Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved Bitwarden - Self-hosted password manager

    App Wishlist
    20
    218
    24952
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gml last edited by

      You're welcome 🙂

      I hope this pr is going to be merged into bitwarden_rs soon: https://github.com/dani-garcia/bitwarden_rs/pull/396

      It would make it a lot easier for the user management. Currently registration is open to the world until you set ENV SIGNUPS_ALLOWED=false, which only makes sense after you created a first account. After setting it you could work with invites, but the invitation model sucks (you can just invite when having an Organisation or you can do it in the admin panel, but you have to set another env variable to access it and you can't save stuff there).

      So currently not really usable for the normal user. As far as I understood, with the ldap integration accounts / invites will be synced for all ldap users, which is exactly what we want. I also hope the admin panel gets some love, as in my eyes the token system to log in there isn't really easy to handle. And there seems to be a problem saving the settings you set there, but that's probably a problem in the cloudron integration.

      fbartels 1 Reply Last reply Reply Quote 1
      • fbartels
        fbartels App Dev @gml last edited by

        @gml yes, the ldap invite tool would be nice. I think the best for the moment would be to slap Apache Infront of bitwarden (would be needed anyways for the websocket part) and hide the admin panel behind ldap auth (only allow admin users from within cloudron). Then invites and open registration can be disabled and admins can manually create accounts as needed.

        1 Reply Last reply Reply Quote 2
        • fbartels
          fbartels App Dev last edited by

          I've now spent a bit of time to get the admin page "properly" working. Registrations are now disabled in the app itself, but users that are in the cloudron admin group can login to /admin to create the required users.

          Stuff like Websockets support (for folder notifications) is still missing, as well as automatic SMTP configuration but I would say the general app is "done".

          Looking forward to feedback.

          1 Reply Last reply Reply Quote 4
          • G
            gml last edited by gml

            Hi @fbartels

            Thank you for your great work! This is definitely on a good path 🙂

            Some few things I noticed:

            • Saving a config throws a Error saving config: IOError. I also checked with a reboot and it seems it really can't be saved right now. (also smtp wouldn't be possible without this fixed)
            • When accessing the admin panel when not logged into cloudron, you get a password prompt. A 403 HTTP would probably be more suitable and secure

            And as a small Bonus: As the app is getting in a pretty good shape, it is time for a logo =D
            here you go: https://github.com/bitwarden/brand/blob/master/icons/256x256.png

            fbartels 1 Reply Last reply Reply Quote 2
            • fbartels
              fbartels App Dev @gml last edited by

              @gml thanks. I have fixed the location of the config.json created by the admin panel. Settings can now be stored (but SMTP settings should probably be done in start.sh instead). I have also added your logo.

              The password prompt is actually expected since ldap auth is used in the webserver. The only way around the prompt would be to use oauth instead, but in previous attempts (the cloud torrent app) I did not get this to run.

              1 Reply Last reply Reply Quote 2
              • necrevistonnezr
                necrevistonnezr last edited by

                Many thanks!
                It's working for me. A few observations:

                • the invitation e-Mail did not get send as I hadn't change the SMTP settings, but once the e-Mail is on the invite list, this e-Mail can register an account
                • even with 1 GB of memory assigned, I get a "ran out of memory" quite often
                • currently the app is quite unresponsive as it's searching for favicons (as I can see from the logs)
                • Importing from Enpass 6 (json) worked fine for me
                fbartels 1 Reply Last reply Reply Quote 0
                • necrevistonnezr
                  necrevistonnezr last edited by

                  Another question - how are updates done? Or will your app eventually become an "official" cloudron app?

                  1 Reply Last reply Reply Quote 1
                  • fbartels
                    fbartels App Dev @necrevistonnezr last edited by

                    @necrevistonnezr said in Bitwarden - Self-hosted password manager:

                    even with 1 GB of memory assigned, I get a "ran out of memory" quite often
                    currently the app is quite unresponsive as it's searching for favicons (as I can see from the logs)
                    Importing from Enpass 6 (json) worked fine for me

                    This probably depends quite a bit on the amount of data you throw at it. I actually started with an empty vault since password history etc would not have carried over anyways. But in my case it's easy to keep a portable version of keepass around if I need a password from the old database.

                    Maybe the icon caching is causing some troubles for you? You could deactivate this from the settings. Probably also a good idea to get in touch with the upstream project if they are already aware on this and if there is anything to lighten the load a bit

                    @necrevistonnezr said in Bitwarden - Self-hosted password manager:

                    how are updates done? Or will your app eventually become an "official" cloudron app?

                    My idea is to have a good base so that @nebulon can make this an official app.

                    1 Reply Last reply Reply Quote 4
                    • iamthefij
                      iamthefij App Dev last edited by

                      LDAP syncing is now available for bitwarden_rs. Check it out on the wiki.

                      Do you have your app shared on git.cloudron.io yet? If so I can help contribute.

                      necrevistonnezr 1 Reply Last reply Reply Quote 3
                      • necrevistonnezr
                        necrevistonnezr @iamthefij last edited by

                        @iamthefij The repo is at https://git.cloudron.io/fbartels/bitwardenrs-app

                        1 Reply Last reply Reply Quote 1
                        • iamthefij
                          iamthefij App Dev last edited by

                          I've got a branch where I've almost gotten LDAP syncing fully working, but invites don't seem to be working properly.

                          Even if I try to send an invite directly through the web interface, it just hangs. The user shows in the list, however the logs never show a success or failure response for the request. I've checked the SMTP settings and they appear to be correct. I'll keep debugging though.

                          https://git.cloudron.io/iamthefij/bitwardenrs-app/tree/ldap-sync

                          1 Reply Last reply Reply Quote 4
                          • iamthefij
                            iamthefij App Dev last edited by

                            Got it working! Turns out I needed to enable SMTP_EXPLICIT_TLS.

                            Now I just have to schedule the sync task and do some cleanup. Should have a fully ready app soon.

                            fbartels 1 Reply Last reply Reply Quote 3
                            • iamthefij
                              iamthefij App Dev last edited by

                              Just set up the scheduler, but I'm getting weird results.

                              When the sync is run through the scheduler I get:

                              Apr 23 00:10:08 thread 'main' panicked at 'Could not authenticate with http://127.0.0.1:3000. Error { kind: Hyper(Error { kind: Connect, cause: Os { code: 111, kind: ConnectionRefused, message: "Connection refused" } }), url: Some("http://127.0.0.1:3000/admin/") }', src/bw_admin.rs:62:17
                              

                              However, it runs just fine when I drop into a terminal and select the task from the dropdown and run it.

                              @girish I figured it would be using docker exec, and when I ssh to my server I can run it successfully using

                               sudo docker exec 92ad3d37-2014-44f4-870f-25d862f57b4a sh -c '/app/code/ldap_sync.sh'
                              

                              However I just dug through the source for the scheduler addon and found that it's creating a new container.

                              How should we access the original container via HTTP? Is there a reason this is a new container and not simply an exec?

                              1 Reply Last reply Reply Quote 1
                              • fbartels
                                fbartels App Dev @iamthefij last edited by

                                @iamthefij hm.. I just noticed that I see the same behaviour in bitwarden. Sending a mail does not give an error in the ui and the log states 12:09:50 - [2019-04-23 10:09:50][lettre::smtp::client][DEBUG] connecting to 172.18.0.13:2465, but no mail is actually retrieved (on the same cloudron system).

                                Adding SMTP_EXPLICIT_TLS on the other hand left me with a Error sending email. handshake error error when sending mails.

                                I am not quite sure btw about setting a token for the admin interface. this unfortunately seems required by the sync job, but in the cloudron case it complicates stuff a bit, since there is afaik no easy way to add this token somewhere where an admin without shell access can easily read it.

                                iamthefij 1 Reply Last reply Reply Quote 1
                                • iamthefij
                                  iamthefij App Dev @fbartels last edited by iamthefij

                                  @fbartels I'm not certain it's actually required, but it is recommended.

                                  I added it because I saw some strange behavior with the LDAP access controls. Without the Admin Token, I was somehow able to access the admin page with no auth check via a Private Browsing window. I can do some more testing and see if I can do away with the token.

                                  For sending the email, I had set both SSL and TLS to true. Though I just realized I may have been using Mailgun as I did switch to that to rule out the Cloudron SMTP server. I'll do another test. Edit: Just verified and it works using the Cloudron SMTP server with both those settings as true.

                                  1 Reply Last reply Reply Quote 1
                                  • necrevistonnezr
                                    necrevistonnezr last edited by

                                    Bitwarden_rs 1.9.0 is out
                                    https://github.com/dani-garcia/bitwarden_rs/releases/tag/1.9.0

                                    1 Reply Last reply Reply Quote 0
                                    • nebulon
                                      nebulon Staff last edited by

                                      As proper database support is mentioned in https://github.com/dani-garcia/bitwarden_rs/issues/246 I think we should be waiting for a release until either MySQL or Postgres is supported. Otherwise we will end up with some migration issues from sqlite to one of the others.

                                      iamthefij 1 Reply Last reply Reply Quote 0
                                      • iamthefij
                                        iamthefij App Dev @nebulon last edited by

                                        @nebulon Why do you say that? Is there something wrong with SQLite? Or you just worried about when support is eventually added?

                                        Any insights on the issues accessing the API from a scheduled task? It would be good to get this resolved anyway.

                                        1 Reply Last reply Reply Quote 2
                                        • iamthefij
                                          iamthefij App Dev last edited by

                                          Hey @nebulon, @girish . Any ideas how I can proceed to make this work for Cloudron?

                                          I'm happy to patch box to use exec rather than run, or provide an option, but it's unclear why the decision was made to do run in the first place.

                                          1 Reply Last reply Reply Quote 2
                                          • necrevistonnezr
                                            necrevistonnezr last edited by

                                            FYI: When you increment to build number in the Dockerfile and in CloudronManifest.json, bitwarden_rs 1.9.0 builds & installs without problems...

                                            Maybe @fbartels can update the repo even while we're waiting for other databases being supported?

                                            fbartels 1 Reply Last reply Reply Quote 0
                                            • fbartels
                                              fbartels App Dev @necrevistonnezr last edited by

                                              @necrevistonnezr said in Bitwarden - Self-hosted password manager:

                                              Maybe @fbartels can update the repo even while we're waiting for other databases being supported?

                                              sure. done.

                                              1 Reply Last reply Reply Quote 1
                                              • iamthefij
                                                iamthefij App Dev last edited by

                                                @girish any ideas on this?

                                                1 Reply Last reply Reply Quote 0
                                                • girish
                                                  girish Staff last edited by

                                                  @iamthefij Sorry for the delay, got caught up with Cloudron 4. Now I have the time to investigate this a bit. From what I understand, the issue is that the scheduler container is unable to access the main container via HTTP? The scheduler container is supposed to be spawned in the same networking namespace and one is supposed to be able to directly access http://localhost:port. If that doesn't work, it's a bug. Let me test this and get back shortly.

                                                  1 Reply Last reply Reply Quote 0
                                                  • girish
                                                    girish Staff last edited by

                                                    @iamthefij So, there is no way right now to reach out to the parent app container from the cron container. We used to use exec before but we removed it because there was actually no way to clean/delete exec containers (not sure if they have fixed this now). Those exec containers will basically hang around, so for a scheduler this means a new container keeps getting created and just accumulates garbage. IIRC, there was also a case where these scheduler containers were doing processing with files using /tmp and /run as scratchpads and then they mistakenly delete files of the parent container. This led me to change it to just spawn a completely new container. Finally, this also helps us in multi-host setups where the scheduler container can run anywhere (exec requires same pod).

                                                    I will try to make a fix tomorrow where the scheduler containers can somehow get to the app container (I guess injecting the hostname of the app container as env var will suffice).

                                                    Also, any reason why the "syncing" is not part of the main bitwarden_rs binary itself? That way the scheduler can just call bitwarden_rs ldap-sync instead of doing a http call?

                                                    iamthefij 1 Reply Last reply Reply Quote 1
                                                    • iamthefij
                                                      iamthefij App Dev @girish last edited by

                                                      @girish

                                                      We used to use exec before but we removed it because there was actually no way to clean/delete exec containers (not sure if they have fixed this now). Those exec containers will basically hang around, so for a scheduler this means a new container keeps getting created and just accumulates garbage.

                                                      I'm not sure I follow. Using docker run actually creates a new container by default. That is unless the --rm option is added. If added, it will remove the container after running. This is actually what Cloudron appears to do today.

                                                      In contrast, docker exec doesn't create any new container. It runs a process within an existing container. There is no need to clean up any containers after execution.

                                                      If the issue is that poorly written cron jobs are deleting files that should not be deleted, that sounds like a bug with the app, not with box. There are legitimate reasons to want to access the same filesystem. Maybe it's cleaning up logs or something. Periodically sending out files. Or, as in this case, accessing a SQLite database.

                                                      Also, any reason why the "syncing" is not part of the main bitwarden_rs binary itself?

                                                      That was a design decision by the original Bitwarden creator. Bitwarden_rs decided to follow the same convention.

                                                      That way the scheduler can just call bitwarden_rs ldap-sync instead of doing a http call?

                                                      Unfortunately, that would not get around this issue. Executing bitwarden_rs ldap-sync from a new container (created by docker run) would not have access to the same filesystem, and therefore it would write to a new SQLite database that would immediately be cleaned up.

                                                      girish 1 Reply Last reply Reply Quote 0
                                                      • girish
                                                        girish Staff @iamthefij last edited by girish

                                                        @iamthefij said in Bitwarden - Self-hosted password manager:

                                                        In contrast, docker exec doesn't create any new container. It runs a process within an existing container. There is no need to clean up any containers after execution.

                                                        If you see https://docs.docker.com/engine/api/v1.37/#operation/ContainerExec, it creates an "exec container" and returns the object id. This id is then used to start it at https://docs.docker.com/engine/api/v1.37/#operation/ExecStart. You will notice there is no API to delete this object. This object is only deleted when the main container is removed. Initially, I thought this will not be an issue but in practice, after a cron job runs more than 500 times (which is just 2-3 days), docker starts crawling and causes all sorts of strange problems. There is a github issue somewhere for this and iirc, the docker maintainers said that one should not exec too often.

                                                        @iamthefij said in Bitwarden - Self-hosted password manager:

                                                        Unfortunately, that would not get around this issue. Executing bitwarden_rs ldap-sync from a new container (created by docker run) would not have access to the same filesystem, and therefore it would write to a new SQLite database that would immediately be cleaned up.

                                                        The Scheduler run containers do have access to the filesystem/local storage by volume mounting. Otherwise, wp cron jobs cannot access wp plugins etc.

                                                        Also, regardless of above, I am working on a patch to make http access possible.

                                                        iamthefij 1 Reply Last reply Reply Quote 0
                                                        • iamthefij
                                                          iamthefij App Dev @girish last edited by

                                                          @girish wow! I had no clue that exec worked that way. TIL! Is there no garbage collection process? Seems strange. My host probably has a bunch of dangling execs. They’d seem like they’d be benign, but I wonder.

                                                          HTTP access would be a great way to solve this. Happy to help test or debug.

                                                          1 Reply Last reply Reply Quote 0
                                                          • necrevistonnezr
                                                            necrevistonnezr last edited by necrevistonnezr

                                                            Bitwarden_rs 1.9.1 is out
                                                            https://github.com/dani-garcia/bitwarden_rs/releases/tag/1.9.1

                                                            Fixed broken U2F in Chrome 74+
                                                            Added images to email
                                                            Updated dependencies
                                                            
                                                            1 Reply Last reply Reply Quote 1
                                                            • fbartels
                                                              fbartels App Dev last edited by

                                                              I have updated the code in the git repo to 1.9.1 and also uploaded and submitted the app to the Cloudron app store. Maybe it will be shown as "untested" on Cloudrons on version 4.x.

                                                              iamthefij 1 Reply Last reply Reply Quote 1
                                                              • girish
                                                                girish Staff last edited by

                                                                We pushed the app store release today for community apps. I will make a post tomorrow about how to get the community apps published so others can install easily.

                                                                necrevistonnezr 1 Reply Last reply Reply Quote 1
                                                                • necrevistonnezr
                                                                  necrevistonnezr @girish last edited by

                                                                  @girish said in Bitwarden - Self-hosted password manager:

                                                                  We pushed the app store release today for community apps. I will make a post tomorrow about how to get the community apps published so others can install easily.

                                                                  Please include how to migrate from an existing (testing) installation, if possible. Thanks!

                                                                  1 Reply Last reply Reply Quote 0
                                                                  • iamthefij
                                                                    iamthefij App Dev last edited by

                                                                    @girish any luck with getting HTTP access to work?

                                                                    1 Reply Last reply Reply Quote 0
                                                                    • girish
                                                                      girish Staff last edited by

                                                                      @iamthefij Oops, this got fixed a while ago. I thought I replied to this thread. You can use the env var CLOUDRON_APP_HOSTNAME now in 4.1. For example, curl http://$CLOUDRON_APP_HOSTNAME:3000 works if http is running on port 3000.

                                                                      iamthefij 1 Reply Last reply Reply Quote 0
                                                                      • girish
                                                                        girish Staff last edited by

                                                                        @iamthefij btw, you can set "minBoxVersion": "4.1.4" in the manifest so that people who are below that version don't try to install the app.

                                                                        1 Reply Last reply Reply Quote 0
                                                                        • iamthefij
                                                                          iamthefij App Dev last edited by

                                                                          Awesome! I will give this a shot.

                                                                          1 Reply Last reply Reply Quote 0
                                                                          • iamthefij
                                                                            iamthefij App Dev @fbartels last edited by

                                                                            @fbartels was there a reason for moving the bitwarden image from the COPY statement to a FROM statement at the beginning? I'm picking up LDAP support again now that the hostname is available and I'm getting the binary from a published images as well.

                                                                            Was it just to avoid pulling when modifying any config values?

                                                                            fbartels 1 Reply Last reply Reply Quote 0
                                                                            • iamthefij
                                                                              iamthefij App Dev @girish last edited by

                                                                              @girish Hmm... it doesn't seem to be working correctly.

                                                                              I'm getting:

                                                                              Jun 26 17:55:25 thread 'main' panicked at 'Could not authenticate with http://8e50545e-6293-459d-8aa8-5abdb13695dc-ldap_sync:3000. Error { kind: Hyper(Error { kind: Connect, cause: Os { code: 111, kind: ConnectionRefused, message: "Connection refused" } }), url: Some("http://8e50545e-6293-459d-8aa8-5abdb13695dc-ldap_sync:3000/admin/") }', src/bw_admin.rs:62:17
                                                                              

                                                                              It appears that the hostname is the hostname of the ldap_sync container that the cron job spawned? Is that correct? When I open a terminal for the app, it just gives the first part without ldap_sync, which seems right.

                                                                              1 Reply Last reply Reply Quote 0
                                                                              • girish
                                                                                girish Staff last edited by

                                                                                @iamthefij This is indeed a bug 🤦 CLOUDRON_APP_HOSTNAME is meant to be a constant and should be set to 8e50545e-6293-459d-8aa8-5abdb13695dc. For cron jobs, it is setting the env var as the hostname by mistake.

                                                                                1 Reply Last reply Reply Quote 0
                                                                                • girish
                                                                                  girish Staff last edited by

                                                                                  @iamthefij In /home/yellowtent/box/src/docker.js at line 190,

                                                                                  `CLOUDRON_APP_HOSTNAME=${name}`,
                                                                                  

                                                                                  Replace the above as:

                                                                                  `CLOUDRON_APP_HOSTNAME=${app.id}`,
                                                                                  

                                                                                  Then systemctl restart box. Does that fix the problem?

                                                                                  1 Reply Last reply Reply Quote 0
                                                                                  • fbartels
                                                                                    fbartels App Dev @iamthefij last edited by

                                                                                    @iamthefij do you mean https://git.cloudron.io/fbartels/bitwardenrs-app/blob/master/Dockerfile#L1 ?

                                                                                    That was so that just a single line needs to be changed when bitwarden is updated.

                                                                                    iamthefij 2 Replies Last reply Reply Quote 0
                                                                                    • iamthefij
                                                                                      iamthefij App Dev @fbartels last edited by

                                                                                      @girish roger. That worked! Now I'm getting some new error from within Bitwarden_rs, which is good and means that it's actually hitting the server!

                                                                                      @fbartels got it. That could also be facilitated using an ARG.

                                                                                      It doesn't matter too much. The difference is really just in caching, but it doesn't look like the Cloudron build servers do caching.

                                                                                      1 Reply Last reply Reply Quote 0
                                                                                      • iamthefij
                                                                                        iamthefij App Dev @fbartels last edited by

                                                                                        @fbartels I'm not sure if something is different in my configuration... but if I visit my site at bitwarden.example.com/admin from a private window with no cookies, I'm not getting a basic auth prompt.

                                                                                        Is that working for you?

                                                                                        fbartels 1 Reply Last reply Reply Quote 0
                                                                                        • iamthefij
                                                                                          iamthefij App Dev last edited by iamthefij

                                                                                          @girish is there anything that might prevent this container from querying LDAP?

                                                                                          I'm getting the following error:

                                                                                          Jun 27 18:30:57 thread 'main' panicked at 'rc=1 (operationsError), dn: "ou=users, dc=cloudron", text: "No such app"', src/main.rs:21:9
                                                                                          

                                                                                          To verify that it's something to do with the cron container, I generate the config file and cat it to the log in the main application as well as the schedule container. I diffed the two configs and they are identical.

                                                                                          However, when I run the sync script from the terminal attached to the main container, it works correctly. From the scheduled container, I get this error.

                                                                                          Any ideas? I'm actually unable to find out where the "No such app" comes from. It is a pretty generic term, so searching online isn't much help. I did check the bitwarden_ldap_sync codebase, the Rust ldap3 codebase, and the box codebase, but no luck.

                                                                                          1 Reply Last reply Reply Quote 0
                                                                                          • girish
                                                                                            girish Staff last edited by

                                                                                            @iamthefij I think that's the LDAP server not allowing scheduler containers from accessing it. Can you try this - https://git.cloudron.io/cloudron/box/commit/22d731f06da98af196c43e6713bf0ce551107fa6 ?

                                                                                            iamthefij 1 Reply Last reply Reply Quote 0
                                                                                            • iamthefij
                                                                                              iamthefij App Dev @girish last edited by

                                                                                              @girish woo!!! That did it! I'll just clean up all the stuff I did for debugging and I can publish it after the next Cloudron update.

                                                                                              1 Reply Last reply Reply Quote 0
                                                                                              • iamthefij
                                                                                                iamthefij App Dev last edited by

                                                                                                @fbartels in addition to the admin page issue described above, I'm running into email sending issues again.

                                                                                                This time I'm not having success with any setting.

                                                                                                Explicit TLS only: Bitwarden hangs and times out when trying to invite/send with a panic:

                                                                                                Jun 28 03:35:56 thread 'main' panicked at 'Could not call with http://90859b46-d863-4609-a83a-79c5f010254c:3000/admin/invite. Error { kind: Io(Custom { kind: TimedOut, error: StringError("timed out") }), url: Some("http://90859b46-d863-4609-a83a-79c5f010254c:3000/admin/invite") }', src/bw_admin.rs:134:21
                                                                                                Jun 28 03:35:56 stack backtrace:
                                                                                                Jun 28 03:35:56 0: std::sys::unix::backtrace::tracing::imp::unwind_backtrace
                                                                                                Jun 28 03:35:56 at src/libstd/sys/unix/backtrace/tracing/gcc_s.rs:39
                                                                                                Jun 28 03:35:56 1: std::sys_common::backtrace::_print
                                                                                                Jun 28 03:35:56 at src/libstd/sys_common/backtrace.rs:70
                                                                                                Jun 28 03:35:56 2: std::panicking::default_hook::{{closure}}
                                                                                                Jun 28 03:35:56 at src/libstd/sys_common/backtrace.rs:58
                                                                                                Jun 28 03:35:56 at src/libstd/panicking.rs:200
                                                                                                Jun 28 03:35:56 3: std::panicking::default_hook
                                                                                                Jun 28 03:35:56 at src/libstd/panicking.rs:215
                                                                                                Jun 28 03:35:56 4: std::panicking::rust_panic_with_hook
                                                                                                Jun 28 03:35:56 at src/libstd/panicking.rs:478
                                                                                                Jun 28 03:35:56 5: std::panicking::continue_panic_fmt
                                                                                                Jun 28 03:35:56 at src/libstd/panicking.rs:385
                                                                                                Jun 28 03:35:56 6: std::panicking::begin_panic_fmt
                                                                                                Jun 28 03:35:56 at src/libstd/panicking.rs:340
                                                                                                Jun 28 03:35:56 7: bitwarden_rs_ldap::bw_admin::Client::invite
                                                                                                Jun 28 03:35:56 8: bitwarden_rs_ldap::invite_from_ldap
                                                                                                Jun 28 03:35:56 9: bitwarden_rs_ldap::main
                                                                                                Jun 28 03:35:56 10: std::rt::lang_start::{{closure}}
                                                                                                Jun 28 03:35:56 11: std::panicking::try::do_call
                                                                                                Jun 28 03:35:56 at src/libstd/rt.rs:49
                                                                                                Jun 28 03:35:56 at src/libstd/panicking.rs:297
                                                                                                Jun 28 03:35:56 12: __rust_maybe_catch_panic
                                                                                                Jun 28 03:35:56 at src/libpanic_unwind/lib.rs:87
                                                                                                Jun 28 03:35:56 13: std::rt::lang_start_internal
                                                                                                Jun 28 03:35:56 at src/libstd/panicking.rs:276
                                                                                                Jun 28 03:35:56 at src/libstd/panic.rs:388
                                                                                                Jun 28 03:35:56 at src/libstd/rt.rs:48
                                                                                                Jun 28 03:35:56 14: main
                                                                                                

                                                                                                Enable SSL only: Bitwarden hangs and times out when trying to invite/send

                                                                                                Jun 28 03:37:54 [Fri Jun 28 03:37:54.553168 2019] [proxy_http:error] [pid 34] (70007)The timeout specified has expired: [client 172.18.0.1:36626] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://bitwarden.iamthefij.com/admin
                                                                                                

                                                                                                With both enabled: I get the handshake error.

                                                                                                Jun 28 03:40:52 [2019-06-28 03:40:52][bitwarden_rs::error][ERROR] Error sending email. handshake error
                                                                                                
                                                                                                1 Reply Last reply Reply Quote 0
                                                                                                • fbartels
                                                                                                  fbartels App Dev @iamthefij last edited by

                                                                                                  @iamthefij yes, http auth is working in my branch.

                                                                                                  I think I should add that I am not using the app for my production bitwarden install. This is still running on a different system.

                                                                                                  I have also seen quite some weird behaviour in regards to the mail integration, but did not yet have the time or interest in really digging into it.

                                                                                                  1 Reply Last reply Reply Quote 0
                                                                                                  • girish
                                                                                                    girish Staff last edited by

                                                                                                    Given that the email error is Timeout, could it be that the mail server hostname or port configuration is not set correctly?

                                                                                                    1 Reply Last reply Reply Quote 0
                                                                                                    • d19dotca
                                                                                                      d19dotca last edited by

                                                                                                      Sorry if this is a newbie question (somewhat new to Cloudron) but how does one install this as a community app? I have the option for unstable apps showing enabled, but I do not see Bitwarden in the list of apps I can install. Am I missing something?

                                                                                                      --
                                                                                                      Dustin Dauncey
                                                                                                      www.d19.ca

                                                                                                      1 Reply Last reply Reply Quote 1
                                                                                                      • girish
                                                                                                        girish Staff last edited by

                                                                                                        @d19dotca Apps that are not published yet have to be built by hand. It's easy to build though:

                                                                                                        git clone <app repo>
                                                                                                        npm install -g cloudron-cli
                                                                                                        cloudron build # this will ask your cloudron.io login
                                                                                                        cloudron install # this will ask you for your cloudron's login
                                                                                                        
                                                                                                        murgero 1 Reply Last reply Reply Quote 1
                                                                                                        • murgero
                                                                                                          murgero App Dev @girish last edited by

                                                                                                          @girish Is the cloudron build command usable to all users or just developers right now?

                                                                                                          --
                                                                                                          https://urgero.org
                                                                                                          ~ Professional Nerd. Freelance Programmer. ~

                                                                                                          necrevistonnezr 1 Reply Last reply Reply Quote 0
                                                                                                          • necrevistonnezr
                                                                                                            necrevistonnezr @murgero last edited by

                                                                                                            @murgero It's available to anyone, using the cli tool (https://cloudron.io/blog/2017-03-08-cli-part2.html)

                                                                                                            murgero 1 Reply Last reply Reply Quote 0
                                                                                                            • murgero
                                                                                                              murgero App Dev @necrevistonnezr last edited by

                                                                                                              @necrevistonnezr in theory sure, but last I tried (about a month ago) it said my user account was denied access (error 503)

                                                                                                              --
                                                                                                              https://urgero.org
                                                                                                              ~ Professional Nerd. Freelance Programmer. ~

                                                                                                              1 Reply Last reply Reply Quote 0
                                                                                                              • iamthefij
                                                                                                                iamthefij App Dev last edited by

                                                                                                                Started digging back into email sending and got closer.

                                                                                                                I just noticed that the Cloudron docs say that the STARTLS uses a self signed cert, which makes sense given that the host I'm using is mail and not my.example.com.

                                                                                                                So I switched back to unencrypted and enabled more verbose logging. Ended up with:

                                                                                                                Jul 25 16:34:22 [2019-07-25 16:34:22][rocket::rocket][INFO] POST /admin//invite/ application/json:
                                                                                                                Jul 25 16:34:22 [2019-07-25 16:34:22][_][INFO] Matched: POST /admin/invite (invite_user)
                                                                                                                Jul 25 16:34:22 [2019-07-25 16:34:22][lettre::smtp::client][DEBUG] connecting to 172.18.0.6:2525
                                                                                                                Jul 25 16:34:22 [2019-07-25 16:34:22][lettre::smtp::client][DEBUG] Read: 220 my.example.com ESMTP Haraka/2.8.23 ready<CRLF>
                                                                                                                Jul 25 16:34:22 [2019-07-25 16:34:22][lettre::smtp][INFO] connection established to 172.18.0.6:2525
                                                                                                                Jul 25 16:34:22 [2019-07-25 16:34:22][lettre::smtp::client][DEBUG] Wrote: EHLO 90859b46-d863-4609-a83a-79c5f010254c<CRLF>
                                                                                                                Jul 25 16:34:22 [2019-07-25 16:34:22][lettre::smtp::client][DEBUG] Read: 250-my.example.com Hello 90859b46-d863-4609-a83a-79c5f010254c.cloudron [172.18.0.12]Haraka is at your service.<CRLF>250-PIPELINING<CRLF>250-8BITMIME<CRLF>250-SMTPUTF8<CRLF>250-SIZE 26214400<CRLF>250 AUTH LOGIN PLAIN<CRLF>
                                                                                                                Jul 25 16:34:22 [2019-07-25 16:34:22][lettre::smtp][DEBUG] server my.example.com with {Authentication(Login), Authentication(Plain), SmtpUtfEight, EightBitMime}
                                                                                                                Jul 25 16:34:22 [2019-07-25 16:34:22][lettre::smtp][INFO] No supported authentication mechanisms available
                                                                                                                Jul 25 16:34:22 [2019-07-25 16:34:22][lettre::smtp::client][DEBUG] Wrote: MAIL FROM:<bitwarden.app@example.com> BODY=8BITMIME SMTPUTF8<CRLF>
                                                                                                                Jul 25 16:34:22 [2019-07-25 16:34:22][lettre::smtp::client][DEBUG] Read: 550 Mail from domain 'example.com' is not allowed from your host<CRLF>
                                                                                                                Jul 25 16:34:22 [2019-07-25 16:34:22][lettre::smtp::client][DEBUG] Wrote: QUIT<CRLF>
                                                                                                                Jul 25 16:34:22 [2019-07-25 16:34:22][lettre::smtp::client][DEBUG] Read: 221 my.example.com closing connection. Have a jolly good day.<CRLF>
                                                                                                                Jul 25 16:34:22 [2019-07-25 16:34:22][bitwarden_rs::error][ERROR] Error sending email. Mail from domain 'example.com' is not allowed from your host
                                                                                                                Jul 25 16:34:22 [2019-07-25 16:34:22][_][INFO] Outcome: Success
                                                                                                                Jul 25 16:34:22 172.18.0.1 - User [25/Jul/2019:16:34:22 +0000] "POST /admin/invite/ HTTP/1.1" 400 990 "https://bitwarden.example.com/admin" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Firefox/68.0"
                                                                                                                Jul 25 16:34:22 [2019-07-25 16:34:22][_][INFO] Response succeeded.
                                                                                                                Jul 25 16:34:24 [Thu Jul 25 16:34:24.254775 2019] [access_compat:error] [pid 32] [client 172.18.0.1:37122] AH01797: client denied by server configuration: proxy:http://127.0.0.1:3000/admin/
                                                                                                                

                                                                                                                So this is definitely more descriptive. Seems like the server is rejecting the request.

                                                                                                                1 Reply Last reply Reply Quote 0
                                                                                                                • girish
                                                                                                                  girish Staff last edited by

                                                                                                                  : 550 Mail from domain 'example.com' is not allowed from your host<CRLF>

                                                                                                                  Can you check if the email for example.com is not set to Disabled under the outbound relay email settings?

                                                                                                                  1 Reply Last reply Reply Quote 0
                                                                                                                  • necrevistonnezr
                                                                                                                    necrevistonnezr last edited by

                                                                                                                    Tried updating the bitwardenrs-app today to its current domain; usually it would just install (and upgrade) the app. Today I got the following error:

                                                                                                                    ➜ cloudron install
                                                                                                                    ERROR (node:9463) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification. [ internal/process/warning.js:27:3 ]
                                                                                                                    Location: bit
                                                                                                                    ERROR Failed to install app. Domain 'bitwarden.domain.com' is in use [ /Users/user/.nvm/versions/node/v12.7.0/lib/node_modules/cloudron/src/helper.js:68:29 ]
                                                                                                                    
                                                                                                                    necrevistonnezr 1 Reply Last reply Reply Quote 0
                                                                                                                    • necrevistonnezr
                                                                                                                      necrevistonnezr @necrevistonnezr last edited by

                                                                                                                      Tried with the LTS node version today - still the same error "Domain is in use". Anyone have an idea why?

                                                                                                                      1 Reply Last reply Reply Quote 0
                                                                                                                      • girish
                                                                                                                        girish Staff last edited by

                                                                                                                        @necrevistonnezr You have to delete the DNS entry manually in the DNS provider. What's hapenned is that the dns already has an entry for the subdomain. Cloudron will never overwrite existing DNS records.

                                                                                                                        This is getting fixed with https://git.cloudron.io/cloudron/box/issues/644. Cloudron will then overwrite DNS entries with that flag set.

                                                                                                                        If the above is not the issue, maybe there is another app on that subdomain? (Also, check any redirects you have to set for other apps).

                                                                                                                        necrevistonnezr 1 Reply Last reply Reply Quote 0
                                                                                                                        • necrevistonnezr
                                                                                                                          necrevistonnezr @girish last edited by

                                                                                                                          @girish said in Bitwarden - Self-hosted password manager:

                                                                                                                          @necrevistonnezr You have to delete the DNS entry manually in the DNS provider. What's hapenned is that the dns already has an entry for the subdomain. Cloudron will never overwrite existing DNS records.

                                                                                                                          Where am I supposed to delete the DNS entry? Is the "DNS provider" something in the cloudron control panel?

                                                                                                                          I have no other apps / redirects regarding that subdomain.

                                                                                                                          d19dotca 1 Reply Last reply Reply Quote 0
                                                                                                                          • d19dotca
                                                                                                                            d19dotca @necrevistonnezr last edited by

                                                                                                                            @necrevistonnezr - He means delete the DNS entry from your DNS service provider itself for the domain. So if you already have bitwarden.domain.com in your DNS listing for your domain, then remove the bitwarden entry and then re-create with Cloudron.

                                                                                                                            --
                                                                                                                            Dustin Dauncey
                                                                                                                            www.d19.ca

                                                                                                                            necrevistonnezr 1 Reply Last reply Reply Quote 0
                                                                                                                            • First post
                                                                                                                              Last post
                                                                                                                            Powered by NodeBB