Thank you very much. In case someone is struggling to find the path to the reverse proxy configuration in DSM 7: Login Portal -> Advanced -> Reverse Proxy
Thank you. Super simple and easy to follow, got setup no issues. 1 thing I did have to do was port forward the ports we were using in the router but hopefully thats common knowledge these days. Also, there was a recent update to the Synology UI so the environment/folder/etc settings show up a little different than in video now, but again no issue for someone who is semi experienced in Synology UI as well.
I installed vaultwarden as an add-on to home assistant a bit earlier this year when lastpass crippled their free offer. It was really super easy to install and it is being backup up as part of my home assistant backup process :-) while I understand there is no logical reason to install it inside of home assistant I did not see a reason why I should not install it in Home Assistant.
Great video! Two questions: 1. Is it possible and safe to access my passwords from outside my local network? 2. Is there a way to import all my passwords currently stored in 1password? Thank you!
Thank you!!! 1) I use reverse proxy on Synology to encrypt the traffic - that way at least my traffic towards Vaultwarden is encrypted. And it's much easier to setup then using internal SSL certificate 2) Sure, you can use this guide for it - bitwarden.com/help/import-from-1password/ I've imported from some other services, but steps are similar
So Vaultwarden is the open source version but is not affiliated with Bitwarden. Does it have all the same features as the paid version of Bitwarden? Specifically, I’m looking to switch from LastPass families and I’d like to keep the password sharing features with my family members and manage their accounts and access.
As far as I know, yes. You can have multiple accounts (and manage them). If they are in organization (family) you can have shared identities, passwords etc.
The DNS , Cert is not needed , you can use a self certificate from your own machine and you can run it locally without problems , just you have to pass the ROCKET_TLS variable with the cert and key paths to the actual files. I just did that and worked .
Thanks for the very good explanation, I needed some additional changes, but all in all it worked well. However a few months later now I have a problem updating VaultWarden once it's installed. I tried few methods found on the internet, but non of them worked, and I am also afraid of losing all the settings so I skipped some. Is there an easy and clear way to update only the image, but keeping the container with ist settings and Data and to make it use the new image with the new VaultWarden version?
Same setup here. Docker, Vaultwarden, Custom Domain, Reverse Proxy. Was working fine with DSM 6.2.x but after the update yesterday to DSM 7.x it is no longer working from my custom domain. Internally I can access Vaultwarden. Any idea what DSM 7 changed?
@@BeardedTinker looks like i have the same issue. quickconnect on mine is using 443 and I can not seem to turn it off. Can i use a different https port in RP?
Great Video. You did not include the 'Admin' function though, and setting up email server so you can email users and provide emergency access if required.
Thank you! Yes, not just that, I've also skipped over using OTP, internal SSL, and things like that. It would add extra time and complexity for the video.
You should be able to use it like that. I don't see an issue with that. IP adsress is one from your Synology, and just use port you decided to use (or default one).
There is option to install (additional) docker for this -github.com/ttionya/vaultwarden-backup But I'm just backing up my mapped vaultwarden folder. (rsa files + database) - nothing fancy, just tar the folder and files in it.
Arh, okay sure, but the valutwarden-backup is using rclone. Can you show how you do it? Cause read that you should use sqlite backup function to backup the database or something about needing to close it down first....
One small note, I bristled a bit at the account creation especially the t&cs! I'm pretty certain this account is local only as that's the point of course, but it might be worth a note to clarify. I'll probably test it by blocking the container's outbound internet access and see if it still works. Any idea if one can replace the terms with something custom? I'd probably change it to simply "no guarantees that this does anything at all, don't sue me!" Before giving it to my family 😄
Thanks for the comment! You are right - this should be local only, so T&C do apply to your local instance. Haven't tested it myself too, but by using local instance (your IP address), there shouldn't been any communication with cloud service. Also, haven't found a way (but didn't spend much time at it) on how to replace T&C - there should be file inside Docker to do that, but if it's not mapped, any update would overwrite it.
Hi BT, not related to this material, but I know it's been one of the concerns on other recordings - Synology Docker daemon version. Just got an update notification on my DSM - Synology released docker daemon update to version 20.10.3 - 0552. So, return to HA supervised in Docker? Anyhow, perhaps this will be interesting enough to record a quick upgrade tutorial?
Hi Tom! Yes, I've seen that update but still haven't upgraded - waiting to see if there are any new issues that were introduced. But to answer other question you had - no, author of hass.io package has removed it from SynoCommunity store as docker version was only 1 of total of 5 reasons Synology is not supported. Biggest issue we have was deamon version, but since new version of HA, other things also popped up. So, no - there will be no more videos on unsupported version of HA on Synology - people just had to many issues that devs didn't or couldn't support/fix and it brought a lot of frustration to both users and devs.
Excellent question - never tried. But from top of my head, I would say no - Bitwarden is commercial product hosted in cloud while VaultWarden is open source version. You could use same password for access and import but it is not done automatically.
In Vault you can create organization (like group of users) where you can send invitation to other users. It works ok and I use it that way on my Synology.
@BeardedTinker thanks for your VaultWarden self hosted password manager in Synology private cloud video on youtube. unfortunately I am not able to remotely access valutwarden via https. I can only access via http which would not allow me to log in. I have set up reverse proxy and certificates. can you help me?
Sorry, don't understand. If you have your domain, you can create subdomain and use that subdomain for this Docker container. No extra port forwarding is needed. Just forward all 443 traffic to your Synology and depending on the domain and subdomain name it will know where to forward it.
You will need to configure it using variables when creating Docker container. github.com/dani-garcia/vaultwarden/wiki/SMTP-configuration You can (if everything is setup correctly) delete existing container and recreate using old command you used with SMTP part added: -e SMTP_HOST= -e SMTP_FROM= -e SMTP_PORT=587 -e SMTP_SSL=true -e SMTP_USERNAME= -e SMTP_PASSWORD=
@@BeardedTinker i can sent now the email but if the person who get the invatation the link is pointed to LOCALHOST and not reachable - same problem is if i verify my own email i had to copy the link and change to my domain from localhost - where can i change the localhost problem - i also could not setup the port in docker auto to 3012 i had to change from auto to 8881 maybe this is the problem?
@@petersu2441 I don't have SMTP set, but I've found documentation that can help you on this: github.com/dani-garcia/vaultwarden/wiki/Configuration-overview You can customise the URL there in case you are using revers proxy (as example) and then this will be pushed in emails.
One is commercial product, this one is open source version using same code. With vaultwarden you can keep everything at your site/your servers instead of using public cloud.
@@BeardedTinker ok thx. Additionally I was just reading "perfect for self-hosted deployment where running the official resource-heavy service might not be ideal."
@@BeardedTinker reverse proxy does not work for me rn it say make sure the domain is public ip converted idk what that means. i also see not the same screen as you in the vid mine is newer pls i need help
I am getting this message, "This browser requires HTTPS to use the web vault Check the Vaultwarden wiki for details on how to enable it" how do I do it, please?
I'm using Synology Application portal (in Control Panel) which is in a fact ngnix reverse proxy for that.You setup external sub domain (under your main domain) and route https traffic on that subdomain, to internal IP address of your VaultWarden.
@@BeardedTinker I am sorry but am not computer savvy but am also using a Synology Application portal, (in Control Panel). Do I need to create another let's encrypt certificate for Vault Warden? Please help?
If i go with IP adress on my Bitwarden/Docker it works but not with my normal Domain + new Port. Is the Router and new port the problem? Ty btw great Video. Hope Synology will bring a own Package for Bitwarden.
Thank you very much for your comment. If you want to open it up for external access, you have to create forward rule on the router to forward external port to internal IP and port you are using internally. This should really be it.
You can try setting up Application portal (reverse proxy) in Synology. You just enter subdomain there for ex. warden.mydomain.com and forward it to your Synology IP address and port for Vaultwarden. That way you don't need any additional port except 443 forwarded in router. It will also then be able to automatically create SSL certificate for it
@@BeardedTinker I open the the port in router, so i can use my domain now, but it is only without httpS avilable. Should it not be httpS? my normal domain is avilable with httpS. EDIT: ok the reverse proxy go to my IP adress without httpS. Is it possible to do it with httpS or not worth coz it is my own server? ty so much for your help.
Create in Organisation under People users you need. There you assign username and password. Your default one should be one you created when setting up the Vaultwarden. You can check Documentation for more info: github-wiki-see.page/m/dani-garcia/vaultwarden/wiki
Hi BeardedTinker. First of all, thank you for your videos! Appreciate it. If you have set it up correctly, how can you configure some config files stored in bwdata? Like for example the "global.override.env" ?
Thank you for comment and great question. I haven't played with it since I'm lazy (actually never have enough time), but there are two ways on how you could do that. First one is to add them when creating Vaultwarden, so if you already created it, you would need to stop it, delete existing container, and create new one with environment variable added. Second one should be better option . create file with global variables you want to add or change and put that file in folder you created for VaultWarden. Again, you have to remove existing container, but then you add following to start/create command: --env-file /path/to/your_global.env file - that way, whenever you change something and restart container, it should load it. And it's also much easier to manage this than long command line. Of course, there is option to use Docker compose for this too, but I would go with option 2.
@@BeardedTinker awsome. I will try that one out. I can feel with you, regarding on the time. I have 2 Kids and only time to "work" on my local server, when they are in bed and If I dont fall asleep with them ;-) Best wishes from germany!
@@BeardedTinker Hey BeardedTinker, I'm right now testing this out. Sadly Vaultwarden tells me in protocol, that "no .env file found". What am I doing wrong with the command in the start line? Do you have a tipp for me?
Good question. For start, don't publish your subdomain. Also, it's possible to block option to create new accounts. That way, no new accounts could be created. Those are some basic steps you could take . Others could for example be filtering MAC addresses that can reach this service on network level.
@@BeardedTinker After watching your video and poking around on various Wiki's and forums this one came the closest with having some very good points on security with Vaultwarden: www.synoforum.com/resources/securing-your-vaultwarden-install.140/
@BullFrog it all depends... I have it open for now for family members and friends who would like to set up account. But I will definitly disable new account creating at some point. Also, I've set-up 2FA for my account. But that's standard for all accounts I have.
Hi this workds on SYNOLOGY DSM 7?? I used bitwarden with DSM 6.2 and no problem. I updated to DSM 7. And it stopeed working. I saw bitwarden was DEPRECTAED so i tried Vaultwarden. But same error. I install, i see the page to create user but after created i always gets a 404 Not Found nginx. ¿Some help?
Name of the Docker image was changed from BitWarde to VaultVarden and that's why it way deprecated. Due to legal reasons as Bitwarde is commercial service and this was open source version. And yes, it still works under DSM 7.0 - I have it running on my test setup. I see that you're using ngnix for traffic. Try direct connection without ngnix. Do you have any errors in Docker log file?
@@BeardedTinker well i use standar connection, i mean 192.168.0.x:5153 where 192.168.0.x is my ip nass and 5153 is the port used instead of 80 for htpps. I keep the 8880 port. No idea of how to direct connection whithout ngnix.....
There is sudo command in video description: sudo docker run -itd --name=vaultwarden -v /volume1/docker/vaultwarden/:/data/ -p 8880:80 --restart=always vaultwarden/server:latest This doesn't require any Docker UI.
Great Tutorial! everything works BUT, when i connect Vaultwarden to the bitwarden android app Phone/Tablet it works great! , but if i wont the same on windows Browser Chrome/Opera/FF bitwarden plugin i get the error failed to fetch! why? the settings are the same as on android app but it wont work on windows Browsers :( can you help? Vaultwarden has valid certificafe and is also public accessible but it dont works on windows Chrome/Opera/FF bitwarden plugin!
Not really sure to be honest. I use both app on phone and plugin in browser. Both work without an issues. Failed to fetch can be issue with certificate. Are you using ngnix/reverse proxy for certificate or have you imported certificate to vaultwarden? Also is the PC external or internal on the network?
@@BeardedTinker hi i used the synology reverse proxy as in tutorial and the pc/laptop is mostly internaly used, and i dont imported certificate to vaultwarden
@Mgr.Miroslav Prezbruch have you enabled NAT loopback on router? Try it! It helps properly resolve external URL . This may help. It's also calle NAT Hairpin
Thank you very much.
In case someone is struggling to find the path to the reverse proxy configuration in DSM 7:
Login Portal -> Advanced -> Reverse Proxy
Thanks for this!!
Thank you. Super simple and easy to follow, got setup no issues. 1 thing I did have to do was port forward the ports we were using in the router but hopefully thats common knowledge these days. Also, there was a recent update to the Synology UI so the environment/folder/etc settings show up a little different than in video now, but again no issue for someone who is semi experienced in Synology UI as well.
Glad it helped a bit! Haven't still pushed those 7.0.x updates on mine :)
Great explanation, dude. Worked for me. Definitely a subscription.
Thank you!!! Much appreciated!
I installed vaultwarden as an add-on to home assistant a bit earlier this year when lastpass crippled their free offer. It was really super easy to install and it is being backup up as part of my home assistant backup process :-) while I understand there is no logical reason to install it inside of home assistant I did not see a reason why I should not install it in Home Assistant.
That's great! Having it in same snapshot as HA make backup and especially recovery fast and simple!
Great video! Two questions:
1. Is it possible and safe to access my passwords from outside my local network?
2. Is there a way to import all my passwords currently stored in 1password?
Thank you!
Thank you!!!
1) I use reverse proxy on Synology to encrypt the traffic - that way at least my traffic towards Vaultwarden is encrypted. And it's much easier to setup then using internal SSL certificate
2) Sure, you can use this guide for it - bitwarden.com/help/import-from-1password/
I've imported from some other services, but steps are similar
@@BeardedTinker
Thank you so much!
So Vaultwarden is the open source version but is not affiliated with Bitwarden. Does it have all the same features as the paid version of Bitwarden? Specifically, I’m looking to switch from LastPass families and I’d like to keep the password sharing features with my family members and manage their accounts and access.
As far as I know, yes. You can have multiple accounts (and manage them). If they are in organization (family) you can have shared identities, passwords etc.
best tutorial for docker app !
Thank you Davy!!! Glad you liked it!!!
The DNS , Cert is not needed , you can use a self certificate from your own machine and you can run it locally without problems , just you have to pass the ROCKET_TLS variable with the cert and key paths to the actual files.
I just did that and worked .
Can you please describe this in more detail? I only need this locally and cannot get it to work.
Thanks for the very good explanation, I needed some additional changes, but all in all it worked well. However a few months later now I have a problem updating VaultWarden once it's installed. I tried few methods found on the internet, but non of them worked, and I am also afraid of losing all the settings so I skipped some. Is there an easy and clear way to update only the image, but keeping the container with ist settings and Data and to make it use the new image with the new VaultWarden version?
I see that you've found the other video too, on how to update 😉
Thank you for the comment
Great video! Thanks! Did you try setting it up for multiple users? If so how did you sort the email invitation setup? Cheers
I've sent out the links via mail. And password was temp, sent over SMS. That's it.
Same setup here. Docker, Vaultwarden, Custom Domain, Reverse Proxy. Was working fine with DSM 6.2.x but after the update yesterday to DSM 7.x it is no longer working from my custom domain. Internally I can access Vaultwarden.
Any idea what DSM 7 changed?
What is the error? Not loading or you get some error? Nothing should be different. I run it on both DSM 6 and 7
@@BeardedTinker I get a 404 Not Found - nginx. I am reading about corrupt nginx configs after updating. No clue what that is
Yeah, I've found this... Probably same thing you did. www.synoforum.com/threads/vaultwarden-doesnt-work-since-dsm-7-update-synology.6594/?amp=1
@@BeardedTinker looks like i have the same issue. quickconnect on mine is using 443 and I can not seem to turn it off. Can i use a different https port in RP?
@@FrancisOpoku I'm not using or ever used quickconnect. You can try with DuckDNS or get your own domain and try with that.
Great Video. You did not include the 'Admin' function though, and setting up email server so you can email users and provide emergency access if required.
Thank you! Yes, not just that, I've also skipped over using OTP, internal SSL, and things like that. It would add extra time and complexity for the video.
Can I use VaultWarden if my NAS is not connected to the internet? I would like to use it only in my own home network
You should be able to use it like that. I don't see an issue with that. IP adsress is one from your Synology, and just use port you decided to use (or default one).
@@BeardedTinker worked fine for me, thank you very much. Keep up the great work! It helped me a lot and you do a very good job. 😊 👍
That's great!! I heavily use Vaultwarden lately. Thank you for your comment 😉
Excellent instructional video as always. Thank you. How do you backup your vaultwarden data vault.
There is option to install (additional) docker for this -github.com/ttionya/vaultwarden-backup
But I'm just backing up my mapped vaultwarden folder. (rsa files + database) - nothing fancy, just tar the folder and files in it.
@@BeardedTinker thank you
@@BeardedTinker Could you go into more detail? like how are you installing Rclone and doing the backup?
@@mfrimannm I never mentioned rclone 😉 my backup is done by Synology on Synology. Part of standard backup procedure.
Arh, okay sure, but the valutwarden-backup is using rclone. Can you show how you do it? Cause read that you should use sqlite backup function to backup the database or something about needing to close it down first....
One small note, I bristled a bit at the account creation especially the t&cs!
I'm pretty certain this account is local only as that's the point of course, but it might be worth a note to clarify. I'll probably test it by blocking the container's outbound internet access and see if it still works.
Any idea if one can replace the terms with something custom? I'd probably change it to simply "no guarantees that this does anything at all, don't sue me!" Before giving it to my family 😄
Thanks for the comment! You are right - this should be local only, so T&C do apply to your local instance. Haven't tested it myself too, but by using local instance (your IP address), there shouldn't been any communication with cloud service.
Also, haven't found a way (but didn't spend much time at it) on how to replace T&C - there should be file inside Docker to do that, but if it's not mapped, any update would overwrite it.
Yeah, from this one post, it doesn't look as simple as I would like it to be.
vaultwarden.discourse.group/t/modifing-bitwarden-instance-front-page/209
Hi BT, not related to this material, but I know it's been one of the concerns on other recordings - Synology Docker daemon version. Just got an update notification on my DSM - Synology released docker daemon update to version 20.10.3 - 0552. So, return to HA supervised in Docker? Anyhow, perhaps this will be interesting enough to record a quick upgrade tutorial?
Hi Tom! Yes, I've seen that update but still haven't upgraded - waiting to see if there are any new issues that were introduced.
But to answer other question you had - no, author of hass.io package has removed it from SynoCommunity store as docker version was only 1 of total of 5 reasons Synology is not supported. Biggest issue we have was deamon version, but since new version of HA, other things also popped up.
So, no - there will be no more videos on unsupported version of HA on Synology - people just had to many issues that devs didn't or couldn't support/fix and it brought a lot of frustration to both users and devs.
Sorry if this is a stupid question, but how do you figure out what your domain is?
You need to own a domain, or use service such ad DuckDNS to get one (subdomain) for free.
If I have an existing Bitwarden account, can I use those credentials in Vaultwarden and then all my passwords import?
Excellent question - never tried.
But from top of my head, I would say no - Bitwarden is commercial product hosted in cloud while VaultWarden is open source version.
You could use same password for access and import but it is not done automatically.
Good video it help me install my vaultwarden. Thank you for the nice video
Glad I could help Thank you for taking time for comment!!!!
How can I use the bitwarden administrator view to add or delete user accounts ? Did this work next to my running Synology os ?
In Vault you can create organization (like group of users) where you can send invitation to other users. It works ok and I use it that way on my Synology.
@BeardedTinker thanks for your VaultWarden self hosted password manager in Synology private cloud video on youtube. unfortunately I am not able to remotely access valutwarden via https. I can only access via http which would not allow me to log in. I have set up reverse proxy and certificates. can you help me?
Just create subdomain for the domain you have - that's easiest way to do it. for example bw.yourdomain.com for BitWarden.
@@BeardedTinker already done that. Looks like quick connect is using port 443. Can I use a different port for https?
Sorry, don't understand. If you have your domain, you can create subdomain and use that subdomain for this Docker container. No extra port forwarding is needed. Just forward all 443 traffic to your Synology and depending on the domain and subdomain name it will know where to forward it.
thx for the great video one question where can i config smtp for sent email invite?
You will need to configure it using variables when creating Docker container.
github.com/dani-garcia/vaultwarden/wiki/SMTP-configuration
You can (if everything is setup correctly) delete existing container and recreate using old command you used with SMTP part added: -e SMTP_HOST= -e SMTP_FROM= -e SMTP_PORT=587 -e SMTP_SSL=true -e SMTP_USERNAME= -e SMTP_PASSWORD=
@@BeardedTinker i can sent now the email but if the person who get the invatation the link is pointed to LOCALHOST and not reachable - same problem is if i verify my own email i had to copy the link and change to my domain from localhost - where can i change the localhost problem - i also could not setup the port in docker auto to 3012 i had to change from auto to 8881 maybe this is the problem?
@@petersu2441 I don't have SMTP set, but I've found documentation that can help you on this: github.com/dani-garcia/vaultwarden/wiki/Configuration-overview You can customise the URL there in case you are using revers proxy (as example) and then this will be pushed in emails.
What is the actual reason to install it using this "vaultwarden" instead of sticking to the original Bitwarden?
One is commercial product, this one is open source version using same code. With vaultwarden you can keep everything at your site/your servers instead of using public cloud.
@@BeardedTinker ok thx. Additionally I was just reading "perfect for self-hosted deployment where running the official resource-heavy service might not be ideal."
I heard that the iOS app cannot connect to VaultWarden. Is that true, or does it work fine?
To be honest, never heard of such issues. At home we have one iPhone and it works and I know a lot of others that use with iOS with no issues...
Did you ever get this to work. I can access VaultWarden via the https url but not iOS or AppleOS apps.
What do you do on the domain side? Just an A record pointing to your external IP?
For that I use reverse proxy and expose subdomain for it.
@@BeardedTinker reverse proxy does not work for me rn it say make sure the domain is public ip converted idk what that means. i also see not the same screen as you in the vid mine is newer pls i need help
I am getting this message, "This browser requires HTTPS to use the web vault
Check the Vaultwarden wiki for details on how to enable it" how do I do it, please?
I'm using Synology Application portal (in Control Panel) which is in a fact ngnix reverse proxy for that.You setup external sub domain (under your main domain) and route https traffic on that subdomain, to internal IP address of your VaultWarden.
@@BeardedTinker I am sorry but am not computer savvy but am also using a Synology Application portal, (in Control Panel). Do I need to create another let's encrypt certificate for Vault Warden? Please help?
Yes, but also, you can edit existing certificate and add this as alternative addresses (for ex. vw.domain.com)
@@BeardedTinker Can I have your email, will send you screenshot of the configuration, please?
Try to ping me on Discord server please. mail is such a mess that I'll probably not see message in week or two.
for me i could not get the certificate even if i tried as hard as i could, but then i wanted cloudflare and i could use the cf domain
If i go with IP adress on my Bitwarden/Docker it works but not with my normal Domain + new Port.
Is the Router and new port the problem?
Ty
btw great Video. Hope Synology will bring a own Package for Bitwarden.
Thank you very much for your comment.
If you want to open it up for external access, you have to create forward rule on the router to forward external port to internal IP and port you are using internally. This should really be it.
@@BeardedTinker Ty i try it. But stil hope Synology will do a Package for Bitwarden. Asked them also. Lets see...
You can try setting up Application portal (reverse proxy) in Synology. You just enter subdomain there for ex. warden.mydomain.com and forward it to your Synology IP address and port for Vaultwarden.
That way you don't need any additional port except 443 forwarded in router. It will also then be able to automatically create SSL certificate for it
@@BeardedTinker ty
@@BeardedTinker I open the the port in router, so i can use my domain now, but it is only without httpS avilable. Should it not be httpS? my normal domain is avilable with httpS.
EDIT: ok the reverse proxy go to my IP adress without httpS. Is it possible to do it with httpS or not worth coz it is my own server? ty so much for your help.
how do i connect to the user after all the configuration when i download the extension and the phone app it says that the user not exist
Create in Organisation under People users you need. There you assign username and password.
Your default one should be one you created when setting up the Vaultwarden.
You can check Documentation for more info: github-wiki-see.page/m/dani-garcia/vaultwarden/wiki
Hi BeardedTinker. First of all, thank you for your videos! Appreciate it.
If you have set it up correctly, how can you configure some config files stored in bwdata? Like for example the "global.override.env" ?
Thank you for comment and great question.
I haven't played with it since I'm lazy (actually never have enough time), but there are two ways on how you could do that.
First one is to add them when creating Vaultwarden, so if you already created it, you would need to stop it, delete existing container, and create new one with environment variable added.
Second one should be better option . create file with global variables you want to add or change and put that file in folder you created for VaultWarden.
Again, you have to remove existing container, but then you add following to start/create command: --env-file /path/to/your_global.env file - that way, whenever you change something and restart container, it should load it.
And it's also much easier to manage this than long command line.
Of course, there is option to use Docker compose for this too, but I would go with option 2.
@@BeardedTinker awsome. I will try that one out.
I can feel with you, regarding on the time. I have 2 Kids and only time to "work" on my local server, when they are in bed and If I dont fall asleep with them ;-)
Best wishes from germany!
Ohh I know how it feels 😂 Thanks and greetings from Croatia
@@BeardedTinker Hey BeardedTinker, I'm right now testing this out. Sadly Vaultwarden tells me in protocol, that "no .env file found". What am I doing wrong with the command in the start line? Do you have a tipp for me?
hi i tried changing the reverse proxy address but the server didnt move what can i do?
Hi, sorry, don't understand what the issue is.
With this configuration how are preventing others from discovering and using your vaultwarden services?
Good question. For start, don't publish your subdomain. Also, it's possible to block option to create new accounts. That way, no new accounts could be created. Those are some basic steps you could take . Others could for example be filtering MAC addresses that can reach this service on network level.
@@BeardedTinker After watching your video and poking around on various Wiki's and forums this one came the closest with having some very good points on security with Vaultwarden: www.synoforum.com/resources/securing-your-vaultwarden-install.140/
Excellent find!!!
@@BeardedTinker Is it a security risk to allow others make a new account and use it as a service? :)
@BullFrog it all depends... I have it open for now for family members and friends who would like to set up account. But I will definitly disable new account creating at some point. Also, I've set-up 2FA for my account. But that's standard for all accounts I have.
Does anyone know if there’s a similar option to setup a reverse proxy on a qnap nas?
Thanks for your video
Thanks for the comment Ed!
Hi this workds on SYNOLOGY DSM 7?? I used bitwarden with DSM 6.2 and no problem. I updated to DSM 7. And it stopeed working. I saw bitwarden was DEPRECTAED so i tried Vaultwarden. But same error. I install, i see the page to create user but after created i always gets a 404 Not Found
nginx. ¿Some help?
Name of the Docker image was changed from BitWarde to VaultVarden and that's why it way deprecated. Due to legal reasons as Bitwarde is commercial service and this was open source version.
And yes, it still works under DSM 7.0 - I have it running on my test setup.
I see that you're using ngnix for traffic. Try direct connection without ngnix.
Do you have any errors in Docker log file?
@@BeardedTinker well i use standar connection, i mean 192.168.0.x:5153 where 192.168.0.x is my ip nass and 5153 is the port used instead of 80 for htpps. I keep the 8880 port. No idea of how to direct connection whithout ngnix.....
In the Ngnix do you point just to IP address, or you also have URL.
Also are there any errors beside ngnix. In docker.
Hm I'm running "docker 20.10.3-1306" and it looks quite different in the settings. Can't really follow this instruction anymore.
There is sudo command in video description:
sudo docker run -itd --name=vaultwarden -v /volume1/docker/vaultwarden/:/data/ -p 8880:80 --restart=always vaultwarden/server:latest
This doesn't require any Docker UI.
@@BeardedTinker ohh thx a lot... Will try it right away.
at 9:22 you mistype the domain name
Did I? ;)
Top !
Thank you Mark!
Great Tutorial! everything works BUT, when i connect Vaultwarden to the bitwarden android app Phone/Tablet it works great! , but if i wont the same on windows Browser Chrome/Opera/FF bitwarden plugin i get the error failed to fetch! why? the settings are the same as on android app but it wont work on windows Browsers :( can you help? Vaultwarden has valid certificafe and is also public accessible but it dont works on windows Chrome/Opera/FF bitwarden plugin!
Not really sure to be honest. I use both app on phone and plugin in browser. Both work without an issues. Failed to fetch can be issue with certificate. Are you using ngnix/reverse proxy for certificate or have you imported certificate to vaultwarden? Also is the PC external or internal on the network?
@@BeardedTinker hi i used the synology reverse proxy as in tutorial and the pc/laptop is mostly internaly used, and i dont imported certificate to vaultwarden
@Mgr.Miroslav Prezbruch have you enabled NAT loopback on router? Try it! It helps properly resolve external URL . This may help. It's also calle NAT Hairpin
@@BeardedTinker my NAT on router is activated and the NAT type is set to symmetric, so i thing this is not the problem. Its a mystery 😅
@@buchy_m nice puzzle you've given me :) I'll try to think of something - currently brain is not working, but will come back to this a bit later :)