How to Self-Host Bitwarden on a Raspberry Pi! (Tutorial)

Рет қаралды 13,365

3 жыл бұрын

BITWARDEN_RS IS DEPRECATED! PLEASE VIEW WRITTEN INSTRUCTIONS FOR NEW CONTAINER NAME!
✅ Written Instructions: www.wundertech.net/how-to-sel...
🔔 Subscribe for more tech related tutorials and overviews: link.wundertech.net/ssYt
🚀 Product Recommendations: link.wundertech.net/rmYt
❤️ Check out our website: link.wundertech.net/wtYt
This tutorial will go over how to self-host the password manager Bitwarden on a Raspberry Pi!
DISCLAIMER: The information in this video has been self-taught through years of technical tinkering. While we do our best to provide accurate, useful information, we make no guarantee that our viewers will achieve the same level of success. WunderTech does not assume liability nor responsibility to any person or entity with respect to damage caused directly or indirectly from its content or associated media. Use at your own risk.
WunderTech is a trade name of WunderTech, LLC.

Пікірлер: 64

@michaelventarola7100 2 жыл бұрын

Love your video. This was a great help in getting Bitwarden installed.

@jamier6268 3 жыл бұрын

I expect this video to get more attention as the LastPass free deadline approaches. Clear instructions and great tip on the env variable to disable account creation.

@WunderTechTutorials 3 жыл бұрын

Thanks so much, glad it was helpful!

@craigdavidson52 2 жыл бұрын

Thank you so much, works perfect.

@davidgoderre1970 3 жыл бұрын

hey i have really enjoyed your videos and i am learning a lot really fast thanks to them. i had a question. i have a vision of running Hoobs container for smart home automation and bitwarden on the same device. However i have conflicting port issues. i followed your videos for bitwarden setup and that is all good to go. i am now doing the container setup for hoobs. when i try to map port 80 to a different port i get an error for port in use. how do i go about setting up hoobs with a different port than bitwarden

@WunderTechTutorials 3 жыл бұрын

You will have to use a different port. When you say that you try and map port 80 to a different port, are you mapping the local port 80 to the container port 80? As long as you're using a different local port, it should work. Let me know and we can continue troubleshooting!

@kevinhughes9801 3 жыл бұрын

Another great video thank you

@WunderTechTutorials 3 жыл бұрын

Thanks for watching and for the support!

@sebasdt2103 3 жыл бұрын

hey great video! shouldn't it be possible to replace the proxy thiny with a selfhosted VPN? like wireguard. or Is there a advantage of using the proxy thingy

@WunderTechTutorials 3 жыл бұрын

Absolutely! The only reason that I added a reverse proxy is to make it accessible outside of your local network. If you'd like to use a VPN, that's perfectly fine.

@conor_schall 3 жыл бұрын

Thank you very much for this easy to follow tutorial! I'm relatively new to the linux/Raspberry Pi space and your videos combined with the written instructions have been incredibly helpful. I just have one question. Now that I have Bitwarden up and running, could I also install pi hole and pi vpn? My end goal is to be able to connect to my home network + pihole while I am away so I can enjoy the privacy benefits along with ad blocking across all my devices. I am currently using the 3B+ and am curious if this is at all possible without purchasing another unit

@WunderTechTutorials 3 жыл бұрын

It should be possible, but you might run into some performance issues having them all run at the same time. A Raspberry Pi 4 would be slightly better, but it can't hurt to try! I would take a backup of the Micro USB card (in its current state) and try it out. If it doesn't work as expected, restore the data or uninstall the applications and you should be good! Thanks a lot for watching and I'm glad to hear the tutorials are helping!

@conor_schall 3 жыл бұрын

@@WunderTechTutorials Thanks for the reply! Backing up is definitely a good idea. Looking forward to more Pi tutorials.

@RyanGoderre 3 жыл бұрын

@@conor_schall let me know how the setup goes with pi hole! I’m curious about doing the same thing.

@conor_schall 3 жыл бұрын

@@RyanGoderre so I spent a few hours trying to configure the pihole setup on my 3b+ hosting Bitwarden and unfortunately was unable to figure out how to have both services functioning simultaneously since they both require the use of port 80. At the very least I learned how to create an identical backup of my pi which turned out to be very useful in this situation.

@mkarko01 3 жыл бұрын

Hi, thanks for the tutorial all works great! One question, I would like to make the website accessible only by my devices to add an extra layer of security. Is it doable maybe with "iptables" to limit access based on MAC address of my devices? What do you suggest?

@WunderTechTutorials 3 жыл бұрын

You can using Nginx Proxy Manager. You will have to create access control policies, but it should do exactly what you're looking for. Just keep in mind it will only be limited by external IP address, so it might be hard to whitelist a cell phone without using the entire providers IP range. I haven't tried using MAC addresses, but that might be possible too!

@andreiardei267 2 жыл бұрын

@@WunderTechTutorials can't we just use a client side certificate or something? MAC adresses can be spoofed anyways

@WunderTechTutorials 2 жыл бұрын

@@andreiardei267 You can, but it will still be the "unrecommended" approach (if that makes sense - at least from the developers perspective).

@relmi2227 2 жыл бұрын

Hi, thanks for the awesome tutorial. do i need to create a new bitwarden account or can I use my already existing account? I am currently getting this error "An error has occurred. Username or password is incorrect. Try again", however, if i login to my usual bitwarden account I get no error

@WunderTechTutorials 2 жыл бұрын

If you are using Bitwarden's hosted version, you will have to export/import those files into your self-hosted instance. The self-hosted instance is totally separate (meaning you need to manage everything). There's nothing wrong with using the web version if you're more comfortable with that. However, if you want to use the self-hosted version, you will need to create a new account.

@prasannachandrakantdengale1480 Ай бұрын

I did all the steps and other things necessary. But during SSL certificate , it is showing me internal error . What should I do next

@briandortch4610 2 жыл бұрын

hello fresh install of raspbien lite off raspberry pi foundations website. the NGINX part just fails, cahllenges failed coming from the log window in portainer. I am missing a dependency?

@WunderTechTutorials 2 жыл бұрын

Were you able to install bitwarden successfully? Or that's what's failing?

@RyanGoderre 3 жыл бұрын

Hey I got bitwarden setup. How do you setup smtp and 2 factor authentication? I’m struggle with getting that security part setup before I start using bitwarden.

@WunderTechTutorials 3 жыл бұрын

This is how you can set up SMTP: github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration For two-factor, it will be in the settings of the user you create. You will manage it on a per-user level. Hopefully this helps, but let me know if I can clarify anything!

@RyanGoderre 3 жыл бұрын

@@WunderTechTutorials really appreciate the quick reply and help! I was able to redo my bitwarden installation. Add the smtp setup and get 2 factor setup. I had to use the less secure apps settings on my gmail account. But it’s an account with no info on it so I’m ok with that. Thanks again!

@hughw 3 жыл бұрын

Finally got this to work after 3 attempts. Seems that even the internal port (8080) needs to be allowed through ufw, not just 80 and 443 which are coming into nginx from external to the Pi. But finally working, and I will be free of LastPass and can let my family all create accounts for their own use.

@WunderTechTutorials 3 жыл бұрын

Glad you got it working! Did you have ufw enabled prior to this tutorial? I don't believe Raspberry Pi OS has it enabled by default, but either way, thanks for sharing the info!

@hughw 3 жыл бұрын

@@WunderTechTutorials no it’s not standard, I added ufw/fail2ban once I noticed I was getting about 2500 bogus SSH attempted logins a day and since I have set SSH to key only, I just ban them after 1 attempt. I guess if I’d read the documentation properly I would have found out that you need to allow “internal” port requests - but I had assumed it just applied to external.

@WunderTechTutorials 3 жыл бұрын

@@hughw That's very interesting, but really great information for others. I haven't noticed that, but now I need to check...

@snortoise 3 жыл бұрын

I've been follow this guide and it's pretty good even after a few stumbles with some iptables issues. I am currently on the step where am using nginx proxy manager to setup SSL and nginx proxy manager just says "Internal Error" no matter what I do. Has anyone seen this before? Some help would be greatly appreciated.

@snortoise 3 жыл бұрын

So it took quite a bit of reading but I finally figure it out. My ISP, Cox, blocks external traffic on port 80. This means even if my router is port forwarding port 80, nothing on port 80 will ever make it to me. To solve this I had to use the DNS challenge in Nginx Proxy Manager. In order for that to work I switched my Name Servers (DNS) from google (who I have my domain registered with) to Cloudflare. Then in cloudflare I had to generate an Edit Zone API Token, don't use the global API key. I fed that token to Nginx PRoxy Manager in the DNS Challenge selecting cloudflare and it worked on the first try. tl;dr If you get internal error, but you think you've done it all correctly, verify that your ISP doesn't block ports 80 or 443. If they do, you need to use DNS challenge for Let's Encrypt to work.

@WunderTechTutorials 3 жыл бұрын

Sorry for not having a chance to respond to this. Sucks that ISP's block ports 80/443 sometimes, but glad to hear you got it working!

@KLJASD 3 жыл бұрын

@@snortoise Dude I was in your exact situation with Cox and followed your guide, thank you so much for this workaround!

@snortoise 3 жыл бұрын

@@KLJASD I hope you didn't have to go through all the pain I did!

@U1TR4F0RCE Жыл бұрын

@@snortoise maybe I did the nginx proxy manager stuff incorrectly but I ended up getting a message that I redirected too many times for it to load. properly.

@MrChili1496 4 ай бұрын

Finally got this working after much hair pulling and coffee, turns out if i plug my pi into a network switch the vaultwarden will not work, if i plug the pi direct into the router it all works as should. What are your thoughts on this? the pi ip is the same via the router and the switch

@WunderTechTutorials 4 ай бұрын

That's a tough one. Is this happening to other services as well on other devices?

@MrChili1496 4 ай бұрын

@@WunderTechTutorials nope only happens if the pc and pi are plugged into the switch

@rogerb6378 3 жыл бұрын

How can i config my bitwarden only for my lan use? I don't have a domain.

@WunderTechTutorials 2 жыл бұрын

The tough part about running it locally is getting a certificate so that you can access it by domain name. If you don't use a reverse proxy, I don't think there's an easy way to get HTTPS working (which you should use). This tutorial will show how you can set it up locally, but it's a little more complex than exposing Bitwarden. medium.com/swlh/set-up-your-own-personal-password-vault-313d76374046

@intrepid4262 3 жыл бұрын

How can i access a site that is behind a reverse proxy server from the local network? When i go to my duck dns domain from my local network it points to my routers home screen. Accessing bitwarden locally with http [local ip]:8080 is not useful because bitwarden_rs requires SSL to function. Awesome tutorial though I feel like im so close to solving this puzzle.

@WunderTechTutorials 3 жыл бұрын

You should be able to access the reverse proxy (if it's set up properly) from your local network. It will simply use the external IP address. Are you using port 443 for the reverse proxy? If so, it would be [your_domain]. If you use http, you might be pointed somewhere else.

@intrepid4262 3 жыл бұрын

@@WunderTechTutorials Yes I am using port 443 for the reverse proxy. [my domain] goes to my routers page. I put some debug information on imgur here. Thanks in advance. imgur.com/a/2uUr1L0

@WunderTechTutorials 3 жыл бұрын

@@intrepid4262 Everything looks correct from those screenshots. Can you confirm that port 443 is opened on your router? You can use this page to validate that it's properly opened: www.yougetsignal.com/tools/open-ports/

@seizedgamer 3 жыл бұрын

So when i set it up and using Nginx for the reverse proxy, I cannot get a secure http address. Its stuck on a non-secure site. I grabbed a subdomain from freedns

@WunderTechTutorials 3 жыл бұрын

Any reason why you're trying to use HTTP instead of HTTPS? The destination should be HTTP for bitwarden, but you should be using HTTPS for the reverse proxy so all traffic is encrypted.

@intrepid4262 3 жыл бұрын

Same here

@WunderTechTutorials 3 жыл бұрын

@@intrepid4262 Are you using HTTPS when you navigate to it?

@tomsea7500 Жыл бұрын

It would be great to see a tutorial for hosting KeePass on a Synology NAS. Why pay for Bitwarden when you are going to host it anyway? Basically you are left with a port of KeePass where you are paying someone else for the pleasure of doing it yourself!

@WunderTechTutorials Жыл бұрын

Bitwarden is free, though there are some paid features in the non-self-hosted version.

@chin0x 3 жыл бұрын

How can I Backup my bitwarden data automatically?

@WunderTechTutorials 3 жыл бұрын

It's hard to say what the "best" way of doing it is, since everyone has different hardware. Basically, you want to try and back up the volume that you mapped which is storing all of your personal data. You can do that using an rsync job (which is probably the easiest).

@xchans3147 3 жыл бұрын

When getting SSL Certificate, I got internal Error in Nginx Proxy Manager

@WunderTechTutorials 3 жыл бұрын

Most of the time, that's a communication issue where traffic isn't allowed. Did you properly open ports 80/443 to your Raspberry Pi (where NPM is installed)?