selfhosted-apps-docker/bitwarden_rs/readme.md
DoTheEvolution 45ebd40b81 update
2020-04-10 12:08:25 +02:00

4.9 KiB

Bitwarden_rs in docker

guide by example

logo

Purpose

Password manager. RS version is simpler and lighter than the official bitwarden.

Files and directory structure

/home
└── ~
    └── docker
        └── bitwarden
            ├── 🗁 bitwarden-data
            ├── 🗋 .env
            ├── 🗋 docker-compose.yml
            └── 🗋 bitwarden-backup-script.sh

docker-compose

Documentation on compose.

docker-compose.yml

version: "3"
services:

  bitwarden:
    image: bitwardenrs/server
    hostname: bitwarden
    container_name: bitwarden
    restart: unless-stopped
    volumes:
      - ./bitwarden-data/:/data/
    environment:
      - TZ
      - ADMIN_TOKEN
      - DOMAIN
      - SIGNUPS_ALLOWED
      - SMTP_SSL
      - SMTP_EXPLICIT_TLS
      - SMTP_HOST
      - SMTP_PORT
      - SMTP_USERNAME
      - SMTP_PASSWORD
      - SMTP_FROM

networks:
  default:
    external:
      name: $DEFAULT_NETWORK

.env

# GENERAL
MY_DOMAIN=blabla.org
DEFAULT_NETWORK=caddy_net
TZ=Europe/Prague

# BITWARDEN
ADMIN_TOKEN=YdLo1TM4MYEQ948GOVZ29IF4fABSrZMpk9
SIGNUPS_ALLOWED=true

# USING SENDGRID FOR SENDING EMAILS
DOMAIN=https://passwd.blabla.org
SMTP_SSL=true
SMTP_EXPLICIT_TLS=true
SMTP_HOST=smtp.sendgrid.net
SMTP_PORT=465
SMTP_USERNAME=apikey
SMTP_PASSWORD=SG.MOQQegA3bgfodRN4IG2Wqwe.s23Ld4odqhOQQegf4466A4
SMTP_FROM=admin@blabla.org

Reverse proxy

Caddy v2 is used, details here.
Bitwarden_rs documentation has a section on reverse proxy.

Caddyfile

{
    # acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}

passwd.{$MY_DOMAIN} {
    encode gzip
    reverse_proxy /notifications/hub/negotiate bitwarden:80
    reverse_proxy /notifications/hub bitwarden:3012
    reverse_proxy bitwarden:80
}

Forward port 3012 on your router

  • websocket protocol used for some kind of notifications

Extra info

  • bitwarden can be managed at <url>/admin and entering ADMIN_TOKEN set in the .env file

interface-pic

Update

  • watchtower updates the image automaticly

  • manual image update
    docker-compose pull
    docker-compose up -d
    docker image prune

Backup and restore

  • backup using borgbackup setup that makes daily snapshot of the entire directory

  • restore
    down the bitwarden container docker-compose down
    delete the entire bitwarden directory
    from the backup copy back the bitwarden directortory
    start the container docker-compose up -d

Backup of just user data

user-data daily export using the official procedure.
For bitwarden_rs it means sqlite database dump and backing up attachments directory. The created backup files are overwriten on every run of the script, but borg backup is daily making snapshot of the entire directory.

  • create a backup script
    placed inside bitwarden directory on the host

    bitwarden-backup-script.sh

    #!/bin/bash
    
    # CREATE SQLITE BACKUP
    docker container exec bitwarden sqlite3 /data/db.sqlite3 ".backup '/data/BACKUP.bitwarden.db.sqlite3'"
    
    # BACKUP ATTACHMENTS
    docker container exec bitwarden tar -czPf /data/BACKUP.attachments.tar.gz /data/attachments
    

    the script must be executabe - chmod +x bitwarden-backup-script.sh

  • cronjob on the host
    crontab -e - add new cron job
    0 2 * * * /home/bastard/docker/bitwarden/bitwarden-backup-script.sh - run it at 02:00
    crontab -l - list cronjobs

Restore the user data

Assuming clean start.

  • start the bitwarden container: docker-compose up -d
  • let it run so it creates its file structure
  • down the container docker-compose down
  • in bitwarden/bitwarden-data/
    replace db.sqlite3 with the backup one BACKUP.bitwarden.db.sqlite3
    replace attachments directory with the one from the archive BACKUP.attachments.tar.gz
  • start the container docker-compose up -d