Bitwarden Apache

Posted on  by admin

The Bitwarden AppImage seems to function just fine without rubywarden using HTTPS. By default, it is only using HTTP. However, the iOS client requires HTTPS. In order to support HTTPS, the Apache webserver (already running on the BBBW) will be configured to serve HTTPS and function as a proxy to the rubywarden server. This block is what connects the Apache Guacamole to the LDAP server for user authentication. The third block is the TOTP. This will enable 2FA authentication after the username and password authentication. You can use Google Authenticator or something similar. I use Bitwarden. The Bitwarden Vulnerability Disclosure Program enlists the help of the hacker community at HackerOne to make Bitwarden more secure. HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. Bitwarden RS is an unofficial version of Bitwarden that’s great for self-hosting. Overall, if you’re interested in self-hosting Bitwarden, this is what I consider to be the best option. There are two prerequisites that must be installed (Docker/Portainer, Nginx Proxy.

  1. Bitwarden_rs Apache
  2. Bitwarden Docker Apache
  3. Bitwarden Apache
  4. Bitwarden Apache2

Introduction

This article will cover setting up your own self-hosted Bitwarden instance with Docker and configuring ngnix to allow for public exposure for cross-device access to your vault.

What is Bitwarden?

Bitwarden is a free and open-source password management service that stores sensitive information such as website credentials in an encrypted vault. The Bitwarden platform offers a variety of client applications including a web interface, desktop applications, browser extensions, mobile apps, and a CLI.

I use Bitwarden as my main password vault. It stores my card details for automating the filling out of payment forms. Saves me from having to find or remember my card details. I also use Bitwarden for storing all of my passwords.

Having Bitwarden as a public endpoint means that I can connect to my password vault using the Bitwarden app on Android, specifying my self hosted instance.

Setting up the Bitwarden Server

This section of the tutorial is to set up the main Bitwarden 'hub'. This will be a publicly exposed Bitwarden API that will live on your server.

Require some assistance?

Our experts can help get you set up!

Step 1: Setting up your Linux server

You'll need to either have an existing server instance or create one. I use a Proxmox instance running on a server in my loft. You could also use something like Digital Ocean to host your Bitwarden Server. Using the following link will give you $100 worth of credits for 60 days to play around with, just sign up using this link.

You could also use a cheap Raspberry PI to set up your own Linux server.

Once you have the server set up, or have logged in. You'll need to do some updates and run some prerequisite installs.

Next, we need to install Docker. Docker is the layer which your containers run.

To install Docker on your instance, you need to run the following command.

The following script is a convenience script provided by the Docker team. It's highly recommended to always check what you're going to execute, before executing it.

Once you have executed the Docker install script. You should see an output like the following.

As you can see in the output, the command was executed successfully. You may also notice that there is a console message specifying how to use Docker as a non-root user.

This means that whenever you are executing the Docker command, you'll no longer need to type in your sudo password.

If this sounds good to you, you can simply run the provided command, substituting your-user for your server user. In my case, my user is ubuntu. My command would look like this.

We also need to install Docker Compose. This can be done by running the following commands.

Step 2: Provisioning your Bitwarden Server

Next, you'll need to create a new folder, this will house your Bitwarden Server, you can call it anything memorable. I'll just call mine bitwarden

Next, you'll need to create a docker-compose.yml file. This is an orchistration file which docker-compose will use to provision your Docker instance.

Next, you'll need to edit your `docker-compose.yml` file and paste in the following content.

I'm using bitwarden_rs as it's written in Rust, faster and more reliable. Also entirely opensource with a heavy user-base.

Save your docker-compose.yml file and exit back to your bitwarden directory.

Step 3: Running your Bitwarden Server locally

Now, you have everything provisioned for running your Bitwarden Server.

The next thing to do is run it.

This will start up your Bitwarden Server inside Docker, it may take some time to pull down the images.

You can eventually see your instance running by executing the following

This will list your running instance.

If all is well, you can locally view your Bitwarden Server by navigating to http://localhost:PORT. Or from another machine by using your ip address instead of localhost

You should see something that looks like the following.

Finally, you'll just need to register for an account on your new hosted instance.

Docker

Click the Create Account button

Then fill out your details. If you have an existing Bitwarden account, you'll still have to create a new account on this instance. You can then Export and Import between accounts.

The last thing to do is hit Submit

If your instance isn't on your local machine, you will need to set up Nginx routing, which you can follow in Step 4.

Step 4: Exposing your new server publicly

This part may sound scary, but it is required to allow your Bitwarden Clients (Android, iOS, Chrome extension etc) to connect to your server.

We're going to be using nginx.

Bitwarden

Setting up nginx

Nginx is a reverse proxy that allows you to point incoming web traffic to your new Bitwardeb server.

Firstly, install nginx if you haven't already

If you have UFW installed, you will have to Allow Nginx through your local firewall.

I have a tutorial for setting up UFW here

As you can see, there are three profiles available for Nginx:

  • Nginx Full: This profile opens both port 80 (normal, unencrypted web traffic) and port 443 (TLS/SSL encrypted traffic)
  • Nginx HTTP: This profile opens only port 80 (normal, unencrypted web traffic)
  • Nginx HTTPS: This profile opens only port 443 (TLS/SSL encrypted traffic)

You can enable this by typing:

Next thing to do is just double check your nginx server is up and running

You should see something that looks like the following

The next part allows us to take incoming traffic and point it to your container instance. Allowing you to expose your Bitwarden server to the internet.

Navigate to /etc/nginx/

Use your favorite text editor and open the following file with sudo

I use the following code for my syncing server

Port-forwarding

You will need to port forward your instance to allow public access to your instance. This will involve googling how to port forward from your router.

You'll need to point port 80 and 443 to your instance where Nginx is set up.

Linking Bitwarden Server with your public domain

You will also need to set up a public domain name. This can then be used to call your new public instance with port 443 exposed.

For example, I would set up a subdomain on bowlerdesign.tech to be vault.bowlerdesign.tech. Notice this is also the domain I specified in my Nginx config above.

Here's something to search for with regards to setting up a domain name

Setting up Certbot

Certbot allows us to generate SSL certificates for free with Let's Encrypt. It's simple to install and use. Even hooks in with Nginx, meaning that there's no more manual configuration required.

To install Certbot, simply run the following command

Then, to set up your SSL certificate, run

Follow the instructions, select your domain name from the nginx list.
Also, select redirect as this will upgrade any http requests to https.

Step 5: Connecting to your new Bitwarden instance from a client.

I'm going to use the Firefox Bitwarden Plugin for this part of the tutorial. But the process is identical for all Bitwarden clients.

First, if you haven't already, install your chosen Bitwarden client and open it.

In the top left corner, click the cog icon

You'll then get some configuration. Simply add your full url into the Server URL field

Like so, then just hit Save and log in as normal

That's it

Pretty easy right?

Please don't hesitate to get in touch in the comments if you get stuck. I'd be more than happy to help out with any issues you may face.

This post contains affiliate links meaning we may receive a small commission on purchases made through links in this post. At no extra cost to you 😊

Enjoying the post?

Subscribe to our free Weekly Newsletter, featuring our latest posts.Straight to your inbox.No spam ever (we hate it as much as you do).
Latest version

Bitwarden_rs Apache

Bitwarden

Released:

Keyring backend reading password data from Bitwarden

Project description

Implementation of the Keyring backend code reading secrets from Bitwarden using Bitwarden-cli

Overview

The Keyring python package provides a handy single point of entry for any secret holding system, allowing for seemless integration of those systems into applications needing secrets, like twine.

This projects implement Keyring to be able to read secrets from Bitwarden, an open source multiplatform cloud/self-hostable password manager.

This backend assumes that it will be used in the context of a CLI application, and that it can communicate with the user using sdtin, stdout and stderr. We could implement an additional backend for use in a library assuming that everything is already unlocked, or another one using pinentry to ask the user.

Requirements

This project uses the official bitwarden CLI under the hood, because there's no simple official Python bitwarden lib. Here are the installation instructions as of October 2018 and the link to the up to date instructions

You can install the Bitwarden CLI multiple different ways:

NPM

If you already have the Node.js runtime installed on your system, you can install the CLI using NPM. NPM makes it easy to keep your installation updated and should be the preferred installation method if you are already using Node.js.

Native Executable

Natively packaged versions of the CLI are provided for each platform which have no requirements on installing the Node.js runtime. You can obtain these from the downloads section in the Bitwarden documentation.

Other Package Managers

Installation and configuration

The Python packaging ecosystem can be quite a mess.

Bitwarden Docker Apache

Because of this, it's likely that your setup and my setup are nothing alike. Keyring supports a configuration file with an option allowing to explicitely define the path to a backend. You may need that for your installation, or maybe not.

Usage

Use as a normal keyring backend. It is installed with priority 10 so it's likely going to be selectedfirst.

If you want to use it with twine, good news, you're already set. Just make sure that this package is installed in the same location as twine.

bitwarden-keyring will automatically ask for credentials when needed. If you don't want to unlock your vault every time, export the vault session to your environment (use bw unlock and follow the instructions, or launch export BW_SESSION=$(bw unlock --raw)).

Caveats

bitwarden-keyring was only tested with:

  • macOS, using the bitwarden-cli from brew
  • ubuntu, using the bw from snap

As mentionned, bitwarden-keyring only works in the context of a CLI application with access to standard inputs and output. If you need something that either reads silently or using another method of communication, the best is probably to make another backend and most of the functions can be reused.

Licensing

bitwarden-keyring is published under the terms of the MIT License.The name Bitwarden is most probably the property of 8bit Solutions LLC.

Contributions and Code of Conduct

Contributions are welcome, please refer to the Contributing guide.Please keep in mind that all interactions with the project are required to follow theCode of Conduct.

Release historyRelease notifications RSS feed

0.3.0

Bitwarden Apache

0.2.1

Bitwarden docker apache

0.1.2

0.1.1

0.1.0

Bitwarden Apache2

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for bitwarden-keyring, version 0.3.0
Filename, sizeFile typePython versionUpload dateHashes
Filename, size bitwarden_keyring-0.3.0-py2.py3-none-any.whl (6.7 kB) File type Wheel Python version py2.py3 Upload dateHashes
Filename, size bitwarden-keyring-0.3.0.tar.gz (5.4 kB) File type Source Python version None Upload dateHashes
Close

Hashes for bitwarden_keyring-0.3.0-py2.py3-none-any.whl

Hashes for bitwarden_keyring-0.3.0-py2.py3-none-any.whl
AlgorithmHash digest
SHA2565825f09eccd2df50213c3f0db0bd2c4d2c411ba4faf4c8d4d98329ba23cce32d
MD534d3c4740d2b131bb3e0e6e2d5fa9be6
BLAKE2-256c58c0c5eedfd0c19c9b5ca081f808f13a2a456f21e839061840d4e274cf3ae70
CloseBitwarden Apache

Hashes for bitwarden-keyring-0.3.0.tar.gz

Hashes for bitwarden-keyring-0.3.0.tar.gz
AlgorithmHash digest
SHA2561beb1bb103074fbed1ca5a3a7863b8f8f000c2a2e96a28a6dbe276b909674351
MD5c9b97e5fb9979f578593d0786b638154
BLAKE2-2563017b9d1e0ffade8c178cbf0d3ea469ef209f6f9967787a5018e7581fa102ea5