Installing Bitwarden

Print Friendly, PDF & Email

In this post we will see how we can simply deploy an open source password manager on the network for our company, house… The idea is to have a website where we centralize and have the passwords of any site protected.

We will have Bitwarden running in a container and providing the service of storing and indexing our credentials. Allowing access through different users and the possibility of access or synchronization with mobile devices, or browser extensions to auto-fill credential fields. Users, Passwords, URLs, Tokens… we will keep what each one of us considers, It's a safe place. So we no longer have excuses to use Exceles to save sensitive information.

¡Started! We will need at least 4GB RAM and this post will be based on an Ubuntu Server 21.04 Up-to-date and with static IP address, DNS Configured, NTP… First things, Have Docker, If we don't have it, We install it:

sudo apt install curl apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y curl -fsSL https://download.docker.com/linux/ubuntu/gpg | Sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
Sudo apt update sudo apt install docker-ce docker-ce-cli containerd.io docker-compose -y sudo systemctl status docker sudo systemctl enable docker docker --version docker-compose --version

The next thing will be to go to https://bitwarden.com/host/ and ask for the installation codes locally. They will be sent to us immediately by email.

Once we have the Installation Id and the Installation Key we can start! With this command we will download and start the installation of Bitwarden.

curl -Lso bitwarden.sh https://go.btwrdn.co/bw-sh chmod +x bitwarden.sh sudo ./bitwarden.sh install

And we will have to fill in the questions that the assistant will ask us, as it will be to indicate the FQDN we want to access the site, also if we want to use Lets Encrypt to generate the certificate, either we have our own or that generates a self-signed one; as well as the IDs that came to us by mail:

 _     _ _                         _
| |__ (_) |___      ____ _ _ __ __| | ___ _ __
| '_ \| | __ \ /\ / / _` | '__/ _` |/ _ \ '_ \
| |_) | | |_ \ V  V / (_| | | | (_| |  __/ | | |
|_.__/|_|\__| \_/_/ __,_|_|  \__,_|\___|_| |_|

Open source password management solutions Copyright 2015-2021, 8bit Solutions LLC https://bitwarden.com, https://github.com/bitwarden  ===================================================  bitwarden.sh version 1.42.3
Docker version 20.10.8, build 3967b7d docker-compose version 1.25.0, build unknown

(!) Enter the domain name for your Bitwarden instance (ex. bitwarden.example.com): FQDN_BITWARDEN. DOMINIO. ESO

(!) Do you want to use Let's Encrypt to generate a free SSL certificate? (y/n): n

(!) Enter the database name for your Bitwarden instance (ex. vault): vault

1.42.3: Pulling from bitwarden/setup e1acddbe380c: Pull complete dd03aafcc609: Pull complete 42dd948b1ee9: Pull complete babf609d748c: Pull complete 62b1be457df2: Pull complete 6f1f9ec9013b: Pull complete 8e3a7c30ce9a: Pull complete 23669c1f9b29: Pull complete 449aeb561efd: Pull complete 2c2716f2153f: Pull complete Digest: sha256:a85988defed50c28dcd477c10196df9282e0f46c1Ddfb5dCf5E78833feO2f81e Status: Downloaded newer image for bitwarden/setup:1.42.3
docker.io/bitwarden/setup:1.42.3

(!) Enter your installation id (get at https://bitwarden.com/host): XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX

(!) Enter your installation key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXX

(!) Do you have a SSL certificate to use? (y/n): n

(!) Do you want to generate a self-signed SSL certificate? (y/n): y  Generating self signed SSL certificate.
Generating a RSA private key
..............................................................++++
..........................................................++++
writing new private key to '/bitwarden/ssl/self/FQDN_BITWARDEN.DOMINIO.ESO/private.key'
-----
Generating key for IdentityServer.
Generating a RSA private key
.++++
........................................++++
writing new private key to 'identity.key'
-----

!!!!!!!!!! WARNING !!!!!!!!!!
You are using an untrusted SSL certificate. This certificate will not be trusted by Bitwarden client applications. You must add this certificate to the trusted store on each device or else you will receive errors when trying to connect to your installation.

Building nginx config.
Building docker environment files.
Building docker environment override files.
Building FIDO U2F app id.
Building Asset Links For Fido2.
Building docker-compose.yml.

Installation complete If you need to make additional configuration changes, you can modify the settings in './bwdata/config.yml' and then run:
'./bitwarden.sh rebuild' or './bitwarden.sh update' Next steps, Run:
'./bitwarden.sh start'

The configuration file is './bwdata/config.yml’ and it will come in handy if we need to modify the certificates, FQDN, harbours… Speaking of certificates, if we are going to put our own certificate, We will take into account that the CRT file must be complete, the certificate in addition to the entire chain of intermediate entities and the root. I have a note in the documentation that I had to modify the file './bwdata/env/global.override.env’ and check that in 'globalSettings__sqlServer__connectionString’ Do not use single quotation marks, if not double when setting the. I understand that it will be a bug that is already fixed.

Total, that we will be able to start Bitwarden, If we comply with all of the above, it will be fine, We start with 'SUDO ./bitwarden.sh START':

sudo ./bitwarden.sh start _ _ _ _
| |__ (_) |___      ____ _ _ __ __| | ___ _ __
| '_ \| | __ \ /\ / / _` | '__/ _` |/ _ \ '_ \
| |_) | | |_ \ V  V / (_| | | | (_| |  __/ | | |
|_.__/|_|\__| \_/_/ __,_|_|  \__,_|\___|_| |_|

Open source password management solutions Copyright 2015-2021, 8bit Solutions LLC https://bitwarden.com, https://github.com/bitwarden  ===================================================  bitwarden.sh version 1.42.3
Docker version 20.10.8, build 3967b7d docker-compose version 1.25.0, build unknown Pulling mssql         ... done Pulling web           ... done Pulling attachments   ... done Pulling api           ... done Pulling identity      ... done Pulling sso           ... done Pulling admin         ... done Pulling portal        ... done Pulling icons         ... done Pulling notifications ... done Pulling events        ... done Pulling nginx         ... done Creating directory /home/openservices/bwdata/core Creating directory /home/openservices/bwdata/core/attachments Creating directory /home/openservices/bwdata/logs Creating directory /home/openservices/bwdata/logs/admin Creating directory /home/openservices/bwdata/logs/api Creating directory /home/openservices/bwdata/logs/events Creating directory /home/openservices/bwdata/logs/icons Creating directory /home/openservices/bwdata/logs/identity Creating directory /home/openservices/bwdata/logs/mssql Creating directory /home/openservices/bwdata/logs/nginx Creating directory /home/openservices/bwdata/logs/notifications Creating directory /home/openservices/bwdata/logs/sso Creating directory /home/openservices/bwdata/logs/portal Creating directory /home/openservices/bwdata/mssql/backups Creating directory /home/openservices/bwdata/mssql/data Creating network "docker_default" with the default driver Creating network "docker_public" with the default driver Creating bitwarden-sso           ... done Creating bitwarden-notifications ... done Creating bitwarden-api           ... done Creating bitwarden-events        ... done Creating bitwarden-icons         ... done Creating bitwarden-attachments   ... done Creating bitwarden-identity      ... done Creating bitwarden-web           ... done Creating bitwarden-mssql         ... done Creating bitwarden-admin         ... done Creating bitwarden-portal        ... done Creating bitwarden-nginx         ... Done
1.42.3: Pulling from bitwarden/setup Digest: sha256:a85198defed5fce8dcd477c1b1d6df9282e0e46ce8dfb5d0f5378803fe02fe1e Status: Image is up to date for bitwarden/setup:1.42.3
docker.io/bitwarden/setup:1.42.3

Bitwarden is up and running!
=================================================== visit https://FQDN_BITWARDEN. DOMINIO. ESO to update, run `./bitwarden.sh updateself` and then `./bitwarden.sh update`

It already tells us that we can boot up a browser and try Bitwarden!!! But before, Remember, that we must keep Bitwarden updated on a regular basis and we will do so through:

./bitwarden.sh updateself ./bitwarden.sh update

This would be the default interface, where for the first time we will have to register from “Create Account”,

We fill in the data to create our username, We will have to validate the email.

And the truth is that it doesn't have much mystery, you will see that it is easy to use, that you can organize by folder hierarchy, Create Ticket-Type Items, Cards, Identities, Share Secure Notes with Third Parties…

And if you put on the mobile app for iPhone or Android and connect against our Bitwarden server we can log in the same way, Quickly and cached access to credentials. And on top of that, Save the credentials that your mobile phone asks for so that you never have to type them again. Bitwarden will remind us of them after scanning the fingerprint and will autocomplete them (For example, among many other options).

And the same if we use Chrome or Firefox browsers, we'll have an extension that will connect against Bitwarden and the same thing, will autofill the credentials of any website, or store them directly when creating accounts on multiple sites…

Total, What a cool thing, No? I imagine that many of you will know him, after several years of use it is the one that convinced me the most since it met the needs and also had that differential value as it was a SaaS model, Web Access, No customer, sure… Obviously we will not publish this on the Internet 🙂 but it is ideal to centralize all the passwords of any employee/user of our companies/homes.

And as always, Thank you for this type of project, I hope you found it interesting and nothing, Thank you and continue well please. Hugs to everyone!

Recommended Posts

VPN with Citrix NetScaler II - Requiring certificates to access
Read
Calendar management with Radicale
Read
Implementing Windows LAPS
Read
RustDesk and RustDesk Web Client
Read

Author

by Héctor Herrero 
nheobug@bujarra.com
Autor del blog Bujarra.com Cualquier necesidad que tengas, Do not hesitate to contact me, I will try to help you whenever I can, Sharing is living ;) . Enjoy documents!!!

A Podcast for IT - 22 Tips de Windows Server 2022

21 February de 2022

A Podcast for IT - TIG for Dinosaurs

7 of March of 2022