Solved Me again......This time its BitWarden

Currently reading
Solved Me again......This time its BitWarden

76
19
NAS
DS916+
Operating system
  1. Windows
Mobile operating system
  1. Android
Last edited:
Hello all,

I'm still plodding away with all this reverse proxy and Docker containers, and Im sure I'll reach the end......if there is an end. 😂

Anyways, I followed the excellent tutorial by Rusty (Docker - BitWarden - self hosted password manager using bitwardenrs/server image) and have Bitwarden Docker running. I have a few problem(s) though.

1) When I try and connect to Bitwarden and I enter my username and password (which I created on the Bitwarden website, it says that "This browser requires HTTPS to use the Web vault". I have attempted to follow several sites, namely (dani-garcia/bitwarden_rs) however it is beyond my expertise. Further to this however, I have read that you need to enter the admin page and "invite yourself" so that you can create an account.

2) I have added the "ADMIN_TOKEN" to the environment variables, however when I attempt to access the admin page I get a message stating; "The admin panel is disabled, please configure the" ADMIN_TOKEN" variable to enable it.

3) Lastly, I have been to the Bitwarden website to obtain an installation key & ID (Hosting Installation Id and Key) however I am yet to be asked to enter them anywhere during my installation.

I feel as though I'm missing something very simple and once figured out, all the above will fall into place quite quickly.

If anyone can help, I would greatly appreciate it.


***UPDATE***
I've tried numerous variations of the instructions on; dani-garcia/bitwarden_rs but I'm just not getting anywhere. I've attached a screenshot of my "putty endeavours".
 

Attachments

  • 20200509_130501.jpg
    20200509_130501.jpg
    33.5 KB · Views: 78
  • 20200509_130510.jpg
    20200509_130510.jpg
    27.9 KB · Views: 73
  • 20200509_130517.jpg
    20200509_130517.jpg
    12.3 KB · Views: 74
  • Screenshot_20200509-140445_Gallery.jpg
    Screenshot_20200509-140445_Gallery.jpg
    89.8 KB · Views: 69
112
32
NAS
DS918+ (8GB RAM, 4x WD RED 4TB SHR) ; EATON Ellipse PRO 1200FR
Operating system
  1. Windows
Mobile operating system
  1. Android
Last edited:
Hello @Mike12421 ,
Based on your screenshots and your message, it seems like you did not really follow the instructions.
You were not supposed to create anything on the official BitWarden site neither from Rusty's tutorial nor from github instructions.
Also, your mount parameter seems to be backwards and /bw-data does not exist in the container ; your bind mount should look like this : -v /volume1/docker/bitwarden/data/:/data/ (provided that /volume1/docker/bitwarden/data/ exists)
I suggest you start over from scratch but before doing anything, read the entire process and make sure that you understand all the process before jumping to it. If there's something you don't understand or really don't know why it has to be done, ask in the forums for explanation and once most of the process is clear for you then go for it.
 

Rusty

Moderator
NAS Support
2,486
746
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
1) When I try and connect to Bitwarden and I enter my username and password (which I created on the Bitwarden website, it says that "This browser requires HTTPS to use the Web vault"
Correct. BW is looking for https to access it, so you will have to configure your reverse proxy to point 443 traffic to 1024 port for BW

2) I have added the "ADMIN_TOKEN" to the environment variables, however when I attempt to access the admin page I get a message stating; "The admin panel is disabled, please configure the" ADMIN_TOKEN" variable to enable it.
You need to add "ADMIN_TOKEN" variable to your container with a long random string that you will use as a login password to the admin page.

3) Lastly, I have been to the Bitwarden website to obtain an installation key & ID (Hosting Installation Id and Key) however I am yet to be asked to enter them anywhere during my installation.
These are not needed in this version of BW instance.
 
112
32
NAS
DS918+ (8GB RAM, 4x WD RED 4TB SHR) ; EATON Ellipse PRO 1200FR
Operating system
  1. Windows
Mobile operating system
  1. Android
One more thing, if you're not familiar with SSH and Command Line Interface, you may want to follow the guide made by @Rusty which uses Synology DSM User Interface.
 
76
19
NAS
DS916+
Operating system
  1. Windows
Mobile operating system
  1. Android
Thank you both for your replies and help, this forum is certainly very welcoming.

You're right, I did jump in and thought I could force my way through any points I didn't quite grasp. I've taken your advice and started over.

I now have a fresh Bitwarden Docker image running and I can now access the admin page. My only problem now is enabling HTTPS.

Having read dani-garcia/bitwarden_rs I set about searching for my certificates that Letsencrypt generated (one each for xxxxx.synology.me & bitwarden.xxxxxxx.synology.me) so that I could update the ROCKET_TLS variable with the bitwarden certificate locations. Unfortunately however I can not find either "cert" or "key" upon searching as root user via SSH?

I have attached screenshots of my reverse proxy page, SSH search attempt, Letsencrypt certificate page & the reverse proxy page for bitwarden. (Rusty - I changed the port to 1024 as you suggested).

Lastly, everything created on the Bitwarden website has been deleted.

Thanks again.
 

Attachments

  • 20200509_162525.jpg
    20200509_162525.jpg
    54.5 KB · Views: 52
  • 20200509_162302.jpg
    20200509_162302.jpg
    46.2 KB · Views: 52
  • 20200509_162324.jpg
    20200509_162324.jpg
    45.4 KB · Views: 50
  • 20200509_162418.jpg
    20200509_162418.jpg
    42.5 KB · Views: 44
  • 20200509_164320.jpg
    20200509_164320.jpg
    272.5 KB · Views: 44

Rusty

Moderator
NAS Support
2,486
746
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
My only problem now is enabling HTTPS.
Whats the exact problem with https? What kind of error do you get? Can you access any other https site thats going via reverse proxy without any problem? Is BW the only one thats causing you problems?
 
76
19
NAS
DS916+
Operating system
  1. Windows
Mobile operating system
  1. Android
On my lan, when I try and login to Bitwarden it says; "This browser requires HTTPS to use the Web vault".

When attempting remotely, now that I have changed the port on the reverse proxy to 1024 from 1025 I am unable to even get to the bitwarden login page and says; "Synology - Sorry, the page that you are looking for can not be found."
 

Attachments

  • 20200509_165110.jpg
    20200509_165110.jpg
    30.7 KB · Views: 27
  • 20200509_165456.jpg
    20200509_165456.jpg
    34.8 KB · Views: 30
112
32
NAS
DS918+ (8GB RAM, 4x WD RED 4TB SHR) ; EATON Ellipse PRO 1200FR
Operating system
  1. Windows
Mobile operating system
  1. Android
To find the certificate, you can check directly on your syno box in SSH. The certs are stored there /usr/syno/etc/certificate/
Since I use only one cert mine is in /usr/syno/etc/certificate/default/ but if you have more than one, I'm not sure how it shows here.
There should also be /usr/syno/etc/certificate/_archive/ where you may see other directories with random 6 characters names and i you want to identify which one is the right one you can check the content of the INFO file in /usr/syno/etc/certificate/_archive/ (cat INFO and the description field here should allow you to know which cert is related to your bitwarden (since you have put a description to it in the UI)
 
76
19
NAS
DS916+
Operating system
  1. Windows
Mobile operating system
  1. Android
To find the certificate, you can check directly on your syno box in SSH. The certs are stored there /usr/syno/etc/certificate/
Since I use only one cert mine is in /usr/syno/etc/certificate/default/ but if you have more than one, I'm not sure how it shows here.
There should also be /usr/syno/etc/certificate/_archive/ where you may see other directories with random 6 characters names and i you want to identify which one is the right one you can check the content of the INFO file in /usr/syno/etc/certificate/_archive/ (cat INFO and the description field here should allow you to know which cert is related to your bitwarden (since you have put a description to it in the UI)

Excellent, much appreciated thanks!
 

Rusty

Moderator
NAS Support
2,486
746
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
On my lan, when I try and login to Bitwarden it says; "This browser requires HTTPS to use the Web vault".

When attempting remotely, now that I have changed the port on the reverse proxy to 1024 from 1025 I am unable to even get to the bitwarden login page and says; "Synology - Sorry, the page that you are looking for can not be found."
So this only happens with BW container? Can you access other containers on your LAN via https without any problem?
 
112
32
NAS
DS918+ (8GB RAM, 4x WD RED 4TB SHR) ; EATON Ellipse PRO 1200FR
Operating system
  1. Windows
Mobile operating system
  1. Android
Last edited:
On my lan, when I try and login to Bitwarden it says; "This browser requires HTTPS to use the Web vault"
Not sure how the others here have managed the reverse proxy thing but I came up with some trickery to make it work and with this trickery I did not have to put the ROCKET_TLS variable. Here is the thread for general usage of custom RP configuration files and here for what I did regarding BitWarden

Edit : link edited to point to the right post
 

Rusty

Moderator
NAS Support
2,486
746
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
There is no need to touch that variable in my experience. RP is all that was needed.
 
76
19
NAS
DS916+
Operating system
  1. Windows
Mobile operating system
  1. Android
So this only happens with BW container? Can you access other containers on your LAN via https without any problem?

I believe so. When I try and access any of the other apps via reverse proxy it will bring up the warning that the certificate does not match, ie this certificate is for xxxxx.synology.me and not sabnzbd.xxxxxxxxx.synology.me however this is just because I only have two certificates at the moment, one for xxxxx.synology.me and one for bitwarden.xxxxx.synology.me
 

Attachments

  • 20200509_170658.jpg
    20200509_170658.jpg
    25.9 KB · Views: 20
  • 20200509_170803.jpg
    20200509_170803.jpg
    32.2 KB · Views: 20

Rusty

Moderator
NAS Support
2,486
746
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Ok so considering that atm you have that single BW cert binded to BW container RP, this should work. Have you changed the RP setting to 1025 port now that you have rotated the ports in Docker for BW container?

Also, try and use your NAS IP address not localhost as a parameter in your RP settings for BW.
 
76
19
NAS
DS916+
Operating system
  1. Windows
Mobile operating system
  1. Android
Ok so considering that atm you have that single BW cert binded to BW container RP, this should work. Have you changed the RP setting to 1025 port now that you have rotated the ports in Docker for BW container?

Also, try and use your NAS IP address not localhost as a parameter in your RP settings for BW.

I have just changed the port back to 1025 but the problem remain on the lan, need HTTPS. I did read the other day that certificates don't work on lans and will throw up errors, is this correct.

On a side note however, I've just tried logging in remotely, and it WORKS!! I could create an account and sign in, and best of all the BW certificate shows as valid when accessing remotely.
 

Attachments

  • 20200509_171915.jpg
    20200509_171915.jpg
    12.5 KB · Views: 19
  • 20200509_171931.jpg
    20200509_171931.jpg
    13.7 KB · Views: 19

Rusty

Moderator
NAS Support
2,486
746
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
On a side note however, I've just tried logging in remotely, and it WORKS!!
This is the reason why I asked this question. So you have a NAT loopback issue with your router not supporting it. FQDN works from outside your LAN but not internally.

Just to be sure, try accessing your BW instance inside LAN using the public name. Do you get a login page or not?
 
76
19
NAS
DS916+
Operating system
  1. Windows
Mobile operating system
  1. Android
This is the reason why I asked this question. So you have a NAT loopback issue with your router not supporting it. FQDN works from outside your LAN but not internally.

Just to be sure, try accessing your BW instance inside LAN using the public name. Do you get a login page or not?

Unfortunately no login page, it just hangs, then returns the message; "This site can not be reached."
 

Rusty

Moderator
NAS Support
2,486
746
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Unfortunately no login page, it just hangs, then returns the message; "This site can not be reached."
Then its nat loopback problem. You could try and access the site via https://ipaddress and maybe force an ssl error but still land on the page
 
76
19
NAS
DS916+
Operating system
  1. Windows
Mobile operating system
  1. Android
Then its nat loopback problem. You could try and access the site via https://ipaddress and maybe force an ssl error but still land on the page

Hi,
Just tried your suggestion, unfortunately same outcome. Never mind, I'm more than happy to be able to access it remotely. I'll just have to look in to a suitable replacement router that supports NAT loopback to replace my BT Router.

Thank you both again for all of your help, it is greatly appreciated!
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Similar threads

Similar threads

Trending threads

Top