Bitwarden - Self-hosted password manager



  • bitwarden_rs 1.1.4 is out
    https://github.com/dani-garcia/bitwarden_rs

    • Added support for running on subpath, simply add the subpath to the DOMAIN variable: DOMAIN=https://example.com/custom-path
    • Attachment size limits, per-user and per-organization, set USER_ATTACHMENT_LIMIT or ORG_ATTACHMENT_LIMIT to a value in kilobytes to apply it.
    • Updated U2F library which might solve some U2F certificate errors.
    • Added SMTP test button in the admin page.
    • Use web vault built by docker autobuild, using the hash to reference the image for extra security
    • Now accepting y/n, True/False, 1/0 as config options that are booleans.
    • Fixed error Unique constraint violation when using Two Factor and Postgres.
    • Fixed error with can_signup_user that didn't allow to change the email address.
    • Don't error if admin token is empty but disabled
    • Now email domains are converted to punycode before sending
    • Enable icons to be cached in the clients
    • Added option to change invitation org name
    • Enabled the sending of invitations from the admin panel, even when disabled
    • Dependency updates


  • @necrevistonnezr Bumping this app request, bitwarden is one of the last important holdouts in my cloud replacement efforts.



  • @will fbartels version is fully functional (https://git.cloudron.io/fbartels/bitwardenrs-app), I've been using it for months now. And if you modify the bitwarden_rs build number in https://git.cloudron.io/fbartels/bitwardenrs-app/-/blob/master/Dockerfile before building, you get the newest version. I updated just yesterday.

    Change

    FROM "bitwardenrs/server:1.13.1-alpine" as bitwarden
    

    to

    FROM "bitwardenrs/server:1.14-alpine" as bitwarden
    


  • @necrevistonnezr given this @fbartels app works and is the most requested app, and the release of Cloudron 5 out of the way, and the goal for this year seems to be to get lots more apps released, I'm left wondering what is holding up getting this into the app store @girish @nebulon? 🤔😃



  • @necrevistonnezr I know you've talked about it in the past, do you have the thread where there are instructions on how to install it? DO I add that URL as a private git repo? Never did any custom app stuff before (well I tried and failed)



  • @will said in Bitwarden - Self-hosted password manager:

    @necrevistonnezr I know you've talked about it in the past, do you have the thread where there are instructions on how to install it? DO I add that URL as a private git repo? Never did any custom app stuff before (well I tried and failed)

    • Install & run Docker, it will ask you to log in or create a Docker account
    • Keep the Docker app / service running
    • git clone https://git.cloudron.io/fbartels/bitwardenrs-app and cd bitwardenrs-app
    • cloudron build(that's assuming you have installed cloudron cli via npm) - it will ask you for your cloudron credentials, and ask for your Docker repository, which should be set to public during the installation (makes it easier from my experience), e.g. in the form Docker_Username/bitwarden_rs
    • cloudron install: it will ask for the domain to install to, e.g. bit.domain.tld

    If you update, it's pretty much the same, just git pullin the app directory, cloudron build, and then cloudron update --app bit.domain.tld



  • @necrevistonnezr said in Bitwarden - Self-hosted password manager:

    cloudron build

    Ok went through the steps.

    • installed docker, registered and made an empty public repo
    • On my linux vm I got docker up and running
    • Cloned that repo to local dir
    • Ran Cloudron build inside repo folder
    • Seemed to build but then asked if I was logged into docker?
    • Logged into docker and cloudron on the CLI and tried again.
      CLI seemed to try to get at a repo at docker.io, but my repo is at hub.docker.com

    Sorta installed, visible in cloudron error message in cloudron:

    If a configuration, update, restore or backup action resulted in an error, you can retry the task.

    An error occurred during the install operation: Not found: Unable to pull image willrimmer/bitwarden_rs:20200320-035449-643626a03. message: (HTTP code 404) unexpected - manifest for willrimmer/bitwarden_rs:20200320-035449-643626a03 not found statusCode: 404

    Let me know if I'm understanding the flow correctly.

    1. Clone from github locally.
    2. Package up a Cloudron ready docker container and push to Docker Hub
    3. Cloudron grabs and deploys from Docker Hub(?)


  • @will The docker image didn't get pushed for some reason. I don't see it here - https://hub.docker.com/r/willrimmer/bitwarden_rs . Just do a cloudron build again. Do you see it push ?



  • BTW, when looking for the newest Docker releases, this site https://docker-hub-rss.now.sh and in particular this feed
    https://docker-hub-rss.now.sh/bitwardenrs/server.atom is ery helpful...



  • @girish Woohoo! It worked!

    01 Installing the App
    $ sudo docker login
    $ sudo cloudron login my.example.com
    $ git clone https://git.cloudron.io/fbartels/bitwardenrs-app
    $ cd bitwardenrs-app
    $ sudo cloudron build
    Enter repository (e.g registry/username/com.github.bitwardenrs): username/dockerhub-repo
    $ sudo cloudron install -l bitwarden.example.com

    02 Updating the App
    $ git pull https://git.cloudron.io/fbartels/bitwardenrs-app
    $ sudo cloudron build
    $ sudo cloudron update --app bitwarden.example.com

    03 Configuring the App
    Go to bitwarden.example.com/admin to configure.

    I can add users manually, is there a way to tie this Cloudron LDAP?
    Thanks!



  • Where does this stand on becoming "official" in some way? I'm still running Bitwarden off Cloudron myself as my Cloudron instance is hosting the version I'm using for development.



  • @will Yes, you can use LDAP if you use the version I published.

    https://git.cloudron.io/iamthefij/bitwardenrs-app

    Updated to the latest version. I haven't updated to the latest versions of Bitwarden just yet though. I'll give that a go now.

    Edit: It looks like Bitwarden_rs was updated to use a newer base image for building it's binaries. That means that when the binary used in the MySQL image is built, it's compiled against a newer version of libmariadb. It doesn't look like the Cloudron base image has been updated in a year, so I'm unable to just bump the version in the single-stage Dockerfile in my repo. However, I also have a multi-stage Dockerfile that will compile Bitwarden_rs from source against whatever version of libmariadb that is present. This should work but takes more time to build so I'm letting that run right now. I'll update when it's done. Edit: It's done!

    Related, but kind off topic: Can we get an update to the Cloudron base? How will those be handled in an ongoing basis since apps are pinned (as they should be) to a particular base? I imagine there have been security updates in the last year.



  • @iamthefij An update to the Cloudron base image gets brought up every few months for the last year or so. The most recent official mention of an updated base image was by @nebulon last August but it there's been a pin stuck in that with the aggressive releases as of late - perhaps this and other apps getting updated and looking to move forward soon will help un-stick that again, especially since it's been about a year since 1.0.0 dropped.

    cc @girish for a more definitive idea



  • @iamthefij How do I build the new image that ties in LDAP? (Note: I'm not a dev, just a security monkey/sysadmin. Even getting it installed like I did was a learning experience!)



  • @jimcavoli Now with 5.x out, I think it's time to bring out a new base image. Still working on the blog post and newsletter, so after that.

    @will Bitwarden server never sees any user password and all encryption is done client side (please see https://github.com/dani-garcia/bitwarden_rs/pull/677#issuecomment-545081380 and the full thread). For this reason, one can only implement a system where LDAP users can be automatically added into the bitwarden db and then sent an email invite. @iamthefij has automated the LDAP sync and invitation flow for Cloudron LDAP. Note that, the users have to use the invitation to sign up and setup a master password (which is totally independent of Cloudron password).

    In short, you can just add/invite users manually into bitwarden if you don't have that many users. There is no real LDAP sign in.



  • @will the Readme should contain the details you need. It also includes an explanation on how the LDAP integration functions (as @girish said, it's not like most apps due to the client side encryption model used in Bitwarden).

    If you're familiar with building a Cloudron app, you should be able to build as normal. The compiling of the binary is handled within the Dockerfile itself by leveraging multi-stage bulds.



  • @iamthefij Just tried to build using the same steps I used for the fbartels version and got this error:

    Sending build context to Docker daemon 138.8kB
    Step 1/31 : FROM "bitwardenrs/server-mysql:1.13.1" as bitwarden
    1.13.1: Pulling from bitwardenrs/server-mysql
    8ec398bc0356: Pull complete
    e4a2de8034fa: Pull complete
    fd9088357d3d: Pull complete
    8801aa831b23: Pull complete
    dd84a9fe1d76: Pull complete
    d47afa82b986: Pull complete
    5d95e292b0e0: Pull complete
    Digest: sha256:8d95d8f636c4bb4dc70ee6c3b1a9e32a63d19bc634c2ea3d1b6a8907b59945c9
    Status: Downloaded newer image for bitwardenrs/server-mysql:1.13.1
    ---> adaef5949bab
    Step 2/31 : FROM "vividboarder/bitwarden_rs_ldap:alpine" as bitwarden_ldap
    alpine: Pulling from vividboarder/bitwarden_rs_ldap
    c9b1b535fdd9: Pull complete
    08dbcf01e393: Pull complete
    8e8b8ccc4315: Pull complete
    Digest: sha256:4578c4cdfe93b52cf5d9406d2bf6cf63ed073fceec7e11ea1ede33fbebbb755d
    Status: Downloaded newer image for vividboarder/bitwarden_rs_ldap:alpine
    ---> 630a6d6f04a7
    Step 3/31 : FROM cloudron/base:1.0.0@sha256:147a648a068a2e746644746bbfb42eb7a50d682437cead3c67c933c546357617
    ---> 534bd0efda10
    Step 4/31 : RUN apt-get update && apt-get install -y --no-install-recommends libmariadbclient-dev && rm -fr /va
    r/lib/apt/lists/*
    ---> Running in 3f31137a8125
    Get:1 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
    Get:2 http://archive.ubuntu.com/ubuntu bionic InRelease [242 kB]
    Get:3 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
    Get:4 http://archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]
    Get:5 http://archive.ubuntu.com/ubuntu bionic/universe Sources [11.5 MB]
    Get:6 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages [1344 kB]
    Get:7 http://archive.ubuntu.com/ubuntu bionic/restricted amd64 Packages [13.5 kB]
    Get:8 http://archive.ubuntu.com/ubuntu bionic/universe amd64 Packages [11.3 MB]
    Get:9 http://archive.ubuntu.com/ubuntu bionic/multiverse amd64 Packages [186 kB]
    Reading package lists...
    E: Release file for http://security.ubuntu.com/ubuntu/dists/bionic-security/InRelease is not valid yet (invalid for ano
    ther 8h 46min 35s). Updates for this repository will not be applied.
    E: Release file for http://archive.ubuntu.com/ubuntu/dists/bionic-updates/InRelease is not valid yet (invalid for anoth
    er 8h 47min 33s). Updates for this repository will not be applied.
    E: Release file for http://archive.ubuntu.com/ubuntu/dists/bionic-backports/InRelease is not valid yet (invalid for ano
    ther 8h 48min 53s). Updates for this repository will not be applied.
    The command '/bin/sh -c apt-get update && apt-get install -y --no-install-recommends libmariadbclient-dev && rm
    -fr /var/lib/apt/lists/*' returned a non-zero code: 100
    child_process.js:669
    throw err;
    ^

    Error: Command failed: docker build -t willrimmer/bitwarden_rs:20200325-101241-841579f4c -f Dockerfile /mnt/c/Users/w
    ill/Cloud/Code/Git/bitwardenrs-app
    at checkExecSyncError (child_process.js:630:11)
    at execSync (child_process.js:666:15)
    at buildLocal (/usr/local/lib/node_modules/cloudron/src/build-actions.js:180:5)
    at Command.build (/usr/local/lib/node_modules/cloudron/src/build-actions.js:325:9)
    at Command.listener (/usr/local/lib/node_modules/cloudron/node_modules/commander/index.js:370:29)
    at Command.emit (events.js:311:20)
    at Command.parseArgs (/usr/local/lib/node_modules/cloudron/node_modules/commander/index.js:892:12)
    at Command.parse (/usr/local/lib/node_modules/cloudron/node_modules/commander/index.js:642:21)
    at Object.<anonymous> (/usr/local/lib/node_modules/cloudron/bin/cloudron:245:9)
    at Module._compile (internal/modules/cjs/loader.js:1158:30) {
    status: 100,
    signal: null,
    output: [ null, null, null ],
    pid: 3496,
    stdout: null,
    stderr: null

    Checking the readme now



  • @girish Got it, makes sense.



  • @will Strange. It looks like you're getting some validation issue from bionic-* for some reason. Possibly the clocks are off. Maybe try again? That's not specific to this project.

    It looks like you could reproduce with an new Dockerfile below, or just rebuild the existing one as caching should be in place now.

    FROM cloudron/base:1.0.0@sha256:147a648a068a2e746644746bbfb42eb7a50d682437cead3c67c933c546357617
    RUN apt-get update
    

    Does it work now? If not, check your system clock and timezone.



  • @iamthefij Ooooh I'm running this from a Fedora WSL 2 VM, does the Cloudron build have Ubuntu dependencies?


Log in to reply