Jack Moore

Email: jack(at)jmoore53.com
Project Updates

Configuring bitwarden_rs

07 Oct 2019 » production, devops, tools

Bitwarden_rs

The Rust version of Bitwarden is the bomb. Its all that I need for an individual user. It’s much easier to maintain and use as compared to the Official Bitwarden docker support.

The differences application side are slim to none. Bitwarden_rs doesn’t support a few of the features, but the core functionality is still the same. The main difference is on the server side/ taking a look from the backend. Compare 1 docker container from one image to 8 different containers from 8 different images. The official bitwarden docker files are basically for running an entire stack.

I really didn’t see a need to run an application that could support a team of people so I decided to use a “more secure” version of bitwarden_rs.

Harden the Image?

I say this, but I don’t think its the correct terminology. The server is still exposed to the internet. The site is publicly available… It’s still out there.. All I did was disable external logins after creating my own user account…

docker run -d --name bitwarden \
  -e SIGNUPS_ALLOWED=false \
  -v /bw-data/:/data/ \
  -p 80:80 \
  bitwardenrs/server:latest

This is where I started to run into issues though.. After starting this container I was unable to create the initial user because I disallowed signups. Whoops.. This was an issue.. I didn’t have access to the service I needed.

I thought long and hard and after many google searches I got stuck..

Bitwarden_rs Matrix Room

I didn’t know where to start or get support for this so I decided to turn to the forums, the wiki and finally the Matrix Chat room.

Hello everyone - I just got this installed and first wanted to thank the developers for this, but I had a question about my new instance: if i have disabled signups how do i create the first user?

This was my initial post.. I didn’t know how big the community was or the support provided. I assumed I would hear back eventually, but didn’t know if it would be the feedback I was looking for..

I kept browsing the wiki and thinking about how I could solve my current problem.. And then I stumbled upon it. I realized when trying to create a separate container the original bitwarden container used the -v /bw-data/:/data/ flag meaning the data was persistent across containers.

This meant for me I could start up an image allowing signups on one container (container1), sign up and get everything configured for myself, spin down and then delete only the container (container1), and then spin up a new container (container2) mapping the volume to the original container. This meant my data was persistent across containers, but the current container “runtime” wouldn’t allow new users to sign up.. I thought I was pretty clever when I came up with this one.

After coming to this conslusion I posted back into the chatroom to let everyone know I solved my own problem:

Alright - so initially when deploying i disabled user signups. I deleted my original container, I disabled this setting in the docker run script, signed up, deleted the container that allowed signups, and then docker ran with the -e SIGNUPS_ALLOWED=false flag

Conclusion

Yes - I run this container publicly facing the internet. Yes - I need to reverse proxy this.

© Jack Moore