1 Introduction
Note: The Bitwarden mentioned in this article is BitWarden_RS, which has been renamed Vaultwarden. For the reason, please refer to: https://github.com/dani-garcia/vaultwarden/discussions/1642
Bitwarden is a free and open-source password management service that allows users to store sensitive information (such as website login credentials) in an encrypted vault.
Bitwarden platform provides a variety of client applications, including web user interface, desktop application, browser extension, mobile application and command line interface.
Bitwarden provides cloud hosting services and supports self-deployment solutions.
- Wikipedia
All safety science popularization and lectures are telling us:
- Don't use the same password on all sites
- Do not use birthdays, names, phone numbers and other elements that can be easily guessed as passwords
However, there are not one hundred, but eighty websites that we use in our lives. It is obviously unrealistic to set up different passwords and remember them all. Therefore, we can use password manager software.
Well-known password managers include: 1Password, OneSafe, LastPass, and most browsers (Chrome, edge, FireFox) also have their own password saving function, but some of these tools need to be charged, and the passwords are stored on the servers they provide.
Quote from a netizen: No matter how well the security of the software is advertised, it doesn’t matter if the password is managed by someone else.
Therefore, we chose to build our own password manager using Bitwarden.
Bitwarden has the following advantages:
- Bitwarden is a free and open source password management tool
- Bitwarden has clients for Windows, Linux, Mac, iPhone, Android, Chrome and other mainstream browsers
- Bitwarden allows the use of self-built servers and provides detailed deployment tutorials
2. Deployment
implement:
(new version)
Comment first then view it after your comment is approved. Join QQ Group to display all hidden texts.
(old version)
1 | docker run -d \
--rm \
--name bitwarden\
-p 8080:80 \
-p 3012:3012 \
-e SIGNUPS_ALLOWED=true \
-e WEB_VAULT_ENABLED=true \
-e DOMAIN=https://mydomain.cn \
-v ~/bitwarden:/data\
bitwardenrs/server:latest |
The meanings of the parameters of the above command are as follows:
- -d run in the background
- --rm After the container stops running, automatically delete the container file
- --name bitwarden The name of the container is bitwarden
- -p 8080:80 port 80 of the container is mapped to 8080, configured in Nginx
- -p 3012:3012 port 3012 of the container is mapped to 3012
- -e SIGNUPS_ALLOWED=true Set the environment variable SIGNUPS_ALLOWED=true to allow users to register
- -e WBE_VAULT_ENABLE=true Set environment variable WBE_VAULT_ENABLE=true
- -e DOMAIN=https://mydomain.cn Set the domain name, which needs to be replaced with the domain name you applied for
- -v /data/bitwarden:/data The /data/ directory of the container is mapped to the /data/bitwarden directory of the host
3. Configuration
Follow the old way, add a reverse proxy.
Note: You need to modify the reverse proxy configuration file as follows!
1 | #Configure the reverse proxy, request the proxy to send to port 8080
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
root /usr/share/nginx/html;
index index.html index.htm;
}
location /notifications/hub {
proxy_pass http://127.0.0.1:3012;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /notifications/hub/negotiate {
proxy_pass http://127.0.0.1:8080;
}
} |
Because some of Bitwarden's services use WebSocket, it needs to be configured separately.
4. Use
You can visit the homepage of Bitwarden by visiting our domain name. Next, let’s introduce how to use Bitwarden to manage the passwords on our various platforms and terminals.
4.1. Registration
Visit the anti-generation website:
Sign up for an account with your own email address.
After clicking Submit, the registration is successful. Then you will return to the login page, enter your email address, and master password to log in. The figure below shows an empty password vault after registering an account.
4.2. Prohibit others from registering
Since this bitwarden server is for personal use, after registering the account, we need to close the registration function to prevent others from registering.
implement:
1 | # Stop the bitwarden container first docker stop bitwarden # Setting environment variables does not allow registered users -e SIGNUPS_ALLOWED=false, then start the bitwarden container docker run -d \ --rm \ --name bitwarden\ -p 8080:80 \ -p 3012:3012 \ -e SIGNUPS_ALLOWED=false \ -e WEB_VAULT_ENABLED=true \ -e DOMAIN=https://mydomain\ -v ~/bitwarden:/data\ bitwardenrs/server:latest |
At this time, when registering an account again, an error such as Registration not allowed or user already exists. will be prompted.
4.3, each client configuration
Bitwarden basically supports all clients:
Chrome
Download the browser plug-in:
Set the address of our self-built bitwarden server URL.
Next, let's experience the function of bitwarden to automatically save passwords. In the chrome browser, we log in to Guoke.com, and bitwarden will automatically detect the user name and password that need to be saved. Click "Yes, save now" and that's it.
Visit the website again, and the password username and password will be automatically filled.
iOS
Search bitwarden on the AppStore to download Bitwarden Password Manager.
Open the APP, click the setting icon, and set the domain name of the bitwarden server we built.
Click "Login" to log in to the server we built with the registered bitwarden account.
Docker Website (6) Vaultwarden
Comments