2.7 KiB
2.7 KiB
Bitwarden
bitwarden_rs inside a container. This is a re-implementation of the main Bitwarden server in rust. It is meant to replace the main Bitwarden server and provide a better self-hosting alternative. This server is compatible with the official Bitwarden clients. This image also contains the main Bitwarden web ui.
Inspiration / Sources
Install / Update / Run Script
Setup a generic script that'll auto update bitwarden, build a container and launch it. You should only run this script at first launch and/or when you're looking for updates.
mkdir -p /var/bitwarden
cat > /scratch/docker/bitwarden.sh <<EOF
#!/bin/bash
##########
# For postgresql instead of sqlite run the following commands
#docker exec -it postgres psql -U postgres
#create role bitwarden nocreatedb nocreaterole login PASSWORD 'password';
#create database bitwarden owner=bitwarden encoding=UTF8;
# Setup using the above database/username/role and ip of 172.30.12.12
##########
# -e SMTP_HOST=<smtp.domain.tld> \
# -e SMTP_FROM=<bitwarden@domain.tld> \
# -e SMTP_PORT=587 \
# -e SMTP_SSL=true \
# -e SMTP_USERNAME=<username> \
# -e SMTP_PASSWORD=<password> \
# openssl rand -base64 48
# -e ADMIN_TOKEN=[above_output]
ARCH=\`arch\`
if [ \$ARCH == "aarch64" ]
then
ARCH="arm64v8"
else
ARCH="arm32v7"
fi
docker pull registry.lollipopcloud.solutions/\$ARCH/bitwarden_rs
docker container stop bitwarden
docker container rm bitwarden
docker run \\
--name bitwarden \\
--restart unless-stopped \\
--net docker-private \\
--ip 172.30.12.23 \\
-e TZ=UTC \\
-e DEBUG=1 \\
-e WEBSOCKET_ENABLED=true \\
-e SIGNUPS_ALLOWED=false \\
-e DOMAIN=https://bitwarden.domain.tld \\
-e ADMIN_TOKEN=[see above] \\
-v /var/bitwarden/:/data/ \\
registry.lollipopcloud.solutions/\$ARCH/bitwarden_rs:latest
EOF
chmod a+x /scratch/docker/bitwarden.sh
Run Bitwarden
Simply execute /scratch/docker/bitwarden.sh
to update/run Bitwarden.
Update Unbound
cat > /etc/unbound/local_zone/bitwarden.conf <<EOF
local-data: "bitwarden A 172.30.0.1"
local-data: "bitwarden.domain.tld A 172.30.0.1"
local-data-ptr: "172.30.0.1 bitwarden"
local-data-ptr: "172.30.0.1 bitwarden.domain.tld"
EOF
Further configuration
https://github.com/dani-garcia/bitwarden_rs/wiki/Fail2Ban-Setup has great information on how to configure Fail2Ban to help minimize attempts to hack your server.