30-04-2021

Docker Bitwarden



In this blog post I’ll be covering how to install a self hosted Bitwarden server as a password management solution using Docker on a Raspberry Pi. We will get two containers running (Bitwarden server) and (Nginx reverse proxy). I’ll also go into hardening the Bitwarden configuration and applying 2FA for log-ins.

What is Bitwarden?

Install Bitwarden on Ubuntu 20.04 1. Keep the server up to date # apt update -y # apt upgrade -y. Install Docker CE. Bitwarden will be deployed and run on your machine using an array of Docker containers. Bitwarden can be run with any Docker Edition or plan. Evaluate which edition is best for your installation. Bitwarden is a free and open-source password manager that can be used to store passwords for any device and browser. Bitwarden helps you to not only create and manage your passwords but also sync them across all devices. Docker supports Docker Desktop on Windows for those versions of Windows 10 that are still within Microsoft’s servicing timeline. What’s included in the installer The Docker Desktop installation includes Docker Engine, Docker CLI client, Docker Compose, Notary, Kubernetes, and Credential Helper. Bitwarden is a free and open-source password management service that stores sensitive information such as website credentials in an encrypted vault. The Bitwarden platform offers a variety of client applications including a web interface, desktop applications, browser extensions, mobile apps, and a CLI. Bitwarden Open Source Password Manager. Bitwarden will be deployed and run on your machine using an array of Docker containers. Bitwarden can be run with any Docker Edition or plan. Evaluate which edition is best for your installation. Deployment of containers is orchestrated using Docker Compose.

Bitwarden is an open-source password management solution. It supports almost all major systems. The version we’re going to be using is the unofficial one created by Daniel Garcia, Github page: https://github.com/dani-garcia/bitwarden_rs. This version of Bitwarden is unofficial but it’s really well made, and just works.

  • Raspberry Pi (I’m using a model 3 B+)
  • Docker software
  • Bitwarden_rs (unofficial version)
  • Domain name for TLS certificate

Optional

  • Zymkey 4i is a Hardware Security Module for RPi.

To start off with you’ll want to download and install the latest version of Raspbian on your Pi. I personally recommend Raspbian Buster Lite (now called Raspberry Pi OS Lite), since it will be running 24/7 as a server, you don’t really need a desktop environment nor the default office suite packages that are included. Make sure that the device is connected to the internet and contains the latest packages, I also like to enable SSH during the initial installation process and harden the sshd_config configuration file.

I will cover how to install Zymbit zymkey 4i IoT security module in a future post.

Docker

We are going to be running BitWarden as a Docker container. Docker makes it an easy and simple to manage containers, which we can easily upgrade in the future. The image we are going to be use is available on https://hub.docker.com/r/bitwardenrs/server.

Install Bitwarden On Docker

Download and install Docker software with following on the Pi:

Give the user permission to run Docker (pi is the default user):

Make sure Docker start on every system boot:

Restart your Raspberry Pi

Once restarted, your Raspberry Pi should be ready to move onto with the configuration.

Bitwarden Docker Hub

Now that we have all the necessary applications installed we can continue with the configuration. We will first set up a Bitwarden container, as well as the Nginx reverse proxy container. Later on we’ll configure a Dockerfile to start all containers at once, I will be using a custom docker-compose file, found here.

A quick overview of what we’re going to do:

  • Pull the latest bitwarden_rs image from Docker hub
  • First Start-up
    • create a new account
    • enable two-factor authentication
  • Stop the container
    • disable new registrations
    • disable admin panel
    • enable HTTPS support
  • Start the container with the new options + nginx

Pulling image from Docker Hub

The Docker image we’re going to use is by https://hub.docker.com/r/bitwardenrs/server. You can find the source code on https://github.com/dani-garcia/bitwarden_rs. You also no longer need to use the tag bitwardenrs/server:raspberry for Raspberry Pi systems.

To pull the image with Docker:

First Time Start-up

After downloading the docker image you would want to choose a folder to mount a volume on the host system for persistent storage. The directory that I have chosen is located /bw-data. This is where all of our encrypted passwords will be stored, along with other web files.

To run the container for the first time:

Your Bitwarden web server will be accessible at: http://IP-ADDRESS>:60888. You can change the external port number by modifying the previous command (-p). Go ahead and register an account and log-in. To enable 2FA follow the steps below.

Go to Settings:

Select Two-step login and the type of 2FA you want to use. For example Authenticator app:

Then enter your code. You can now stop the container and move on to the next stage. Locking down your Bitwarden server and including a Nginx reverse proxy server.

Hardening Process

Docker Bitwarden

In the next step we’ll be going through the process of hardening our server for actual use. We’ll be covering how to set up a Nginx reverse proxy and also install a certificate.

To keep things organised I’ve created a folder called bitwarden which stores all configuration files and folders, the structure looks like this:

Dockerfile

This Dockerfile was created to ease the installation process. It contains two containers with some configuration options. You will have to change these to suite your own environment. The environment variables for the Bitwarden container are for my own personal preference.

nginx.conf

The nginx.conf file I use for the reverse proxy for Bitwarden. Within each server configuration update listen 60888 and server_name bitwarden.example.com; to suit your own preference. You can leave the rest as it is.

ssl.conf

This file will be included by the previous nginx.conf. You need to replace the options ssl_certificate, ssl_certificate_key, and ssl_trusted_certificate to suit your own domain name.

dhparams.pem

To generate a 4096-bit Diffie-Hellman parameter with openssl, type:

Certificates

DO NOT USE THE DEFAULT HTTP PORT FOR YOUR PASSWORD MANAGEMENT!

To use the official Bitwarden app on say an iPhone with your self-hosted environment you need to use a valid TLS certificate. If you don’t the OS will throw an error and refuse the connection since the certificate isn’t valid. A workaround may be to add your self-signed certificate (not tested) to the trusted list on each device. A better approach would be to generate a valid TLS certificate.

For Let’s Encrypt there are two main methods of verification (excluding TLS-ALPN-01): HTTP-01 and DNS-01. If you’re like me with an ISP that uses a heavily NATed network then you can’t really use the first option. So I’ll be using second option which requires a domain name.

Bitwarden

Download and install certbot with:

Bitwarden Docker Image

Run certbot with DNS as the preferred challenge:

I’d recommend you to obtain a wildcard certificate instead of a single subdomain certificate. This way you don’t need to reveal your Bitwarden server to the world, since there’s a public record of every Let’s Encrypt registered certificate.

Starting and Stopping

We will be using docker-compose along with the docker-compose.yml file to start and stop containers.

To start your set-up, type (-d makes it run in the background):

To stop the containers, type:

Thanks

Bitwarden for creating an awesome password management solution.

Dani Carcia for creating a port of Bitwarden.

Let’s Encrypt for free certificates for everyone.

Estimated reading time: 6 minutes

Welcome to Docker Desktop for Windows. This page contains information about Docker Desktop for Windows system requirements, download URL, installation instructions, and automatic updates.

By downloading Docker Desktop, you agree to the terms of the Docker Software End User License Agreement and the Docker Data Processing Agreement.

System requirements

Your Windows machine must meet the following requirements to successfully install Docker Desktop.

WSL 2 backend

  • Windows 10 64-bit: Home, Pro, Enterprise, or Education, version 1903 (Build 18362 or higher).
  • Enable the WSL 2 feature on Windows. For detailed instructions, refer to the Microsoft documentation.

  • The following hardware prerequisites are required to successfully runWSL 2 on Windows 10:

    • 64-bit processor with Second Level Address Translation (SLAT)
    • 4GB system RAM
    • BIOS-level hardware virtualization support must be enabled in theBIOS settings. For more information, seeVirtualization.
  • Download and install the Linux kernel update package.

Hyper-V backend and Windows containers

  • Windows 10 64-bit: Pro, Enterprise, or Education (Build 17134 or higher).

    For Windows 10 Home, see System requirements for WSL 2 backend.

  • Hyper-V and Containers Windows features must be enabled.

  • The following hardware prerequisites are required to successfully run ClientHyper-V on Windows 10:

    • 64 bit processor with Second Level Address Translation (SLAT)
    • 4GB system RAM
    • BIOS-level hardware virtualization support must be enabled in theBIOS settings. For more information, seeVirtualization.

Note

Docker supports Docker Desktop on Windows for those versions of Windows 10 that are still within Microsoft’s servicing timeline.

What’s included in the installer

The Docker Desktop installation includes Docker Engine,Docker CLI client, Docker Compose,Notary,Kubernetes,and Credential Helper.

Containers and images created with Docker Desktop are shared between alluser accounts on machines where it is installed. This is because all Windowsaccounts use the same VM to build and run containers. Note that it is not possible to share containers and images between user accounts when using the Docker Desktop WSL 2 backend.

Nested virtualization scenarios, such as running Docker Desktop on aVMWare or Parallels instance might work, but there are no guarantees. Formore information, see Running Docker Desktop in nested virtualization scenarios.

About Windows containers

Looking for information on using Windows containers?

  • Switch between Windows and Linux containersdescribes how you can toggle between Linux and Windows containers in Docker Desktop and points you to the tutorial mentioned above.
  • Getting Started with Windows Containers (Lab)provides a tutorial on how to set up and run Windows containers on Windows 10, Windows Server 2016 and Windows Server 2019. It shows you how to use a MusicStore applicationwith Windows containers.
  • Docker Container Platform for Windows articles and blogposts on the Docker website.

Install Docker Desktop on Windows

  1. Double-click Docker Desktop Installer.exe to run the installer.

    If you haven’t already downloaded the installer (Docker Desktop Installer.exe), you can get it from Docker Hub. It typically downloads to your Downloads folder, or you can run it from the recent downloads bar at the bottom of your web browser.

  2. When prompted, ensure the Enable Hyper-V Windows Features or the Install required Windows components for WSL 2 option is selected on the Configuration page.

  3. Follow the instructions on the installation wizard to authorize the installer and proceed with the install.

  4. When the installation is successful, click Close to complete the installation process.

  5. If your admin account is different to your user account, you must add the user to the docker-users group. Run Computer Management as an administrator and navigate to Local Users and Groups > Groups > docker-users. Right-click to add the user to the group.Log out and log back in for the changes to take effect.

Start Docker Desktop

Docker Desktop does not start automatically after installation. To start Docker Desktop, search for Docker, and select Docker Desktop in the search results.

When the whale icon in the status bar stays steady, Docker Desktop is up-and-running, and is accessible from any terminal window.

If the whale icon is hidden in the Notifications area, click the up arrow on thetaskbar to show it. To learn more, see Docker Settings.

When the initialization is complete, Docker Desktop launches the onboarding tutorial. The tutorial includes a simple exercise to build an example Docker image, run it as a container, push and save the image to Docker Hub.

Congratulations! You are now successfully running Docker Desktop on Windows.

If you would like to rerun the tutorial, go to the Docker Desktop menu and select Learn.

Automatic updates

Starting with Docker Desktop 3.0.0, updates to Docker Desktop will be available automatically as delta updates from the previous version.

Bitwarden Docker Hub

When an update is available, Docker Desktop displays an icon to indicate the availability of a newer version. Whenever convenient, you can start the download of the update in the background.

When the download finishes, all you need to do is to click Update and restart from the Docker menu. This installs the latest update and restarts Docker Desktop for the changes to take effect.

Uninstall Docker Desktop

To uninstall Docker Desktop from your Windows machine:

  1. From the Windows Start menu, select Settings > Apps > Apps & features.
  2. Select Docker Desktop from the Apps & features list and then select Uninstall.
  3. Click Uninstall to confirm your selection.

Important

Uninstalling Docker Desktop destroys Docker containers, images, volumes, andother Docker related data local to the machine, and removes the files generatedby the application. Refer to the back up and restore datasection to learn how to preserve important data before uninstalling.

Where to go next

  • Getting started introduces Docker Desktop for Windows.
  • Get started with Docker is a tutorial that teaches you how todeploy a multi-service stack.
  • Troubleshooting describes common problems, workarounds, andhow to get support.
  • FAQs provide answers to frequently asked questions.
  • Release notes lists component updates, new features, and improvements associated with Docker Desktop releases.
  • Back up and restore data provides instructions on backing up and restoring data related to Docker.
windows, install, download, run, docker, local