Install bitwarden-rs on uberspace
Bitwarden is a great open source password manager. Your vault is encrypted with your master key, so even if someone hacks into the Bitwarden Servers (which are hosted on Microsoft Azure), they will only get some unreadable gibberish. If your master password is strong, you should be save.
If you are paranoid about the server security and want to be in full control, or want the premium features for free because you have a webspace anyway, you can self-host Bitwarden.
Bitwarden provides docker containers, but they are big and difficult to install. Uberspace is a web hoster for command line enthusiasts, and while it supports nearly everything, docker isn't.
In this tutorial, we will use a Rust implementation of the bitwarden api. You can check the project out on GitHub: https://github.com/dani-garcia/bitwarden_rs
Prerequisites
- Uberspace 7
- Basic understanding of the command line (the command begins after the $ sign)
- A subdomain configured correctly (see here), e.g. vault.yourdomain.com
Installing Rust
To compile the project, we need to install the rust toolchain.
install via rustup:
~$ curl https://sh.rustup.rs -sSf | sh
press 2 to customize the installation. You can press enter for the host triple to use the default one. When asked for the toolchain, type nightly, as this is required for bitwarden-rs. Add rust to the PATH by pressing y.
Then, proceed with the installation.
To finish the setup, logout and login again or run ~$ source $HOME/.cargo/env.
Install Bitwarden-rs
clone the project:
~$ git clone https://github.com/dani-garcia/bitwarden_rs.git
to build bitwarden-rs, you'll need to set an environment variable pointing to the sqlite3 header files:
~$ export SQLITE3_LIB_DIR=/var/lib64
cd into the project:
~$ cd bitwarden_rs
build the server executable:
~/bitwarden_rs $ cargo build --release --features sqlite
if that doesn't work the first time, just try again.
now, we will have to download the newest build (check this page for the newest build number and replace it in the following snippet: https://github.com/dani-garcia/bw_web_builds/releases):
After that, go back to the project folder:
~/bitwarden_rs/web-vault $ cd ..
We need to add a .env-file.
~/bitwarden_rs $ nano .env
add this:
SMTP_USERNAME and SMTP_PASSWORD must be the login data from a valid uberspace mail account (SMTP_FROM must be correct too). You can also use a mail account from another service, like GMail. Alter the values like the port accordingly.
Press CTRL+O to save, and CTRL+X to exit.
You can edit other options, look into .env.template to see a list of available options.
Now, we just have to add a redirection to the port:
If you want to use a subdomain, read more about web backends in the uberspace wiki: https://manual.uberspace.de/web-backends.html#specific-domain
Now it's time to test if everything works:
~/bitwarden_rs $ target/release/bitwarden_rs
If there is no error, you are good to go. You should be able to access your vault on yourdomain.com.
Auto start and run in background
We will use supervisord to run the server and automatically restart it on crash.
Create a new file for your service: ~$ touch ~/etc/services.d/bitwarden_rs.ini with the following content:
Add the service to supervisor:
Now the server should be running again.
Updating
Updating bitwarden is really easy. Just stop the server, pull everything and download the new web vault, build the executable and start the server again: