Running Bitwarden Locally with a Reverse Proxy and Your Own Domain Name

jollster101 on 20/03/2020 - 22:36

Hi all

Looking for some advice if possible. I have been using Bitwarden for a while and am more than happy with it. I have been looking at using the functionality to self host on my Xpenology NAS and following info from various locations I have now got a Docker container running which is now accessible locally.

What I am trying to do now is work out how to access remotely using a Reverse Proxy. The bit I am struggling with is how to generate a certificate that allows for the secure connection into my network. I have a domain name that I own that I purely use for email hosting using GApps which has been in place for a few years.

I have a no-ip.org hostname that I have used for some time that allows me to use the same hostname to access against the dynamic IP address from my ISP.

Can anybody assist with how I can use my domain name that I own to be able to generate a free SSL cert that I can then associate with no-ip?

Or is there a different options to achieve remote access via Reverse Proxy?

Cheers

Computing

Comments

  • fishball on 20/03/2020 - 23:15
    +1

    Get a letsencrypt thing going (it's free) and then use something like nginx or traefik to do the automatic cert stuff and forwarding/reverse proxying.

    If you're doing it in docker then you need to establish both traefik (or nginx) to be on the same network as Bitwarden.

    I've never used Bitwarden myself and I use docker-compose so I probably have no idea how to help you directly.

    You'll get better answers on whirlpool or even the actual docker forums than here lol.

  • chasis on 21/03/2020 - 00:06

    As fishball said an ACME based certificate will be easiest. Lets Encrypt renews every 3months (from memory) so try installing certbot https://certbot.eff.org/ to automate the renewal. Alternatively you could generate private certificate and trust it on each client if you connect from only a small number of devices.

    • jollster101 on 21/03/2020 - 07:34

      Is there a decent tutorial somewhere that explains about generating a private cert? Bit of a novice at this as you can probably tell. 😀

      And is there a major difference security wise with creating a private cert? I presume it's generally easier to do and less hassle work renewing?

      • Purec on 21/03/2020 - 08:14
        +2

        I do my own certificate for my own bitwarden.

        What I did was I created my own private CA certificate that I install on devices that will connect to the bitwarden server and with that private CA I signed my own certificate for nginx to use to reverse proxy bitwarden.

        When you install your own CA, your devices will trust certificates signed by that CA. As you'd probably know, bitwarden clients need to connect to a valid certificate server if its using a secure protocol otherwise it would not work.

        Security wise, the private CA key needs to have a secure password to it and preferably be on a offline machine since with that private CA key, any certificates issued by that CA will be trusted on the devices you install it to.

        Here's a tutorial I used to help me through the generating the certificates needed:
        https://github.com/dani-garcia/bitwarden_rs/wiki/Private-CA-and-self-signed-certs-that-work-with-Chrome

Login or Join to leave a comment
Login Join