Skip to content

Instantly share code, notes, and snippets.

@adamlwgriffiths

adamlwgriffiths/bitwarden_rs.md

Last active August 3, 2021 07:39
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save adamlwgriffiths/11399d31905da38048beddfd0246c6fa to your computer and use it in GitHub Desktop.
Save adamlwgriffiths/11399d31905da38048beddfd0246c6fa to your computer and use it in GitHub Desktop.
Download ZIP
Setup Bitwarden_rs on Synology DiskStation NAS
Raw
bitwarden_rs.md

Synology Bitwarden_rs Setup

Bitwarden_rs is an API compatible Rust re-write of the Bitwarden server. It is uses less resources than the standard Bitwarden server and is ideal for the Synology NAS.

Please note, without HTTPS, you will not be able to access Bitwarden using Google Chrome. See here: dani-garcia/vaultwarden#958

Install Docker

Package Centre > Docker > Install

Layout Ports

To avoid having to setup SSL certificates and renew them, we just use the Synology reverse proxy. This complicates the ports.

Ie. External HTTPS reverse proxies to -> External Docker HTTP -> Internal Docker HTTP. We use the same Internal ports and the External reverse proxy ports.

Ports used:

  • HTTPS
  • HTTP
  • WSS (WebSocket)
  • WS

Note: currently websockets are not working.

Create Folders

/docker/bitwarden/bitwarden

Install Server

Apps > Docker > Registry > Search > bitwardenrs/server

  Volume
      docker/bitwarden/bitwarden -> /data
  Port Settings
      <HTTP> -> <HTTPS> TCP
      <WS> -> <WSS> TCP
  Environment:
      ROCKET_PORT = <HTTPS>
      WEBSOCKET_PORT = <WSS>
      ROCKET_WORKERS = 5

Create HTTPS Reverse proxy

Control Panel -> Application Portal -> Reverse Proxy -> Create

Bitwarden HTTPS

    Source
        Protocol HTTPS
        Hostname *
        Port <HTTPS>
        Enable HSTS
        Enable HTTP/2
    Destination
        Protocol HTTP
        Hostname localhost
        Port <HTTP>

Bitwarden WebSocket HTTPS

    Source
        Protocol HTTPS
        Hostname *
        Port <WSS>
        Enable HSTS
        Enable HTTP/2
    Destination
        Protocol HTTP
        Hostname localhost
        Port <WS>

Install Bitwarden browser plugin

  • Settings
    • API URL = https://<ip address>:<HTTPS>

TODO

@sosandroid
Copy link

Hi,

I provided a solution there: https://github.com/sosandroid/docker-bitwarden_rs-caddy-synology

Can you tell me what you think about it ?

@adamlwgriffiths
Copy link
Author

Interesting! I'm glad you found a solution for it.
I haven't really needed the websocket functionality as I used the browser plugin.
I'm not planning on changing my setup at the moment as I may be migrating my containers to a different machine.

I noticed you've got 8080 -> 443, and also 80 -> 80.
But the README says port 80 is restricted, so how does that work?

@sosandroid
Copy link

Hi,

My setup is the following

443 > DSM reverse proxy > 8080 Caddy server > 80 Bitwarden_rs inside Docker's network

This way, the reverse proxy is managing the Let's Encryot cert, Caddy server behaves as proxy for WS and http requests and Bitwarden does the job. As writing it down, quite complex but it works.

The restricted 80 port is on DSM side.

@adamlwgriffiths
Copy link
Author

Note: bitwarden_rs was renamed to vaultwaden.

To rename a docker image in synology, use these steps:

The image path and tag are storing in settings

  1. In the Docker app, Export the current container settings. it will create a .json file

  2. Edit the JSON, find the image setting and change the tag. save changes.

  3. In the Docker app, Stop and delete the current container.

  4. In the Docker app, Click on 'import" and select the modified settings file.

  5. Launch the new container.

It will be using the tag you selected with all of the settings of the previous container.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment