cf44acda27
* Add recipe for searxng Signed-off-by: David Young <davidy@funkypenguin.co.nz> * Fussy linter Signed-off-by: David Young <davidy@funkypenguin.co.nz> --------- Signed-off-by: David Young <davidy@funkypenguin.co.nz>
5.4 KiB
title, description, recipe
| title | description | recipe |
|---|---|---|
| How to run Bitwarden / bitwardenrs self hosted in Docker | Bitwarden / bitwardenrs is a self-hosted internet archiving solution | Bitwarden |
Bitwarden, self hosted in Docker Swarm
Heard about the latest password breach (since lunch)? HaveYouBeenPowned yet (today)? Passwords are broken, and as the amount of sites for which you need to store credentials grows exponetially, so does the risk of using a common password.
"Duh, use a password manager", you say. Sure, but be aware that even password managers have security flaws.
OK, look smartass.. no software is perfect, and there will always be a risk of your credentials being exposed in ways you didn't intend. You can at least minimize the impact of such exposure by using a password manager to store unique credentials per-site. While 1Password is king of the commercial password manager, BitWarden is king of the open-source, self-hosted password manager.
Enter Bitwarden..
{ loading=lazy }
Bitwarden is a free and open source password management solution for individuals, teams, and business organizations. While Bitwarden does offer a paid / hosted version, the free version comes with the following (better than any other free password manager!):
- Access & install all Bitwarden apps
- Sync all of your devices, no limits!
- Store unlimited items in your vault
- Logins, secure notes, credit cards, & identities
- Two-step authentication (2FA)
- Secure password generator
- Self-host on your own server (optional)
{{ page.meta.recipe }} Requirements
--8<-- "recipe-standard-ingredients.md"
Preparation
Setup data locations
We'll need to create a directory to bind-mount into our container, so create /var/data/bitwarden:
mkdir /var/data/bitwarden
Setup environment
Create /var/data/config/bitwarden/bitwarden.env, and leave it empty for now.
!!! question What, why an empty env file? Well, the container supports lots of customizations via environment variables, for things like toggling self-registration, 2FA, etc. These are too complex to go into for this recipe, but readers are recommended to review the dani-garcia/vaultwarden wiki, and customize their installation to suite.
{{ page.meta.recipe }} Docker Swarm config
Create a docker swarm config file in docker-compose syntax (v3), something like the example below:
--8<-- "premix-cta.md"
version: "3"
services:
bitwarden:
image: vaultwarden/server
env_file: /var/data/config/bitwarden/bitwarden.env
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/data/bitwarden:/data/:rw
deploy:
labels:
# traefik common
- "traefik.enable=true"
- "traefik.docker.network=traefik_public"
# traefikv1
- traefik.web.frontend.rule=Host:bitwarden.example.com
- traefik.web.port=80
- traefik.hub.frontend.rule=Host:bitwarden.example.com;Path:/notifications/hub
- traefik.hub.port=3012
#traefikv2
- "traefik.http.routers.bitwarden.rule=Host(`bitwarden.example.com`)"
- "traefik.http.services.bitwarden.loadbalancer.server.port=80"
- "traefik.http.routers.bitwarden.service=bitwarden"
- "traefik.http.routers.bitwarden-websocket.rule=Host(`bitwarden.example.com`) && Path(`/notifications/hub`)"
- "traefik.http.routers.bitwarden-websocket.service=bitwarden-websocket"
- "traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012"
networks:
- traefik_public
networks:
traefik_public:
external: true
!!! note Note the clever use of two Traefik frontends to expose the notifications hub on port 3012. Thanks @gkoerk!
Serving
Launch Bitwarden stack
Launch the Bitwarden stack by running docker stack deploy bitwarden -c <path -to-docker-compose.yml>
Browse to your new instance at https://YOUR-FQDN, and create a new user account and master password (Just click the Create Account button without filling in your email address or master password)
Get the apps / extensions
Once you've created your account, jump over to https://bitwarden.com/#download and download the apps for your mobile and browser, and start adding your logins!
--8<-- "recipe-footer.md"