VaultWarden: Difference between revisions
Line 65: | Line 65: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
<p>Create folder and move bitwarden_rs:</p> | === bitwarden_rs === | ||
<p>Create folder for deployment and move the bitwarden_rs binary to the folder <syntaxhighlight lang="console" inline>/opt/bitwarden/ | |||
</syntaxhighlight>:</p> | |||
<syntaxhighlight lang="console" line> | <syntaxhighlight lang="console" line> | ||
mkdir /opt/bitwarden | mkdir /opt/bitwarden | ||
mkdir /opt/bitwarden/data | mkdir /opt/bitwarden/data | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Revision as of 21:31, 24 February 2021
IP: | 192.168.88.15 |
---|---|
MAC: | B6:04:55:14:93:89 |
Domain: | vault.flowerhouse.at |
OS: | Debian Buster |
---|---|
RAM: | 512MB |
Cores: | 1 |
Privileged: | No |
The BitWarden-LXC is reachable under 192.168.88.15
which is located in the ServerVLAN.
The subdomain is vault.flowerhouse.at which is handled by the ReverseProxy.
Building
The original BitWarden-Server is only available with docker, this an alternative software programmed with rust.
Install the required packages for building:
apt install git curl wget htop pkg-config openssl libssl-dev build-essential libmariadb-dev-compat libmariadb-dev
Rust
Download script and follow installer:
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
Create environment variable:
echo 'export PATH=~/.cargo/bin:$PATH' >> ~/.bashrc
export PATH=~/.cargo/bin:$PATH
After running following command:
which rustc
It should show the path:
/root/.cargo/bin/rustc
bitwarden_rs
To build bitwarden_rs at least 1GB RAM is needed for it to work.
Clone the bitwarden_rs repository and use cargo to build it:
cd /opt
git clone https://github.com/dani-garcia/bitwarden_rs && pushd bitwarden_rs
cargo clean && cargo build --features mysql --release
file target/release/bitwarden_rs
Now the build bitwarden_rs binary is located at:
cd /opt/bitwarden_rs/target/release/
Only bitwarden_rs is needed for deployment.
Deploying
Required packages for deployment:
apt install openssl libmariadb-dev
bitwarden_rs
Create folder for deployment and move the bitwarden_rs binary to the folder /opt/bitwarden/
:
mkdir /opt/bitwarden
mkdir /opt/bitwarden/data
Create .env file and paste template configuration:
nano /opt/bitwarden/.env
Install WebVault
It is not needed to build WebVault, you can use one of the prepatched branches
Move to the bitwarden_rs release folder and download WebVault:
wget https://github.com/dani-garcia/bw_web_builds/releases/download/v2.18.1d/bw_web_v2.18.1d.tar.gz
Unpack and delete:
tar -xvf bw_web_v2.18.1d.tar.gz
rm bw_web_v2.18.1d.tar.gz
systemd service
Create a service file for bitwarden_rs:
nano /etc/systemd/system/bitwarden.service
And paste following:
[Unit]
Description=Bitwarden Server (Rust Edition)
Documentation=https://github.com/dani-garcia/bitwarden_rs
# Only sqlite
After=network.target
[Service]
# The user/group bitwarden_rs is run under. the working directory (see below) should allow write and read access to this user/group
User=root
Group=root
# The location of the .env file for configuration
EnvironmentFile=/opt/bitwarden/.env
# The location of the compiled binary
ExecStart=/opt/bitwarden/bitwarden_rs
# Set reasonable connection and process limits
LimitNOFILE=1048576
# Isolate bitwarden_rs from the rest of the system
# PrivateTmp=true
# PrivateDevices=true
# ProtectHome=true
# ProtectSystem=strict
# Only allow writes to the following directory and set it to the working directory (user and password data are stored here)
WorkingDirectory=/opt/bitwarden/
ReadWriteDirectories=/opt/bitwarden/
# Allow bitwarden_rs to bind ports in the range of 0-1024
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
Start and check if service is running:
systemctl start bitwarden
systemctl status bitwarden
Enable service to start at boot:
systemctl enable bitwarden