Bitwarden - Self-hosted password manager
-
Hey @girish any updates on this? I've been holding off on migrating from my external instance to my Cloudron one because I'm not sure about the process of migrating from the dev one to an official one. Any guidance on when to expect this or if it's possible to preserve the Docker volume would be helpful.
-
@iamthefij said in Bitwarden - Self-hosted password manager:
Hey @girish any updates on this? I've been holding off on migrating from my external instance to my Cloudron one because I'm not sure about the process of migrating from the dev one to an official one. Any guidance on when to expect this or if it's possible to preserve the Docker volume would be helpful.
I'm in the same boat. I am maintaining a VPS solely for Bitwarden access. Would save $10 a month and time if I could roll this out! Thanks for all the hard work!
I tried deploying the Cloudron Bitwarden like below:
Commands run on Cloudron server.
git clone https://git.cloudron.io/fbartels/bitwardenrs-app #Successfully clones to home directory
npm install -g cloudron-cli **#Command fails, no cloudron-cli **
cloudron build # this will ask your cloudron.io login #Never got to this stage
cloudron install # this will ask you for your cloudron's login #Never got to this stage -
@will Those commands do NOT get ran on the cloudron server.
The cloudron CLI is ONLY for use outside of the server (it's the management tool for cli users)
At home, install virtualbox on your computer and create an ubuntu VM. (If you already have a computer with linux, ignore this step, these steps can be installed in windows if you install nodejs and git first)
Then run:
git clone https://git.cloudron.io/fbartels/bitwardenrs-app cd bitwardenrs-app ## Install NodeJS from https://nodejs.org/en/download/package-manager/ npm install -g cloudron cloudron build cloudron install
-
@will If you plan on building apps using a local docker install, that can only be done on linux (not the subsystem), otherwise using a build service (either the app one or cloudron's cloud build service) is good on any system with nodejs support
-
@murgero I'm not a developer, but I have stumbled my way through rough spots before. Just so I understand the workflow.
So lets say I want to deploy the Bitwarden app on my Cloudron instance in production (I don't but let's roll with it for a sec)
I would configure my dev environment (install Nodejs, cloudron-cli, and install Cloudron build service app on the Web Store)
I would clone the app I wanted to play with to my local dev machine, cd into that directory and use the cloudron build command to bush this app to the Cloudron Build Service App?
Lastly use the cloudron install command to install the app on to my production instance.
How close am I to the right answer?Thanks again for taking the time out to help me out. I'm trying to understand this stuff, but it's way out of my swimlane.
-
@will I don't use the build service app because it can delete other apps mistakenly. I use the following process for building my apps (step by step, literally) using a local linux machine with Docker, npm, git, and cloudron-cli.
Just make sure you have a free dockerhub account
git clone https://github.com/mitchellurgero/cloudron-vscode cd cloudron-vscode ## Change as you need! docker build -t dockername/projectname:tagname . docker push dockername/projectname:tagname ## End docker changes cloudron login cloudron install --image dockerhuburl/dockername/projectname:tagname
Example commands when replacing the variables with real items:
git clone https://github.com/murgero/MyApp1-cloudron cd MyApp1-cloudron ## Change as you need! docker build -t murgero/MyApp1:latest . docker push murgero/MyApp1:latest ## End docker changes cloudron login cloudron install --image dockerhuburl/murgero/MyApp1:latest
-
@murgero building is much easier now. when you call
cloudron build
it will ask for the registry to upload to. so you just have to enteryour-username/your-chosen-name-for-the image
, e.g.fbartels/cloudron-bitwardenrs
.cloudron install
will then automatically use this image.@will I am still not a huge believer in the ldap sync and the mysql backend of bitwarden. I have updated my repo to the last version and also picked some smtp things from @iamthefij. Sending invites still does not seem to work, will need to look further into this.
Edit: Managed to fix the issue with sending invites. the value of SMTP_AUTH_MECHANISM needs to be quoted, but when exporting it, these quotes are normally removed. Working and up to date version is in the git repo.
-
@fbartels said in Bitwarden - Self-hosted password manager:
building is much easier now. when you call cloudron build it will ask for the registry to upload to. so you just have to enter your-username/your-chosen-name-for-the image, e.g. fbartels/cloudron-bitwardenrs. cloudron install will then automatically use this image.
This requires the build service app to be installed on your cloudron which currently has a warning attached to it that it may delete USED docker images from other apps. Until the build service app is more stable, I'll stick to my sure-fire, tried and true way
-
@fbartels I see. Yea, totally agree that it’s not really necessary for most folks usage. The instance I run outside of Cloudron today uses neither of them. I’m using it as a simple personal password manager.
I believe Cloudron tends to prefer configurations that are ready for a small enterprise. My personal Gogs server was fine with SQLite and local auth as well, but Cloudron is configured with MySQL and LDAP.
️
-
@fbartels said in Bitwarden - Self-hosted password manager:
@murgero said in Bitwarden - Self-hosted password manager:
This requires the build service app to be installed on your cloudron
That is not true. Its build locally and then pushed into the github account.
When I try to update my bitwarden app at the existing domain 'bit.mydomain.de' this way, I still get a
Failed to install app: 409 message: Domain 'bit.mydomain.de' is in use
I have a wildcard DNS entry), so a DNS entry for the subdomain should not cause trouble. I also tried
cloudron login --allow-selfsigned
but it doesn't change anything.Could the "version" entry in
CloudronManifest.json
be the culprit? -
@necrevistonnezr said in Bitwarden - Self-hosted password manager:
Could the "version" entry in CloudronManifest.jsonbe the culprit?
No, at least not from my experience. It always depends from where you installed an app previously. So for example when you initially installed an app from the official appcenter you can not easily update it with a locally build app. To make it recognize an existing app you can add the
--app
parameter to the install command.So e.g.
cloudron update --app bit
But make sure that the applications are actually compatible with each other.
-
Still gettin errors:
osboxes@osboxes:~/bitwardenrs-app$ cloudron update --app bit Will update app at location bit => Waiting for app to be updated => Starting ... ... => Backup - Snapshotting app bit.mydomain.de .. => Backup - undefined => Downloading image ........................................... App update error: Installation failed: undefined osboxes@osboxes:~/bitwardenrs-app$ sudo cloudron update --app bit Will update app at location bit Failed to update app: 409 message: Not allowed in error state
-
@necrevistonnezr it seems to fail at downloading the image, so it has nothing to do with the app per se.
Can you also post the output of
cloudron build
?Maybe it could also help to remove the existing app before (but since it fails at downloading I would doubt that).
-
Output of
cloudron build
:Building locally as necrevistonnezr/bitwardenrs:20191210-094936-34576695f Sending build context to Docker daemon 114.2kB Step 1/28 : FROM "bitwardenrs/server:1.13.0-alpine" as bitwarden ---> c0f785714c65 Step 2/28 : FROM cloudron/base:1.0.0@sha256:147a648a068a2e746644746bbfb42eb7a50d682437cead3c67c933c546357617 ---> 534bd0efda10 Step 3/28 : ENV ROCKET_ENV "staging" ---> Using cache ---> 08e348a2d671 Step 4/28 : ENV ROCKET_PORT=3000 ---> Using cache ---> 4f829684eb90 Step 5/28 : ENV ROCKET_WORKERS=10 ---> Using cache ---> 4c341fbb8b34 Step 6/28 : ENV DATA_FOLDER=/app/data ---> Using cache ---> 624de75507eb Step 7/28 : ENV CONFIG_FILE=/app/data/config.json ---> Using cache ---> df63ce28a824 Step 8/28 : ENV SIGNUPS_ALLOWED=false ---> Using cache ---> 98489eda2ecf Step 9/28 : ENV INVITATIONS_ALLOWED=true ---> Using cache ---> 363bd3b89949 Step 10/28 : ENV WEBSOCKET_ENABLED=true ---> Using cache ---> c3ab1f3b150c Step 11/28 : ENV DISABLE_ADMIN_TOKEN=true ---> Using cache ---> 57d590406e2c Step 12/28 : RUN mkdir -p /app/data ---> Using cache ---> bf796d6b68b4 Step 13/28 : VOLUME /app/data ---> Using cache ---> af0388a6c7c5 Step 14/28 : EXPOSE 80 ---> Using cache ---> c4e5fc4eef9c Step 15/28 : EXPOSE 3012 ---> Using cache ---> 0d3be2006979 Step 16/28 : RUN rm /etc/apache2/sites-enabled/* ---> Using cache ---> 128658526e5f Step 17/28 : RUN sed -e 's,^ErrorLog.*,ErrorLog "|/bin/cat",' -i /etc/apache2/apache2.conf ---> Using cache ---> 460b63a85e66 Step 18/28 : RUN a2disconf other-vhosts-access-log ---> Using cache ---> b660416c4b47 Step 19/28 : COPY apache.conf /etc/apache2/sites-enabled/bitwarden.conf ---> Using cache ---> 380066c29b0c Step 20/28 : RUN a2enmod ldap authnz_ldap proxy proxy_http proxy_wstunnel rewrite ---> Using cache ---> 5d85bcdb4449 Step 21/28 : COPY --from=bitwarden /web-vault /app/code/web-vault ---> Using cache ---> 8c8e6cd0a79a Step 22/28 : COPY --from=bitwarden /bitwarden_rs /app/code/ ---> Using cache ---> 23aa34133bc8 Step 23/28 : COPY --from=bitwarden /Rocket.toml /app/code/ ---> Using cache ---> 16d854c4cdb4 Step 24/28 : ADD supervisor/ /etc/supervisor/conf.d/ ---> Using cache ---> 94e6be8b3e39 Step 25/28 : RUN sed -e 's,^logfile=.*$,logfile=/run/supervisord.log,' -i /etc/supervisor/supervisord.conf ---> Using cache ---> a4b630549d9e Step 26/28 : WORKDIR /app/code ---> Using cache ---> ac66a3410991 Step 27/28 : COPY start.sh /app/code/start.sh ---> Using cache ---> 8fee6c91fd4a Step 28/28 : CMD [ "/app/code/start.sh" ] ---> Using cache ---> ebd0cc6480c9 Successfully built ebd0cc6480c9 Successfully tagged necrevistonnezr/bitwardenrs:20191210-094936-34576695f [1mPushing necrevistonnezr/bitwardenrs:20191210-094936-34576695f[22m The push refers to repository [docker.io/necrevistonnezr/bitwardenrs] 59ca39a8baf6: Preparing d20566396bfd: Preparing 426f40b89686: Preparing 351495e80404: Preparing 205c5dee79e1: Preparing 4f9345d26f82: Preparing ffd05eeb91b1: Preparing 5418b55c5d1d: Preparing 92cad9313b91: Preparing 0ea137c0c63c: Preparing 16ef7d4b2f8e: Preparing f8a2b79c8722: Preparing 5648d21d9467: Preparing bfe34f2cfbd0: Preparing 83a42f6af455: Preparing f81e4eb4d80a: Preparing cd78fba29389: Preparing 5662a07238a1: Preparing 8d7ea83e3c62: Preparing 6a061ee02432: Preparing f73b2816c52a: Preparing 6267b420796f: Preparing a30b835850bf: Preparing 5648d21d9467: Waiting bfe34f2cfbd0: Waiting 83a42f6af455: Waiting f81e4eb4d80a: Waiting cd78fba29389: Waiting 4f9345d26f82: Waiting 5662a07238a1: Waiting 8d7ea83e3c62: Waiting 6a061ee02432: Waiting ffd05eeb91b1: Waiting 5418b55c5d1d: Waiting f73b2816c52a: Waiting 6267b420796f: Waiting 92cad9313b91: Waiting 0ea137c0c63c: Waiting 16ef7d4b2f8e: Waiting f8a2b79c8722: Waiting a30b835850bf: Waiting 351495e80404: Layer already exists 205c5dee79e1: Layer already exists d20566396bfd: Layer already exists 426f40b89686: Layer already exists 59ca39a8baf6: Layer already exists 4f9345d26f82: Layer already exists ffd05eeb91b1: Layer already exists 0ea137c0c63c: Layer already exists 16ef7d4b2f8e: Layer already exists f8a2b79c8722: Layer already exists 92cad9313b91: Layer already exists 5418b55c5d1d: Layer already exists 5648d21d9467: Layer already exists bfe34f2cfbd0: Layer already exists f81e4eb4d80a: Layer already exists 5662a07238a1: Layer already exists cd78fba29389: Layer already exists 8d7ea83e3c62: Layer already exists 83a42f6af455: Layer already exists 6a061ee02432: Layer already exists f73b2816c52a: Layer already exists 6267b420796f: Layer already exists a30b835850bf: Layer already exists 20191210-094936-34576695f: digest: sha256:ab443082901c6beac8d3e222448e20436b5e4d51c380bc2146f1f8d868ce06d4 size: 5114
And how do I get past the
409 message: Not allowed in error state
?