BitWarden - self hosted password manager using vaultwarden/server image

Docker BitWarden - self hosted password manager using vaultwarden/server image

Currently reading
Docker BitWarden - self hosted password manager using vaultwarden/server image

I have one question:
what exactly should I do to have my data to be stored in that local "/data" subfolder? I configured it as you described (the only difference, I did not named it /data, instead of this I used /mydata), but In File Station under docker/bitwarden I cannot see any subfolder nor data files...
Thank you.
As @jphermans said. Be sure not to change the /data folder right from the :
Thats the value of the folder inside the container thats actually holding the data. So change only the left side (your host side) location.
 
Hi, thank you. I changed the right thing back to /data. And I see now some data files (db.sqlite3, rsa_key etc.) now there via File Station.
But now I have a problem: when I try to login to my bitwarden, it say Error, username or password is incorrect, Try again.
Do you have some advices how to correct it? (Thankfully at the same time I also had another web browser opened, so I - just in case I would need it - made an export of my Vault...)
 
The reason at this point might be that you have now"lost" the DB due to change that you have done regarding /data. As you said, now you can see the data inside your FS in the path that you have mapped. If you have it all exported, my suggesstion would be to nuke this installation and redo it again considering that authentification with your current account is not working.

One thing you could do is map your BW back to the initial directory to avoid this, but in that case any further updates of this image/container might break it again (considering that the image is using /data as the destination for the DB to begin with).

So recap, export the data, nuke the container and recreate it (with correct mappings) then import your data back in.
 
OK, I'll recreate it again from the scratch.
Btw. as I plan later for my family (wife, son) to use bitwarden as well (all of them are just regular users, not admins, with some more specific permissions allowed), should I create more folder, I mean separate folder for every user and add these folders in container settings under Volume section? Or how it shloud be configured for multi-user behaviour? Are there for bitwarden some specific setting to achieve proper scenario (every user should have access to his vault via bitwarden UI, but should not be able to destroy/delete other users' vault).
 
I mean separate folder for every user and add these folders in container settings under Volume section?
No need for this
Are there for bitwarden some specific setting to achieve proper scenario (every user should have access to his vault via bitwarden UI, but should not be able to destroy/delete other users' vault).
By default, BW is a password "server" platform. Meaning that multiple useres can use the same server while being "sandboxed" by default. So no matter how much permissions you have you will not see other vaults/users on the same server.
Personally my server is being used by multiple users and I have 0 knowladge of their vaults, or any items in them.
So, by default this platform is multy user ready.
 
Thanks a lot Rusty - it's working like a charm: web/mac/iOS, including Letsencrypt Cert…
Before switching over I will test a little more. A few questions that came up in the meantime:
  • How can you trust this image, as it's developed by one single person and not the official version?
    No installation id or key; no audit?
  • How do you know he keeps patching CVEs? (or doesn't even do harm)
  • If your BW is open to the web (for using apps), how do you restrict unauthorized account creations?
  • Is there a server management UI (does it support sending notification mails etc.)?
sorry for bothering - great tutorial !
thanks a lot,
paradeiser
 
Thanks a lot Rusty - it's working like a charm: web/mac/iOS, including Letsencrypt Cert…
Before switching over I will test a little more. A few questions that came up in the meantime:
  • How can you trust this image, as it's developed by one single person and not the official version?
    No installation id or key; no audit?
  • How do you know he keeps patching CVEs? (or doesn't even do harm)
  • If your BW is open to the web (for using apps), how do you restrict unauthorized account creations?
  • Is there a server management UI (does it support sending notification mails etc.)?
sorry for bothering - great tutorial !
thanks a lot,
paradeiser
All valid questions. Considering I use it as a personal platform I choose to trust it. The main thing for me is that its in active development and support. If this is somehting that needs to be pushed as an alternative in a business setup I would ofc recommend using the official version.

In full featured version usually these features are activated using the global.override.env file that can be modified. In that file you can place SMTP settings as well as the option to open or close signups.

If your BW is open to the web (for using apps), how do you restrict unauthorized account creations?
I have signups closed (and open then up just when I want to allow someone to create an account and then close it again) using this enviromental variable: -e SIGNUPS_ALLOWED=false
Be sure to restart BW docker after this. Also this will not remove the "create" button on the main page but when someone tries to create an account this warning will pop up:

201


Is there a server management UI (does it support sending notification mails etc.)?
Email notifications can be configured using these enviroemtal variables:
Code:
-e SMTP_HOST=<smtp.domain.tld> \
-e SMTP_FROM=<[email protected]> \
-e SMTP_PORT=587 \
-e SMTP_SSL=true \
-e SMTP_USERNAME=<username> \
-e SMTP_PASSWORD=<password> \
More info on this - dani-garcia/bitwarden_rs

These smtp settings can also be set using the *.env file in the full bw instalation.

UPDATE: I have added signup variable method to the initial resourse.
 
Email notifications can be configured using these enviroemtal variables:
Code:
-e SMTP_HOST=<smtp.domain.tld> \
-e SMTP_FROM=<[email protected]> \
-e SMTP_PORT=587 \
-e SMTP_SSL=true \
-e SMTP_USERNAME=<username> \
-e SMTP_PASSWORD=<password> \
More info on this - dani-garcia/bitwarden_rs

These smtp settings can also be set using the *.env file in the full bw instalation.

UPDATE: I have added signup variable method to the initial resourse.

dont ask me why, but for me it only worked dropping the lines
SMTP_PORT
SMTP_SSL
when using the default values it didn't work (587 / true)

and you might want to add:
DOMAIN=https://vault.example.com

so your emails also show the correct links and images etc.

PS: You can leave "SIGNUPS_ALLOWED : false" after you created your first account, because invites still work if set to "false"
 
Thank you for detailed guide. My question now is how to back up your vault? Do I need to backup /data folder only to somewhere else?
Well having your /data volume backed up will save your entire setup (all users and all of the vaults), but ofc if you want just your vault you can do it via your UI interface:

202
 
this setup looks very solid to me.
Now I just need a way to manage user accounts - e.g. to lock/delete accounts I want to close on my server.
Is there a way?
 
this setup looks very solid to me.
Now I just need a way to manage user accounts - e.g. to lock/delete accounts I want to close on my server.
Is there a way?
Yes there is.

Have a look here: dani-garcia/bitwarden_rs

After you have set up the variable access it via https://your_bw_url/admin page

Be sure NOT to use this on a none https URL!
 
Another question about shared folder permissions:
I realized my /docker share is readable to any user. Everyone has "read only" rights.
Seems not "optimal" to me to have every user see my bitwarden container db, icon previews and the config.json with plain-text PWs and tokens etc.

And I don't quite understand why: There is no specific setting for the /docker share in any of the control-panels like "Group", "User" or "Shared folder" to make it readable, hence imho there should be defaulted "No access".
Still, when opening settings for a specific user, it states under "Preview" and "Group Permissions": "Read only" - but no check mark.

Confusing… hope you got me.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

So this means that I can copy to its directory from another DiskStation directory and share (using File...
Replies
3
Views
1,449
I'll delete everything I can containers/images/etc, and start fresh over the weekend. While I really like...
Replies
48
Views
6,622
I use it with the Reeder app and wanted to have filtered feeds there. I'll play around with it a bit more.
Replies
61
Views
9,950
I ran across a very complete how-to-install-nextcloud on Docker using the Synology UI (just the UI, not...
Replies
28
Views
8,292
Hello, i just tried to follow these steps above, but all I get is a psql: could not connect to server...
Replies
43
Views
11,344
I discovered if you use fireflyiii/core:latest everything works just fine
Replies
35
Views
16,836

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top