Hi all !
First of all thanks for the wonderfull work on this BitwardenRS version! Love it so much!
I installed BitwardenRS a few months ago on a Raspberry Pi, and go it working just fine, but only on a web browser or with the Firefox plugin on localhost.
But I realized I was running outdated containers, and also missing lots of very usefull features, one of them being to use an external folder to have data saved outside docker container…
So a few days ago I decided to export my database from the app itself and start from scratch again.
Eventually I ended up with a fully up-to-date instance, with data saved correctly, but I’m still missing the security part of it. Also the Android application and the Windows applicattion are not able to connect, throwing respectively “Trust anchor for certification path not found” and “Failed to fetch” errors…
Following this https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-HTTPS I first used ROCKET_TLS to handle the certificates, which were generated following this https://github.com/dani-garcia/bitwarden_rs/wiki/Private-CA-and-self-signed-certs-that-work-with-Chrome…
This is where I begin to be lost… As my certificates/(reverse) proxies/security stuff knowledge is almost null, I don’t understand what is what, who should do what, and what should be where…
So all my certificates files created above are under /ssl/ folder on the system, which is mapped to the container with “-v /ssl/:/ssl/” option.
Without running a reverse proxy I should be able to run that way and use the Android app right?
I tried to check my certification chain with https://comodosslstore.com/ssltools/ssl-checker.php but it tells me that “No SSL certificates were found on xxxxxxx:yyyy”…
I saw here and there that I should install the certificate on my Android device, but since I’m not able to see the certification chain with this tool, I’m not sure it will change anything… I often hear about “full chain of certification”, I don’t understand what it stands for…
Secondly I want to understand how to configure a reverse proxy. Tell me if I’m correct : a reverse proxy will listen to the port I want to use in the end and redirect the traffic to the standard port (80) of my BitwardenRS server right?
As I’m running BitwardenRS on a RaspberryPi, which runs only that application, I would go for the nginx solution (I know it a bit as I already deployed some local websites with it) running on the same device.
So I try to sum up the steps to go for it:
- change my container options :
- remove “-e ROCKET_TLS=blablabla” option
- remove “-v /ssl/:/ssl/” option
- change port option to listen on port 80 only
- install nginx on the system
- create a new configuration based on what we can see here https://github.com/dani-garcia/bitwarden_rs/wiki/Proxy-examples and set the correct ports I want to use
- run it
- try to connect with Android app
Thanks a lot for any help on the two points (I know, they are very close to each other but they are two different points for me ) !
Have a safe and happy new year!