Bitwarden - Self-hosted password manager
-
Tried updating the bitwardenrs-app today to its current domain; usually it would just install (and upgrade) the app. Today I got the following error:
ā cloudron install ERROR (node:9463) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification. [ internal/process/warning.js:27:3 ] Location: bit ERROR Failed to install app. Domain 'bitwarden.domain.com' is in use [ /Users/user/.nvm/versions/node/v12.7.0/lib/node_modules/cloudron/src/helper.js:68:29 ]
-
Tried with the LTS node version today - still the same error "Domain is in use". Anyone have an idea why?
-
@necrevistonnezr You have to delete the DNS entry manually in the DNS provider. What's hapenned is that the dns already has an entry for the subdomain. Cloudron will never overwrite existing DNS records.
This is getting fixed with https://git.cloudron.io/cloudron/box/issues/644. Cloudron will then overwrite DNS entries with that flag set.
If the above is not the issue, maybe there is another app on that subdomain? (Also, check any redirects you have to set for other apps).
-
@girish said in Bitwarden - Self-hosted password manager:
@necrevistonnezr You have to delete the DNS entry manually in the DNS provider. What's hapenned is that the dns already has an entry for the subdomain. Cloudron will never overwrite existing DNS records.
Where am I supposed to delete the DNS entry? Is the "DNS provider" something in the cloudron control panel?
I have no other apps / redirects regarding that subdomain.
-
@necrevistonnezr - He means delete the DNS entry from your DNS service provider itself for the domain. So if you already have bitwarden.domain.com in your DNS listing for your domain, then remove the bitwarden entry and then re-create with Cloudron.
-
@d19dotca said in Bitwarden - Self-hosted password manager:
@necrevistonnezr - He means delete the DNS entry from your DNS service provider itself for the domain. So if you already have bitwarden.domain.com in your DNS listing for your domain, then remove the bitwarden entry and then re-create with Cloudron.
That was not the issue since I did not have a subdomain entry in my DNS settings (I have a wildcard DNS entry). The issue was that cloudron-cli was not able to connect to my cloudron properly (TLS, https issues) for reasons I don't know (I told support about it).
After using
cloudron login --allow-selfsigned
I was able to build and update the bitwarden... -
@necrevistonnezr Ah interesting, good to know you figured that out then. Normally when that error is seen (I came across it quite a lot when setting up new environments on Cloudron as I learned the platform), it was always because I had already defined a "www" subdomain in my DNS provider, for example, so it then needed me to remove it before it could create it automatically by itself.
-
Ok. So I think I've just figured out the email issue, but don't have a fix yet.
When using the non-smtps connection, the logs show that
lettre
, the Rust email library that Bitwarden_rs uses, recognizes that the server supports several authentication methods, includingAuthentication(Plain)
, which is whatswacks
uses when successfully sending on the same port. However,lettre
refuses to use it because we aren't using an encrypted connection and it doesn't want to send credentials in the clear. (Checked here, defined as empty here).Unfortunately, using smtps is not a solution either because it appears that
lettre
is trying to validate the certificate, but that certificate is invalid.A patch to Bitwarden_rs may be required to tell
lettre
to allow sending credentials over an insecure connection using this method or by telling it to accept insecure certs.I'm working on a patch for Bitwarden_rs to allow insecure SSL connections so that it will accept a self signed cert.
-
@iamthefij there is one already at https://github.com/dani-garcia/bitwarden_rs/tree/master/docker/amd64/mysql
-
-
@fbartels well, I guess I didn't look hard enough! (Edit: Looks like the 1.10.0 release was only 2 hours ago. No wonder I missed it. ) It would be good to roll those all into one image with multiple tags, but I can chat with them about that on Matrix.
Anyway, adding the multi-stage build wasn't terribly hard and cuts out an extra dependency on that build pipeline, which is probably a good thing for a security sensitive project.
Latest on my master is now fully operational. Working email, working ldap sync, working MySQL.
BIG WARNING! There is no migration path from SQLite to MySQL. You should export your vault to CSV or something and then re-import it after migration.
-
@iamthefij Maybe the migration scripts by the author work that are mentioned here?
* Start bitwarden_rs with and empty mysql database, so diesel can run migrations and set up the schema properly. Do not do anything else. * Stop bitwarden_rs. * Dump your existing sqlite database: sqlite3 db.sqlite3 .dump > sqlitedump.sql * Drop schema creation and diesel metadata from your dump, leaving only your actual data: grep "INSERT INTO" sqlitedump.sql | grep -v "__diesel_schema_migrations" > mysqldump.sql * Load your MySQL dump: mysql -u bitwarden -p bitwarden < mysqldump.sql * Start bitwarden_rs ĖĖĖ
-
@necrevistonnezr I saw that. Yea, it's possible to do, but it's not something that I think is worth automating given that it could be a bit finicky.
If someone wants to do this, they are welcome to try using the console.
I'm planning to just export and re-import myself.
-
@iamthefij but import / export does not work for attachments, right? Or are these somehow migrateable?
-
@necrevistonnezr hmm. I've got no clue. I don't have any attachments and only use Bitwarden to manage passwords.