Install bitwarden-rs on uberspace

Bitwarden is a great open source password manager. Your vault is encrypted with your master key, so even if someone hacks into the Bitwarden Servers (which are hosted on Microsoft Azure), they will only get some unreadable gibberish. If your master password is strong, you should be save.

If you are paranoid about the server security and want to be in full control, or want the premium features for free because you have a webspace anyway, you can self-host Bitwarden.

Bitwarden provides docker containers, but they are big and difficult to install. Uberspace is a web hoster for command line enthusiasts, and while it supports nearly everything, docker isn't.

In this tutorial, we will use a Rust implementation of the bitwarden api. You can check the project out on GitHub: https://github.com/dani-garcia/bitwarden_rs

Prerequisites

  • Uberspace 7
  • Basic understanding of the command line (the command begins after the $ sign)
  • A subdomain configured correctly (see here), e.g. vault.yourdomain.com

Installing Rust

To compile the project, we need to install the rust toolchain.

install via rustup:
~$ curl https://sh.rustup.rs -sSf | sh

press 2 to customize the installation. You can press enter for the host triple to use the default one. When asked for the toolchain, type nightly, as this is required for bitwarden-rs. Add rust to the PATH by pressing y.

Then, proceed with the installation.

To finish the setup, logout and login again or run ~$ source $HOME/.cargo/env.

Install Bitwarden-rs

clone the project:
~$ git clone https://github.com/dani-garcia/bitwarden_rs.git

to build bitwarden-rs, you'll need to set an environment variable pointing to the sqlite3 header files:
~$ export SQLITE3_LIB_DIR=/var/lib64

cd into the project:
~$ cd bitwarden_rs

build the server executable:
~/bitwarden_rs $ cargo build --release

if that doesn't work the first time, just try again.

download the newest build from here: https://github.com/dani-garcia/bw_web_builds/releases

~/bitwarden_rs $ mkdir web-vault && cd web-vault
~/bitwarden_rs/web-vault $ wget https://github.com/dani-garcia/bw_web_builds/releases/download/v2.8.0b/bw_web_v2.8.0b.tar.gz
~/bitwarden_rs/web-vault $ tar -xvzf bw_web_v2.8.0b.tar.gz

After that, go back to the project folder:
~/bitwarden_rs/web-vault $ cd ..

We need to add a .env-file. We first have to find a free port, I will use 62000. To check if a port is free, use ~$ netstat -an | grep 62000. If it returns nothing, the port is free. Otherwise, choose another one. Look for ports that aren't reserved, I usually only use ports above 60000 (and under 65535).

~/bitwarden_rs $ nano .env

alter these values:

ADMIN_TOKEN=CHuPAsoYgykByUpqVrjRYG/MeYO+jdnmZskgTsBa9kj2MnP7QrQ0GelJ7Lqixph8 # generate one with ~$ openssl rand -base64 48
ROCKET_PORT=62000 # your port here

SMTP_HOST=yourhost.uberspace.de
SMTP_FROM=noreply@vault.yourdomain.com
SMTP_PORT=587
SMTP_SSL=true
SMTP_USERNAME=vault@yourdomain.com
SMTP_PASSWORD=yourpassword

Press CTRL+O to save, and CTRL+X to exit.
You can edit other options, look into .env.template to see a list of available options.

Before we try it out, we have to add a .htaccess-file to proxy everything from a domain to the port we are using.

First, set up Additional Document Roots:

/var/www/virtual/<username>/html/.htaccess

RewriteBase /

Then, add a folder with your subdomain: mkdir vault.yourdomain.com

/var/www/virtual/<username>/vault.yourdomain.com/.htaccess

RewriteEngine On
RewriteRule (.*) http://localhost:62000/$1 [P]

Now it's time to test if everything works:
~/bitwarden_rs $ target/release/bitwarden_rs

If there is no error, you are good to go. You should be able to access your vault on vault.yourdomain.com.

Auto start and run in background

We will use supervisord to run the server and automatically restart it on crash.

Create a new file for your service: ~$ touch ~/etc/services.d/bitwarden_rs.ini with the following content:

[program:bitwarden_rs]
directory=/home/YOURUSERNAME/bitwarden_rs
command=/home/YOURUSERNAME/bitwarden_rs/target/release/bitwarden_rs
autostart=yes
autorestart=yes

Add the service to supervisor:

~$ supervisorctl reread
~$ supervisorctl update
~$ supervisorctl start bitwarden_rs

Now the server should be running again.

Updating

Updating bitwarden is really easy. Just stop the server, pull everything and download the new web vault, build the executable and start the server again:

~/bitwarden_rs $ supervisorctl stop bitwarden_rs
~/bitwarden_rs $ git pull
~/bitwarden_rs $ mv web-vault web-vault.old && mkdir web-vault && cd web-vault
~/bitwarden_rs/web-vault $ wget new-release.tar.gz
~/bitwarden_rs/web-vault $ tar -xvzf new-release.tar.gz
~/bitwarden_rs/web-vault $ cd ..
~/bitwarden_rs $ cargo build --release
~/bitwarden_rs $ supervisorctl start bitwarden_rs
Show Comments