumes:
      -  "/volume2/bitwarden:/data"
    environment:
      - "SMTP_PASSWORD=password" #add SMTP_XXXX variables to allow public user managment (account reset etc)
      - "SMTP_USERNAME=username"
      - "SMTP_SECURITY=starttls"
      - "SMTP_PORT=587"
      - "SMTP_FROM=from_email"
      - "SMTP_HOST=smtp.gmail.com"
      - "DOMAIN=https://yourdomain.com" #add your public domain name
      - "TZ=Europe/Paris"
      - "WEBSOCKET_ENABLED=true" #Enable this if you want to use the LiveSync feature on port 3012
      - "SIGNUPS_ALLOWED=false" #true or false if you want to enable or disable public signups
      - "ADMIN_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" #add custom string for logging into the admin UI
    restart: always
 
60
18
NAS
DS1618+, DS918+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. Android
Ofc, as long as those current one are not in use.


Just nuke the contianer and start fresh. If you have run it via portainer, configure it as a stack (docker-compose), and run it that way.

Then you will be able to reconfigure and recrate as needed.

Example:

YAML:
version: "3.5"
services:
  bw:
    image: vaultwarden/server
    container_name: "bw"
    ports:
      -  "80:80"
      -  "3012:3012"
    volumes:
      -  "/volume2/bitwarden:/data"
    environment:
      - "SMTP_PASSWORD=password" #add SMTP_XXXX variables to allow public user managment (account reset etc)
      - "SMTP_USERNAME=username"
      - "SMTP_SECURITY=starttls"
      - "SMTP_PORT=587"
      - "SMTP_FROM=from_email"
      - "SMTP_HOST=smtp.gmail.com"
      - "DOMAIN=https://yourdomain.com" #add your public domain name
      - "TZ=Europe/Paris"
      - "WEBSOCKET_ENABLED=true" #Enable this if you want to use the LiveSync feature on port 3012
      - "SIGNUPS_ALLOWED=false" #true or false if you want to enable or disable public signups
      - "ADMIN_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" #add custom string for logging into the admin UI
    restart: always
Thanks. As I am not very familiar with the docker-compose mechanism, I just created it via Synology's Docker (downloaded the image again and created a new container). Configured as before, it is running correctly, no data lost. :)

But I would like to know something. Maybe some of those parameters in your docker-compose example (environment section) could be useful for me to add too. Maybe some of them are important, some are non-mandatory. etc. Could you describe it a bit? Especially those SMTP things (what are they used for?), or WEBSOCKET_ENABLED or TZ (Timezone). Also DOMAIN (is it good to have it in the environment? I don't have it there now, but my bw is accessible from outside via custom (sub)domain now. My actual environment looks like this:

1666092197588.png


Btw. there are two lines missing now, if I compare to my previous (broken, now deleted) vaultwarden container. These two are:

1666092290766.png


Not sure, why...
 

Rusty

Moderator
NAS Support
6,082
1,783
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Configured as before, it is running correctly, no data lost.
Glad you got it running again! Looks like something has damaged the container in a way during the update (just guessing here).

In any event, glad you are back on track.

Especially those SMTP things (what are they used for?)
For registration (if allowed), as well as a method of a password reset or lockdown

WEBSOCKET_ENABLED or TZ (Timezone)
Websock is used for the sync mechanisam that works in the background to sync any new item additions with all the clients in any direction (with some limitations that this non-official BW instance has). More details here.

TZ is a timezone, just to keep the contianer in sync regarding time, that might be needed in case a password reset scenario happens.

DOMAIN I had since the start and from what I read back in the day was mandatory in order to run it over https to be compatible with the new version of official public BW clients. Looks like if it works for you without it, I could be wrong, but it runs for me just fine, so not sure what to tell you on that.

Btw. there are two lines missing now, if I compare to my previous (broken, now deleted) vaultwarden containe
With 1.26 version (looking at the change log) there were changes that could have been a result of those changes. I wouldn't worry about that too much.
 

Telos

Subscriber
2,838
897
NAS
DS418play, DS213j, DS3622+, DSM 7.2.4-11091
can anyone here please help me to fix it without loosing my passwords database (there is not only my user account in bitwarden, but also three more user accounts - my family members - and I really would not like to loose everything).
You should make regular backups of your data. Always.
TZ is a timezone, just to keep the contianer in sync regarding time, that might be needed in case a password reset scenario happens.
I believe this also affects TOTP.
 

Rusty

Moderator
NAS Support
6,082
1,783
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Still, snapshots and HB aren't the same as a regular export of your Bitwarden database.
This is true, the backup DB is not also the same as Export vault feature. Those should not be mixed as, export Vault do not include file attachments, password history, items in the trash or Sends. You need to export these manually.

Is there even a need to do this “Backup Database” if you are doing snapshot replication on the data folder? Which is where the database is located I think.
Think this started as a comment on Telos suggestion.

Personally, I have some version of my vault export, but not something I do all the time as I rely on the backup and snaps of the whole instance.
 
648
123
NAS
RS820+, DS718+
Operating system
  1. Windows
Mobile operating system
  1. iOS
So I do regular snapshots of the docker folder that contain the data folder. Additionally I’ll do a manual export of the password vault once in a blue. my curious question here is, does the DB backup in the admin portal duplicate what I’m doing with snapshot replication? If I’m creating a snapshot copy of the folder essentially I’m making a copy of the database, no? Just wondering if I should be doing regular DB backup from the admin portal, but what I’ve seen it just creates a copy of the db into the docker data folder.
 

Rusty

Moderator
NAS Support
6,082
1,783
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
If I’m creating a snapshot copy of the folder essentially I’m making a copy of the database, no?
Correct.

Just wondering if I should be doing regular DB backup from the admin portal, but what I’ve seen it just creates a copy of the db into the docker data folder.
imho, no
 

Telos

Subscriber
2,838
897
NAS
DS418play, DS213j, DS3622+, DSM 7.2.4-11091
This is true, the backup DB is not also the same as Export vault feature. Those should not be mixed as, export Vault do not include file attachments, password history, items in the trash or Sends.
Es verdad. As there are several points of disruption possible when running Vaultwarden, I'd rather not find myself without access to my logins, and secure notes. Making a regular vault backup, affords me the ability to access/use the passwords should Bitwarden be inaccessible.
 
648
123
NAS
RS820+, DS718+
Operating system
  1. Windows
Mobile operating system
  1. iOS
Glad to hear you have backups. Still, snapshots and HB aren't the same as a regular export of your Bitwarden database.

@Telos when you stated “regular export of your Bitwarden database,” do you mean doing a vault export? And if so, which is the preferable format to export (.json or .csv)?
 

Telos

Subscriber
2,838
897
NAS
DS418play, DS213j, DS3622+, DSM 7.2.4-11091
which is the preferable format to export (.json or .csv)?
Yes... I should use the term "vault". I select json, as it is the format KeePass (my "go to" password app, after Bitwarden) defaults to when importing Bitwarden accounts. Is it preferable? For me, yes.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Telos submitted a new resource: Seafile (self-hosted) on Docker - A powerful, open source, cross-platform...
Replies
0
Views
307
I'll delete everything I can containers/images/etc, and start fresh over the weekend. While I really like...
Replies
48
Views
3,944
From looking in a terminal session on the running FreshRSS container... [email protected]:/# more /etc/hosts...
Replies
58
Views
6,260
I ran across a very complete how-to-install-nextcloud on Docker using the Synology UI (just the UI, not...
Replies
28
Views
6,357
Hello, i just tried to follow these steps above, but all I get is a psql: could not connect to server...
Replies
43
Views
8,362
I discovered if you use fireflyiii/core:latest everything works just fine
Replies
35
Views
13,570

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top