Będzie po angielsku bo może przyda się światu. ;)
Bitwarden is a free and open source password management solution for individuals, teams, and business organizations. The website vault (vault.bitwarden.com). Javascript html bootstrap angular typescript bitwarden TypeScript GPL-3.0 298 1,792 99 16 Updated Apr 16, 2021. Bitwarden makes it easy for you to create, store, and access your passwords. Bitwarden stores all of your logins in an encrypted vault that syncs across all of your devices. Since it's fully. Configuring the keyboard shortcuts used by a Bitwarden Browser Extension differs based on which browser you're using. To access the configuration menu: In Chrome, enter chrome://extensions/shortcuts in the address bar. In Chromium-based browsers like Brave, substitute chrome for the relevant browser name (e.g.
Short instruction how to run Bitwarden service on home Qnap NAS.
Install „Container Station' on your Qnap. On the left panel of' Container Station' click on „Create' button and then on „Create Application' in upper right corner of window. In the text input field put content of the following listing and name this new application „bitwarden'.
Accept it and run. What you have really done is Docker Compose YAML configuration file which pulls 3 images from Docker Hub server:
- bitwarden_rs – an unofficial Bitwarden server implemented in Rust language,
- nginx – web server required here as proxy for HTTPS requests,
- bw_backup – a docker image running cron job to backup bitwarden database.
and runs containers of them inside „Container Station'.
You should pay particular attention to the ports configuration, line with „580:80' and „5443:443' frases. „580' and „5443' are outside ports which are open on the Qnap itself. You can change to whatever fits for you but don't use 80, 443 or 8080 because they are already taken by Qnap own services.
Before you run freshly created application (that's Qnap Container Station's name for docker-compose GUI) SSH log into Qnap and go to application folder:
Now, you must create configuration for nginx:
Save it as nginx.conf to /share/Container/container-station-data/application/bitwarden/data/nginx folder.
Now, you have to create self signed certificate to encrypt HTTP requests with SSL. To do this log in to Qnap with SSH and run following commands:
In this repo you'll find two interesting files: data/ssl/bitwarden.ext:
and script called create_ssl.sh:
You can edit data/ssl/bitwarden.ext to make cert generating easier. Look at this lines:
and this:
Warning: your certificate will be valid only for above domains. I use Pi-hole local DNS to redirect bitwarden.fubar to my QNap IP address.
OK, run create_ssl.sh script and follow instructions. At the and you will find whole new structure of folders with files in ssl directory.
Copy certs and private folders to /share/Container/container-station-data/application/bitwarden/data/ssl.
Now, start Bitwarden application:
Open web browser and go to the URL like: https://bitwarden.fubar:5443, remeber to change domain to same value as in DNS.1 for ssl.
You should see Bitwarden login page:
Time to install and use Bitwarden clients on desktops (macOS, Linux, Windows) and mobiles (Android, iOS) but before you'll do it first go back to SSH session on you Qnap and copy „myCA.crt' file on your computer.
This file is, root CA certificate that will make your Bitwarden clients think that certificate used to connect is valid even it is self signed by you.
Install CA certificate on every host you use with Bitwarden client:
macOS – double click on CRT file and it will open in Keychain Access, add it to System keychain and choose „Always Trust' option,
Linux (Debian/Ubuntu)- https://askubuntu.com/questions/73287/how-do-i-install-a-root-certificate
If your CA is in PEM format convert .pem
file to a .crt
file:
- Create a directory for extra CA certificates in
/usr/share/ca-certificates
:
2. Copy server_rootCA.crt
file to this directory:
3. Let Debian/Ubuntu add the .crt
file's path relative to /usr/share/ca-certificates
to /etc/ca-certificates.conf
:
3a. To do this non-interactively, run:
Windows – don't use it.
Firefox – go to Preferences -> Privacy & Security -> View Certificates. Click Import, then choose PEM/CRT file, select „Trust this CA to identify websites.'
Chrome – in macOS it uses Keychain so you don't need to add it again. For Linux check this website: https://thomas-leister.de/en/how-to-import-ca-root-certificate/. Quick hint: go to Settings -> Privacy & Security -> Security -> Manage Certificates and Import.
Chevy crossover suv. Warning! Original Bitwarden Desktop client use chromium sandbox so you HAVE TO install CA certificate into Chromium!!!
When CA certificate is in right place the last thing is:
before you connect every Bitwarden client must „know' the right address of Bitwarden server.
Run client and click gear icon:
then put your server address in 4 fields:
When CA certificate is in right place the last thing is:
before you connect every Bitwarden client must „know' the right address of Bitwarden server.
Run client and click gear icon:
then put your server address in 4 fields:
- Server URL
- Web vault server URL
- API server URL
- Identity server URL
Remember to put it in the following form: https://my.ip.address:myport, in case your server has IP 10.0.0.1 and port 5443 it should be: https://10.0.0.1:5443 like in image below. If you use domain name (as me) you should replace IP with domain:
Now, there's time to create account, you can do it pointing browser to the very same URL as used above: https://10.0.0.1:5443.
It's all now ready to use.
Bitwarden Edge Chromium Extension
Few steps to consider:
- store database backup somewhere outside Qnap,
- import data from another password manager,
- set up VPN connection to Qnap to synchronize database when you outside.
Bitwarden Chromium Edge
UPDATE:
How to update docker images?
- ALWAYS MAKE BACKUP OF YOUR VAULT!!! Export it in JSON from Bitwarden client.
- go to your QNap, run FileStation and zip full content of you application data folder:
- stop application in ContainerStation, remove it. Go to Images tab and pull new version of images: bitwardenrs/server, bruceforce/bw_backup and nginx:1.15-alpine.
- create application as written at the beginnign of this article, don't run it
- unzip content of previously backup data folder (configuration for nginx, ssl, vault and vault's backup).
- run application.