Building binary

Help
1

Hello,

You will find below the steps carried out as root on a CentOS 7 server:

Install Rust

curl https://sh.rustup.rs -sSf | bash
> 2
> x86_64-unknown-linux-gnu
> nightly
> minimal
> y
> 1
echo 'export PATH="$HOME/.cargo/bin:$PATH"' >> ~/.bashrc
source ~/.bashrc

Install Node.js and npm

curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | bash
source ~/.bashrc
nvm list-remote (checking out the latest version, here v12.16.1)
nvm install v12.16.1

Install CentOS dependencies

yum -y install vim wget openssl-devel httpd
yum -y groupinstall 'Development Tools'

Download repositories

git clone https://github.com/dani-garcia/bitwarden_rs.git /opt/bitwarden
git clone https://github.com/bitwarden/web.git /opt/web

Compile the back-end

cd /opt/bitwarden/
cargo run --features sqlite --release

Compile the front-end

Check the latest version of the file downloaded here.

cd /opt/web/
wget https://raw.githubusercontent.com/dani-garcia/bw_web_builds/master/patches/v2.12.0.patch
git apply v2.12.0.patch
npm run sub:init
npm install
npm run dist

Create the .env file

cp /opt/bitwarden/.env.template /opt/bitwarden/.env

Enable the administration interface

Uncomment ADMIN_TOKEN variable in /opt/bitwarden/.env

Set the web vault folder

sed -i 's/# WEB_VAULT_FOLDER=web-vault/WEB_VAULT_FOLDER=\/opt\/web\/build/' /opt/bitwarden/.env

Change the Rocket IP address

sed -i 's/# ROCKET_ADDRESS=0.0.0.0/ROCKET_ADDRESS=127.0.0.1/' /opt/bitwarden/.env

Enable WebSocket notifications

sed -i 's/# WEBSOCKET_ENABLED=false/WEBSOCKET_ENABLED=true/' /opt/bitwarden/.env

Change the WebSocket IP address

sed -i 's/# WEBSOCKET_ADDRESS=0.0.0.0/WEBSOCKET_ADDRESS=127.0.0.1/' /opt/bitwarden/.env

Rights modification

The apache group and the apache user are the permissions that must be applied to folders and files if you want httpd (Apache2 on CentOS) to be able to access them.

chown -R apache:apache /opt/bitwarden/

Creation of the VirtualHost (reverse proxy)

vim /etc/httpd/conf.d/vhost.conf

Copy the content below into the vhost.conf file. Please note that at the moment I don’t configure access to the web vault in HTTPS.

<VirtualHost *:80>
    #SSLEngine on
    ServerName localhost

    #SSLCertificateFile ${SSLCERTIFICATE}
    #SSLCertificateKeyFile ${SSLKEY}
    #SSLCACertificateFile ${SSLCA}
    #${SSLCHAIN}

    ErrorLog /var/log/httpd/bitwarden-error.log
    CustomLog /var/log/httpd/bitwarden-access.log combined

    RewriteEngine On
    RewriteCond %{HTTP:Upgrade} =websocket [NC]
    RewriteRule /notifications/hub(.*) ws://127.0.0.1:3012/$1 [P,L]
    ProxyPass / http://127.0.0.1:8000/

    ProxyPreserveHost On
    ProxyRequests Off
    RequestHeader set X-Real-IP %{REMOTE_ADDR}s
</VirtualHost>

Log files creation

touch /var/log/httpd/bitwarden-error.log
touch /var/log/httpd/bitwarden-access.log

Enable and start HTTPD service

systemctl enable --now httpd.service

Allow Apache2 to connect to network

setsebool -P httpd_can_network_connect on

Allow HTTP port

firewall-cmd --add-port=80/tcp --permanent
firewall-cmd --reload

Launch the app

cd /opt/bitwarden
cargo run --release --features sqlite

Go to http://10.0.0.3 (server IP address):

  • create the users
  • access the administration interface
  • log in with the token that is attached to the ADMIN_TOKEN variable
  • on the General settings ribbon, uncheck Allow new signups
  • hit Save button

Disable administration interface

sed -i '/admin_token/d' /opt/bitwarden/data/config.json

Comment ADMIN_TOKEN variable in /opt/bitwarden/.env.

Create a service

vim /etc/systemd/system/bitwarden.service

Copy the content below into the bitwarden.service file.

[Unit]
Description=Bitwarden Server (Rust Edition)
Documentation=https://github.com/dani-garcia/bitwarden_rs

# Only sqlite
After=network.target

[Service]
# The user/group bitwarden_rs is run under. the working directory (see below) should allow write and read access to this user/group
User=apache
Group=apache
# The location of the .env file for configuration
EnvironmentFile=/opt/bitwarden/.env
# The location of the compiled binary
ExecStart=/opt/bitwarden/target/release/bitwarden_rs
# Set reasonable connection and process limits
LimitNOFILE=1048576
LimitNPROC=64
# Only allow writes to the following directory and set it to the working directory (user and password data are stored here)
WorkingDirectory=/opt/bitwarden
# Allow bitwarden_rs to bind ports in the range of 0-1024
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

Restart systemct daemon

systemctl daemon-reload

Start bitwarden service

systemctl start bitwarden.service

At the moment I have this error:

Mar 15 15:03:30 bitwarden polkitd[866]: Unregistered Authentication Agent for unix-process:25045:279698 (system bus name :1.49, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Mar 15 15:03:30 bitwarden bitwarden_rs[25051]: /--------------------------------------------------------------------\
Mar 15 15:03:30 bitwarden bitwarden_rs[25051]: |                       Starting Bitwarden_RS                        |
Mar 15 15:03:30 bitwarden bitwarden_rs[25051]: |                       Version 1.14-7d9c7017                        |
Mar 15 15:03:30 bitwarden bitwarden_rs[25051]: |--------------------------------------------------------------------|
Mar 15 15:03:30 bitwarden bitwarden_rs[25051]: | This is an *unofficial* Bitwarden implementation, DO NOT use the   |
Mar 15 15:03:30 bitwarden bitwarden_rs[25051]: | official channels to report bugs/features, regardless of client.   |
Mar 15 15:03:30 bitwarden bitwarden_rs[25051]: | Report URL: https://github.com/dani-garcia/bitwarden_rs/issues/new |
Mar 15 15:03:30 bitwarden bitwarden_rs[25051]: \--------------------------------------------------------------------/
Mar 15 15:03:30 bitwarden bitwarden_rs[25051]: Logger failed to initialize: attempted to set a logger after the logging system was already initialized
Mar 15 15:03:30 bitwarden bitwarden_rs[25051]: [2020-03-15 15:03:30][rocket::config::error][ERROR] environment variable ROCKET_ADDRESS=127.0.0.1 # Enable this to test mobile app could not be parsed
Mar 15 15:03:30 bitwarden systemd[1]: bitwarden.service: main process exited, code=exited, status=1/FAILURE
Mar 15 15:03:30 bitwarden systemd[1]: Unit bitwarden.service entered failed state.
Mar 15 15:03:30 bitwarden systemd[1]: bitwarden.service failed.

Please note that SELinux is enabled (I want to leave it enabled for security reasons) it is not impossible that the “error” comes from SELinux, how can I fix it?

1 Like
2

So far all that makes sense to me!

Small tip, but you might prefer to set:
WEB_VAULT_FOLDER=/opt/web/build
to avoid having to copy the built files, but it should work great your way!

3

@dani

When do I modify this variable (WEB_VAULT_FOLDER)? Before compiling Bitwarden_RS API?

What is the method to disable the administration interface? In fact I activated the interface (by uncommenting ADMIN_TOKEN) to disable the registration of new users and I commented ADMIN_TOKEN again.
After reloading the .env file (source /opt/bitwarden/.env) and relaunching the app, the administration interface is still visible…

Thank you for your feedback.

4

If you make changes to the config from the admin interface, those changes will be saved to the config.json file in the data folder, which at that point would take precedence over the .env variables, so to disable it, delete or edit the config.json file.

The WEB_VAULT_FOLDER variable is only read during runtime so no need to recompile

5

@dani

Indeed it works!

Can you consider my request at the end of my original post (concerning the creation of a service), I have an error and I don’t know how to fix it. I’m not sure about the value of WorkingDirectory…

Thank you for your feedback.

6

Hello aponsin,

I think something goes wrong with the sed replace for the rocket_address. According too the error message it is trying to bind to 127.0.0.1 # Enable this to test mobile app could not be parsed so something went wrong there.

7

Hi @BlackDex,

Hum I don’t think it’s related to the use of localhost (127.0.0.1) because if I look at my .env file:

cat /opt/bitwarden/.env | grep "ROCKET_ADDRESS"

I have this:

ROCKET_ADDRESS=127.0.0.1 # Enable this to test mobile app

So I think the message displayed is extracted from the configuration file? Just a guess… By the way if I replace this IP address by 0.0.0.0, I get the same error when I do journalctl -xe but with the IP address 0.0.0.0…

Thank you for your feedback.

8

@aponsin, please try to change the sed command to the following.

sed -i 's/# ROCKET_ADDRESS=0\.0\.0\.0.*/ROCKET_ADDRESS=127.0.0.1/' /opt/bitwarden/.env

That will remove the # Comment on the end, and makes sure only the IP is there.

9

Hi @BlackDex,

You’re not far from genius! It works!

Thank you very much for your help!
I can no longer update the original article to write the modification that solves the problem…

Have a great day!

11

Hi @Spa,

I did not perform the installation on a CentOS 8 server, is it possible for you to do this installation on CentOS7?

Maybe, can you provide us the log file located at /root/.npm/_logs/2020-03-20T10_02_48_902Z-debug.log ?

14

@Spa,

Yes, that’s what I was going to propose, and by the same time you’ re going to need the openssl-devel package.

Keep me posted.

16

Hi, how can i enable https and add letsencrypt certs?
thanks

17

Hi @Spa,

It’s very strange, you follow the code snippets I give? Especially to install the nightly version of Rust and Node.js?

18

now it’s working…
needs npm audit fix
then upograde more ram than 1gb and 1gb swap
Compiling well and now i can use bw vault page on my 127.0.0.1 address
Now i’mtrying to enable https and apply lets encrypt cert

19

Hi it’s works now but i’m a issues when i generate service

[bw@Bitwarden bin]# systemctl status bitwarden.service
â—Ź bitwarden.service - Bitwarden Server (Rust Edition)
Loaded: loaded (/etc/systemd/system/bitwarden.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Mon 2020-04-13 16:49:39 UTC; 2min 50s ago
Docs: https://github.com/dani-garcia/bitwarden_rs
Process: 637 ExecStart=/opt/bitwarden/target/release/bitwarden_rs (code=exited, status=203/EXEC)
Main PID: 637 (code=exited, status=203/EXEC)

Can how i fix it?
Thanks

20

Hi @Spa,

Can you please post your bitwarden.service file?

21

Hi i copied the file into guide

[Unit]
Description=Bitwarden Server (Rust Edition)
Documentation=https://github.com/dani-garcia/bitwarden_rs

# Only sqlite
After=network.target

[Service]
# The user/group bitwarden_rs is run under. the working directory (see below) should allow write and read access to this user/group
User=apache
Group=apache
# The location of the .env file for configuration
EnvironmentFile=/opt/bitwarden/.env
# The location of the compiled binary
ExecStart=/opt/bitwarden/target/release/bitwarden_rs
# Set reasonable connection and process limits
LimitNOFILE=1048576
LimitNPROC=64
# Only allow writes to the following directory and set it to the working directory (user and password data are stored here)
WorkingDirectory=/opt/bitwarden
# Allow bitwarden_rs to bind ports in the range of 0-1024
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target
22

Here is rpm spec files from MrMEEE , GitHub - MrMEEE/bitwarden_rs_rpm
Should we move forward to make bitwarden_rs a formal pkg in Fedora EPEL repo ?