How to build your own Bitwarden_rs jail

[testcb00]

Ghost231, I find that I cannot use the following code to make to IP as variable

Code:

export DEFAULT_INTERFACE=$(route get 1.1.1.1 | grep interface | cut -d \  -f 4)
export DEFAULT_IP=$(ifconfig $DEFAULT_INTERFACE | grep 'inet' | awk -F ' ' '{ print $2 }')

I replace the DEFAULT_IP to my Intranet IP and try to generate a self-signed cert by these command and get

Code:

root@bitwarden:~/CA # openssl req -new -sha512 -nodes -out server.csr -newkey rsa:8192 -keyout server.key -config <(cat server_rootCA.csr.cnf)
Missing name for redirect.

Do I have misunderstanding in the step?

 

[da_da]

Is it possible to serve multiple IP's

one for management internal and one for external connections...

Also, is there way to place the vault outside the jail?

 

[da_da]

Found the answer for the DATA location.

Need to mount the location of the data to /usr/local/www/vaultwarden/data/

 

[raidflex]

I am still running Truenas Core, and only use jails not docker. Is still the most up to date guide on setting up and configuring a Bitwarden local server?

 

[testcb00]

I am still running Truenas Core, and only use jails not docker. Is still the most up to date guide on setting up and configuring a Bitwarden local server?

The package name is changed to vaultwarden and you might not need to follow the guide.

I use simple method, create a Base Jail with allow_raw_sockets

# install required package pkg install -y vim bash vaultwarden nginx
# edit your nginx server config vim /usr/local/etc/nginx/nginx.conf
# create vhost for vaultwarden vim /usr/local/etc/nginx/conf.d/vaultwarden.conf
# copy vaultwarden environment setting cp /usr/local/etc/rc.conf.d/vaultwarden.sample /usr/local/etc/rc.conf.d/vaultwarden
# edit vaultwarden environment, set SIGNUPS_ALLOWED to true and enable logging vim /usr/local/etc/rc.conf.d/vaultwarden LOG_FILE='/usr/local/www/vaultwarden/data/bitwarden.log' export LOG_FILE SIGNUPS_ALLOWED='true'
# add vaultwarden & nginx to rc.d and start service sysrc vaultwarden_enable=YES && \ sysrc nginx_enable=YES && \ service vaultwarden start && \ service nginx start

Remind that you need SSL Certificate for https connection. I buy a cheap domain and use Let's Encrypt to get the Certificate (though I need to renew each 3 months). Using the Certificate with correct DNS Resolver setting, the https function well.

 

[victort]

One issue with this is that to get SMTP working you need to change one option in the vaultwarden file as per this github post.

in /usr/local/etc/rc.conf.d/vaultwarden you need to change SMTP_SSL to SMTP_SECURITY and use either starttls force_tls or off

 

[victort]

Remind that you need SSL Certificate for https connection. I buy a cheap domain and use Let's Encrypt to get the Certificate (though I need to renew each 3 months). Using the Certificate with correct DNS Resolver setting, the https function well.

I use vaultwarden with caddy, behind a caddy reverse proxy that automatically handles certificates for me.

 

[victort]

I have created a script to automate the install of Vaultwarden here based off of @danb35 scripts.

Scripted Vaultwarden Installation

Scripted Installation of Vaultwarden with Caddy with options to run behind a reverse proxy, self-signed cert, or completely independent and managing/renewing its own certs automatically using Caddy. This script will create a jail, install...

www.truenas.com