Better bitwarden usage guide

483

Introduce

Bitwarden is a prevailing open-source password management service. There’are another version of bitwarden refactored by rust called vaultwarden which occupy less system resources.
the docker service of Vaultwarden has run on my nas for half year.and i have introduced this program last year,but you cannot always be at home.So afterall I ran it on my x64vps.

Installation(Centos_only)

Asuming u haven’t install docker and docker-compose and this guide use Docker-Compose.yml to get initialization.

Environment

  • Docker
# $ curl -fsSL test.docker.com -o get-docker.sh
$ curl -fsSL get.docker.com -o get-docker.sh
$ sudo sh get-docker.sh --mirror Aliyun
# $ sudo sh get-docker.sh --mirror AzureChinaCloud

Choose one mirror to install docker-ce.
after waiting for a while,type this to make docker auto starting at boot.

$ sudo systemctl enable docker
$ sudo systemctl start docker
  • Docker-compose

Run this command to download the current stable release of Docker Compose:

$ sudo curl -L "https://github.com/docker/compose/releases/download/v1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

Then apply executable permissions to the binary:

$ sudo chmod +x /usr/local/bin/docker-compose

Last,verify the installation:

$ docker-compose --version

Configure

Initialize a folder for example ~/bitwarden/ and then creat a configure file named docker-compose.yml, open it:

version: '3'
services:
  vaultwarden:
    container_name: vaultwarden
    image: vaultwarden/server:latest
    restart: always
    ports:
      - "3080:80"
      - "3012:3012"
    environment:
      ADMIN_TOKEN: "your token//better more than 32bit"
      SIGNUPS_ALLOWED: 'true'
      WEBSOCKET_ENABLED: 'true'
    volumes:
      - ./data:/data

Now we can run the docker task by a easy way:

$ docker-compose up -d

Vaultwarden will create some file under ~/path/to/the/way/ folder.Now Bitwarden service has been initialized.

Update

Make sure visiting the configure yml file under the certain folder.

$ docker-compose down -v
$ docker-compose pull
$ docker-compose up -d

HTTPSConfigure

For some security reasons,bitwarden only support HTTPS access,so first of all we should install a web service.I recommend NGINX.

lnmp installation

$ wget http://soft.vpser.net/lnmp/lnmp1.8.tar.gz -cO lnmp1.8.tar.gz && tar zxf lnmp1.8.tar.gz && cd lnmp1.8 && ./install.sh lnmp

this shell program will automatically install NGINX PHP and MYSQL.

Reverse proxy

$ lnmp vhost add

Screenshot.png
Creating vhost,enter your domain name(better a second level domain name)
Next,revise nginx proxy configuration file.LNMP’s default file is
/usr/local/nginx/conf/vhost/YOURDOMAIN.conf

server
    {
        listen 443 ssl http2;
        server_name xxx;

        ssl_certificate /path/to/the/way/x.crt;
        ssl_certificate_key /path/to/the/way/x.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
        ssl_session_cache builtin:1000 shared:SSL:10m;
        # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
        ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
        client_max_body_size 128M;
    location / {
        proxy_pass http://127.0.0.1:3080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /notifications/hub {
        proxy_pass http://127.0.0.1:3012;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location /notifications/hub/negotiate {
        proxy_pass http://127.0.0.1:3080;
    }


        access_log off;
    }

THEN restart nginx to take effect.Now the https web service is running.Visiting your website now.
https://yourweb.com/ will appear like this:
bitwarden.png
IF you want to use some advance features,please visit
https://yourdomain.com/admin to access,the password is in your docker-compose.yml file called “ADMIN_TOKEN”.
admin.png

Backup

Rclone

Rclone is an open source, multi threaded, command line computer program to manage or migrate content on cloud and other high latency storage. Its capabilities include sync, transfer, crypt, cache, union, compress and mount. The rclone website lists supported backends including S3, and Google Drive.
Automatic install:

$ curl https://rclone.org/install.sh | sudo bash

Here is the official docs of mount webdav netdisc:
https://rclone.org/webdav/

How to backup

We can use netdisc like OneDrive to backup out data,IN FACT,we only need to backup ~/data/db.sqlite3 automatically.

$ rclone sync ~/bitwarden/data/db.sqlite3  nuts:bitwarden_backup

you can also use crontab to autosync the database.