Fasthosts Techie Test competition is now closed! Learn more about Fasthosts here: This video shows how to setup t. In order to change the server name of your Bitwarden Server, you will need to configure the url in the./bwdata/config.yml with the new server name and the run the./bitwarden.sh rebuild command. Next you will want to make sure the new name or FQDN has been set on all the globalSettingsbaseServiceUri variables in the./bwdata/env/global.override.env file.
Bitwarden is a password manager which uses a server which can be selfhosted. It provides various frontends, ranging from browser plugins over desktop application to mobile apps for all major browsers and plattforms. In this note I want to show you how I set up my Bitwarden server. In this note I want to show how I set up my Bitwarden server behind a nginx proxy with fail2ban and a daily backup.
I assume you have a server and nginx already installed. If not just look at my notes Secure Ubuntu 18.04 server setup as well as Ubuntu 18.04 server: nginx web server + Letâs Encrypt.
Obtain Letâs Encrypt certificate
To SSL encrypt the connection to our Bitwarden server, a certificate is required. Weâll use a Letâs encrypt certificate. Start by creating a nginx configuration file for our Bitwarden instance. The examples use the subdomain bitwarden.dennisnotes.com, change it according to the domain you want to use.
As in our basic nginx setup we start with a simple nginx configuration which just handles standard HTTP serving for our subdomain.
After creating the configuration file test it and restart nginx to enable it.
Now let certbot obtain a certificate for us and apply the default nginx SSL configuration like follows:
Select bitwarden.dennisnotes.com, fill in information like email etc.
nginx setup
Next we will edit the configuration file again to use nginx as a reverse proxy for our bitwarden instance.
Here is a example configuration file, which I use (using the port 5178 which will be mapped to 80 when accessing bitwarden.dennisnotes.com):
The installation of Bitwarden is quite simple and runs via docker-compose and installation scripts. Here I only show the short version, more information can be found on the Bitwarden website. You need docker and docker-composed to be installed on your server. During installation it will ask for a installation ID and key, you can get them here. It will also ask if you would like to use Letâs Encrypt or a own SSL certificate, enter no for all of these options, because we will use a SSL nginx proxy.
After the basic install, edit the configuration file at ./bwdata/config.yml. Most of it should be fine after running the installation script, just change the HTTP and SSL port accordingly to your configuration. e.g.
Afterwards you can add additional settings in the environment variables file. I would recommend to set up a SMTP server for email notifications (e.g. change password, activate account etc.) as well as to deactivate user registration, if you do not want to let strangers use your Bitwarden server. To do so edit ./bwdata/env/global.override.env. Mine looks like this:
After setting everything up rebuild and start bitwarden like follows:
Run Your Own Bitwarden Server
You should now see the Bitwarden web interface when visiting your domain, e.g https://bitwarden.dennisnotes.com. You should now be able to create your user account. As a next step I would recommend to enable two-factor authentication for your account. This setting can be found under settings in the Bitwardens web interface.
Bitwarden Server Without Docker
Passwords are pretty important, so I want the bitwardens database to be backuped daily. For this I use borgbackup. I first encrypt the bwdata folder, which contains all data of bitwarden and store the encrypted file on a webdav server as my backup location.
Setup WebDAV
First of all we need to make our webdav drive mountable. Install the following packages:
Create a folder for the webdav drive, e.g. /mnt/webdav and append the following line (with your webdavs data) to /etc/fstab.
There are several webdav providers, so if you donât have one yet, just google a bit for it. I use the free Magenta Cloud from German Telekom for my backup webdav drive. Next youâll need to provide the credentials to the webdav drive. This can be done by appending them to /etc/davfs2/secrets. It should look like this:
Afterwards you should be able to mount the webdav drive with your account. You can test it with:
![]()
Now you should be able to see your webdav files in /mnt/webdav/ and also be able to add files there.
Borg Backup Initialization
First of all make sure, that your WebDAV drive is still mounted. Now we need to install borgbackup and initialize a backup repository in which the backup files will be stored.
This will lead you through a simple setup. Make sure you note your password, you will need it to create and decrypt backups.
Bitwarden Server StatusDaily Backup Cronjob
Now we need to create our backup script, e.g. at /home/dennis/bitwarden_backup.sh. It should mount your webdav drive, then creating a backup of your bwdata folder. You can also specify how many backups you would like to store, see borg prune ⦠in the script. My script looks like this.
After creating the script make it executable and create a cronjob which executes it.
My cronjob runs the script every day at 0:00 oâclock and looks like this:
Now your bitwardens bwdata folder should be backuped as a encrypted file to your webdav drive every night at 0:00 oâclock. The logs for the backup are accessible via the bitwarden_backup_log.txt, so if anything doesnât work correctly, check this file first.
It seems like there are no logfiles provided which contain IP adresses of failed login attempts, so currently I do not see a way to use fail2ban with Bitwarden. This will hopefully change in the feature.
Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign up
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking âSign up for GitHubâ, you agree to our terms of service and privacy statement. Weâll occasionally send you account related emails.
Bitwarden Server Docker
Already on GitHub? Sign in to your account
Commentscommented May 24, 2020â¢
commented May 24, 2020Bitwarden Server 2016
closed this May 24, 2020
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |