Hello,
You will find below the steps carried out as root on a CentOS 7 server:
Install Rust
curl https://sh.rustup.rs -sSf | bash
> 2
> x86_64-unknown-linux-gnu
> nightly
> minimal
> y
> 1
echo 'export PATH="$HOME/.cargo/bin:$PATH"' >> ~/.bashrc
source ~/.bashrc
Install Node.js and npm
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | bash
source ~/.bashrc
nvm list-remote (checking out the latest version, here v12.16.1)
nvm install v12.16.1
Install CentOS dependencies
yum -y install vim wget openssl-devel httpd
yum -y groupinstall 'Development Tools'
Download repositories
git clone https://github.com/dani-garcia/bitwarden_rs.git /opt/bitwarden
git clone https://github.com/bitwarden/web.git /opt/web
Compile the back-end
cd /opt/bitwarden/
cargo run --features sqlite --release
Compile the front-end
Check the latest version of the file downloaded here.
cd /opt/web/
wget https://raw.githubusercontent.com/dani-garcia/bw_web_builds/master/patches/v2.12.0.patch
git apply v2.12.0.patch
npm run sub:init
npm install
npm run dist
Create the .env file
cp /opt/bitwarden/.env.template /opt/bitwarden/.env
Enable the administration interface
Uncomment ADMIN_TOKEN
variable in /opt/bitwarden/.env
Set the web vault folder
sed -i 's/# WEB_VAULT_FOLDER=web-vault/WEB_VAULT_FOLDER=\/opt\/web\/build/' /opt/bitwarden/.env
Change the Rocket IP address
sed -i 's/# ROCKET_ADDRESS=0.0.0.0/ROCKET_ADDRESS=127.0.0.1/' /opt/bitwarden/.env
Enable WebSocket notifications
sed -i 's/# WEBSOCKET_ENABLED=false/WEBSOCKET_ENABLED=true/' /opt/bitwarden/.env
Change the WebSocket IP address
sed -i 's/# WEBSOCKET_ADDRESS=0.0.0.0/WEBSOCKET_ADDRESS=127.0.0.1/' /opt/bitwarden/.env
Rights modification
The apache
group and the apache
user are the permissions that must be applied to folders and files if you want httpd (Apache2 on CentOS) to be able to access them.
chown -R apache:apache /opt/bitwarden/
Creation of the VirtualHost (reverse proxy)
vim /etc/httpd/conf.d/vhost.conf
Copy the content below into the vhost.conf
file. Please note that at the moment I don’t configure access to the web vault in HTTPS.
<VirtualHost *:80>
#SSLEngine on
ServerName localhost
#SSLCertificateFile ${SSLCERTIFICATE}
#SSLCertificateKeyFile ${SSLKEY}
#SSLCACertificateFile ${SSLCA}
#${SSLCHAIN}
ErrorLog /var/log/httpd/bitwarden-error.log
CustomLog /var/log/httpd/bitwarden-access.log combined
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /notifications/hub(.*) ws://127.0.0.1:3012/$1 [P,L]
ProxyPass / http://127.0.0.1:8000/
ProxyPreserveHost On
ProxyRequests Off
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
</VirtualHost>
Log files creation
touch /var/log/httpd/bitwarden-error.log
touch /var/log/httpd/bitwarden-access.log
Enable and start HTTPD service
systemctl enable --now httpd.service
Allow Apache2 to connect to network
setsebool -P httpd_can_network_connect on
Allow HTTP port
firewall-cmd --add-port=80/tcp --permanent
firewall-cmd --reload
Launch the app
cd /opt/bitwarden
cargo run --release --features sqlite
Go to http://10.0.0.3 (server IP address):
- create the users
- access the administration interface
- log in with the token that is attached to the
ADMIN_TOKEN
variable - on the
General settings
ribbon, uncheckAllow new signups
- hit
Save
button
Disable administration interface
sed -i '/admin_token/d' /opt/bitwarden/data/config.json
Comment ADMIN_TOKEN
variable in /opt/bitwarden/.env
.
Create a service
vim /etc/systemd/system/bitwarden.service
Copy the content below into the bitwarden.service
file.
[Unit]
Description=Bitwarden Server (Rust Edition)
Documentation=https://github.com/dani-garcia/bitwarden_rs
# Only sqlite
After=network.target
[Service]
# The user/group bitwarden_rs is run under. the working directory (see below) should allow write and read access to this user/group
User=apache
Group=apache
# The location of the .env file for configuration
EnvironmentFile=/opt/bitwarden/.env
# The location of the compiled binary
ExecStart=/opt/bitwarden/target/release/bitwarden_rs
# Set reasonable connection and process limits
LimitNOFILE=1048576
LimitNPROC=64
# Only allow writes to the following directory and set it to the working directory (user and password data are stored here)
WorkingDirectory=/opt/bitwarden
# Allow bitwarden_rs to bind ports in the range of 0-1024
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
Restart systemct daemon
systemctl daemon-reload
Start bitwarden service
systemctl start bitwarden.service
At the moment I have this error:
Mar 15 15:03:30 bitwarden polkitd[866]: Unregistered Authentication Agent for unix-process:25045:279698 (system bus name :1.49, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Mar 15 15:03:30 bitwarden bitwarden_rs[25051]: /--------------------------------------------------------------------\
Mar 15 15:03:30 bitwarden bitwarden_rs[25051]: | Starting Bitwarden_RS |
Mar 15 15:03:30 bitwarden bitwarden_rs[25051]: | Version 1.14-7d9c7017 |
Mar 15 15:03:30 bitwarden bitwarden_rs[25051]: |--------------------------------------------------------------------|
Mar 15 15:03:30 bitwarden bitwarden_rs[25051]: | This is an *unofficial* Bitwarden implementation, DO NOT use the |
Mar 15 15:03:30 bitwarden bitwarden_rs[25051]: | official channels to report bugs/features, regardless of client. |
Mar 15 15:03:30 bitwarden bitwarden_rs[25051]: | Report URL: https://github.com/dani-garcia/bitwarden_rs/issues/new |
Mar 15 15:03:30 bitwarden bitwarden_rs[25051]: \--------------------------------------------------------------------/
Mar 15 15:03:30 bitwarden bitwarden_rs[25051]: Logger failed to initialize: attempted to set a logger after the logging system was already initialized
Mar 15 15:03:30 bitwarden bitwarden_rs[25051]: [2020-03-15 15:03:30][rocket::config::error][ERROR] environment variable ROCKET_ADDRESS=127.0.0.1 # Enable this to test mobile app could not be parsed
Mar 15 15:03:30 bitwarden systemd[1]: bitwarden.service: main process exited, code=exited, status=1/FAILURE
Mar 15 15:03:30 bitwarden systemd[1]: Unit bitwarden.service entered failed state.
Mar 15 15:03:30 bitwarden systemd[1]: bitwarden.service failed.
Please note that SELinux is enabled (I want to leave it enabled for security reasons) it is not impossible that the “error” comes from SELinux, how can I fix it?