Qnap [ VaultWarden ex: BitWarden_rs ] Password management solution for individuals, team

updated

Code: 
Added new icon blacklisting option, to block all non global IPs (ICON_BLACKLIST_NON_GLOBAL_IPS)
Added SQLite binary in the SQLite images, to enable backup option
Admin page scripts are loaded locally instead of using a CDN
Added CORS support
Added docker healthcheck
Added email 2FA
Updated web vault to 2.12.0
 
updated

Code: 
Improved error message when HIBP key is not set, include a link to the page.
Added check for both the previous and next timeslots in TOTP, which is more forgiving of time mismatches (1.5 minutes now vs 30 seconds before), can be disabled setting AUTHENTICATOR_DISABLE_TIME_DRIFT=true.
Made the domain icon blacklist be cached, improving performance.
Recovery codes are now generated when adding email and Duo 2FA.
Removed MySQL libraries from SQLite images.
Added configurable SMTP timeout, and reduced the default to 15 seconds.
Updated images to be able to be built with Podman.
Added option to allow signups from specific domains only (SIGNUPS_DOMAINS_WHITELIST=domain.com,example.org).
Updated web vault to fix twofactorauth.org integration.
Updated dependencies
 
updated

Code: 
Implemented email verification, to disable users until the email is verified you can use SIGNUPS_VERIFY=true, default is false. There are also options to change the options for verification mail resending, check the .env.template file.
Also implemented welcome email, change email confirmation and account deletion confirmation.
Modified icon parsing to accept favicons using DataURLs
Updated dependencies
 
I know this says no dependencies but I cannot get Bitwarden to work now for some reason. I'm getting a not found error.


Removal, reboot of the server and a fresh install of bitwarden does nothing as well.


Help
 
goodelyfe a dit:
I know this says no dependencies but I cannot get Bitwarden to work now for some reason. I'm getting a not found error.


Removal, reboot of the server and a fresh install of bitwarden does nothing as well.


Help
Cliquez pour agrandir...

Will be helpfull if you can give NAS model, firmware version ...

with some luck 1.13.1 will be released tomorrow
 
QoolBox a dit:
goodelyfe a dit:
I know this says no dependencies but I cannot get Bitwarden to work now for some reason. I'm getting a not found error.


Removal, reboot of the server and a fresh install of bitwarden does nothing as well.


Help
Cliquez pour agrandir...

Will be helpfull if you can give NAS model, firmware version ...

with some luck 1.13.1 will be released tomorrow
Cliquez pour agrandir...

thank you for response... wasn't sure where to find you. I got everything settled and figured out, however, not sure it will survive update as its editing the BitWarden.sh file

Here's my response copy and pasted from another qnap forum:

goodelyfe a dit:
https://forum.qnap.com/viewtopic.php?f=320&t=148526&p=739756#p739756
to change ports that Bitwarden listens on and to enable SSL, edit the BitWarden.sh (open command prompt>vi)

(i added it after apache line) add the line ROCKET_PORT= and enter your desired port number

to enable SSL, add the line ROCKET_TLS= the syntax is {certs="/path/to/certs", key="/path/to/key"}

***Make sure you EXPORT the function as well... if you look a few lines under, you will see the syntax

I'm not sure if this will survive an upgrade, but this is how I was able to enable SSL, change listening port and get my instance working again.

Hope this helps
Cliquez pour agrandir...
 
yes all this information are provided withing the Wiki

https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-HTTPS

you can also set a Caddy file proxypass ;)
 
what about the overwriting the BitWarden.sh file? Changes in 'config' won't stick with updates. Just updated and same thing?
 
you will have to renew your change, at any update

not sure if i can include the line by default... some certs are autosigned, exotic SSL, Letsencrypt .... and not sure where i can found them into NAS system environment path
 
thanks for being awesome as always!!! :plusun: :plusun:

renewing changes every update won't an issue, just wondered about it. Thanks again
 
Thanks Qoolbox for your hard work.
Just to let you know :
I have installed Bitwarden and everything seems to work well.
But for unknow reason I can't send (the mail doesn't reache the recipient )mail to the ones i invited although the mail seems to be send (i have no errror message) . is it a bug or a known issue?
Thank for answering
Best regards
 
i dont really know which is the mail engine used to proceed mail sent...( I mean sendmail embedded in NAS or your own smtp and smtp setting within Bitwarden)

think something to check with creator inside the github issue process
 
Salut,
Je souhaiterai modifier l'adresse http vers laquelle pointe l'icône de bitwarden, car l’icône d’origine pointe sur http://<monadresse>:8000, mais suite à la modification du fichier .sh pour se connecter en httpS://<monadresse> :8000 ce ne fonctionne plus. Des idées? Catr je suis plutôt novice... ;)
Merci d'avance
 
Salut Qoolbox

Un grand merci pour ton package.

J'ai essayé de passé en HTTPS mais ca ne fonctionne pas avec Caddy. Pour d'autres utilitaires tel que Radarr c'est OK mais pour Bitwarden je me tape une erreur :
404: Not Found
The requested resource could not be found.
Rocket

Ci-dessous ma config caddy :

(sslconf) {
tls /mnt/HDA_ROOT/.config/QcloudSSLCertificate/cert/cert /mnt/HDA_ROOT/.config/QcloudSSLCertificate/cert/key {
ciphers ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-AES256-CBC-SHA ECDHE-RSA-AES128-CBC-SHA ECDHE-ECDSA-AES256-CBC-SHA ECDHE-ECDSA-AES128-CBC-SHA
curves X25519 p256 p384 p521
protocols tls1.2
}
}

(gzipconf) {
gzip {
level 5
min_length 1
}
}

(addheader) {
header / {
Strict-Transport-Security "max-age=31536000;"
X-Frame-Options "DENY"
X-Content-Type-Options "nosniff"
x-xss-protection "1; mode=block"
Referrer-Policy "strict-origin-when-cross-origin"
-Server
}
}

https://XXXX.myqnapcloud.com:pORT{
import sslconf
import gzipconf
import addheader
proxy /radarr http://IP:pORT{
keepalive 32
transparent
}
proxy /bitwarden http://IP:8000 {
keepalive 32
transparent
}
}
 
Logiquement ca devrait fonctionner :-|

https://github.com/dani-garcia/bitwarden_rs/wiki/Proxy-examples

sinon tu peux égalment testser

https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-HTTPS

essaye d'ajouter cette ligne en l'adaptant

ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"}

dans /opt/Bitwarden/Bitwarden.sh

la ou il y a les export... in disque bien le chemin des tes certificats
 
En fait je suis tombé sur ce thread ou à priori Bitwaren ne peut pas fonctionner via un subpath sur Caddy : https://github.com/dani-garcia/bitwarden_rs/issues/767

J'ai testé la methode avec l'ajout dans le .sh sans succès.

Qui plus est, dans les exemples sur Caddy, on voit qu'il déclare 3 ports alors que là on à que le 8000 dans ton package :

Code: 
 # The negotiation endpoint is also proxied to Rocket
  proxy /notifications/hub/negotiate <SERVER>:80 {
    transparent
  }

  # Notifications redirected to the websockets server
  proxy /notifications/hub <SERVER>:3012 {
    websocket
  }

  # Proxy the Root directory to Rocket
  proxy / <SERVER>:80 {
    transparent
  }

Tu as déjà réussi à faire tourner ton package en HTTPS ? Parce que la je sèche
 
Oui j'ai vu mais tu modifies le core du programme. Du coup à chaque update il faut refaire et pas sûr que ça ne saute pas par la suite.
Je vais plutôt attendre que l'éditeur offre la possibilité ça sera plus simple.
On va se contenter du HTTP. De toute façon avec un bon mot de passe maître + 2FA on est assez tranquille :)

En tout cas merci du temps que tu as pris pour essayer de trouver une solution.
 
Vous devez vous connecter ou vous enregistrer pour répondre ici.
Haut Bas
Retour