@@AwesomeOpenSource I just finished setting up Vaultwarden, im impressed by it over keepass, nothing wrong with keepass, but it looks feels dated + no centralization is a mess to deal with. I showed the wife how to use it on her phone and her first words in utter excitement were "so I don't have to use keepass app anymore". Pretty much sold me on transferring everything over to Vaultwarden.
Thank you. It works like a champ. Expanding this to family soon. The other videos on this topic get you running. But this one had the way to access the admin page which many gloss over. You went above and beyond. Thank You!
great work thankyou people like you are what make the selfhosting hoby fun /doable -would love a tut on how to backup/restore data for a docker container like vauultwarden
Usually, if you set up the volumes mapped to the host is (basically mounting a drive) you can backup from the host volume, the just restore by setting the same volumes and putting the backup data in the place that you map.
Excellent !! They way you are exploring the opensource software and giving brief details. Also I like the way you provide the installation and configuration of software in your video tutorials.
Amazing. I didn't know there even exist an admin panel for Vaultwarden. I get here because i was trying to enable Fido2 and i couldn't because some error regardind the domain setup. Thank you, you have great content!
I appreciate the grand compliment, but I'm not sure about being better than others. I just take a different approach. Mainly, because I'm learning it all before I record.
@@AwesomeOpenSource What I like is your session is oriented with a specific subject, you are concise, your in-between tips are very much valuable and most practical. I have watched many video's on similar subject, so based on my personal experience, I came to this conclusion. Keep up such a grand work. You are blessed with excellent voice, deeper knowledge and a rare ability of explaining everything in simple and lucid language. All the best for your valuable work in public domain.
I was trying out Bitwarden_RS last year but haven't fully migrated yet as I still have a subscribtion with 1password, didin't know that Bitwarden_RS ismage is now deprecated and renamed to Vaultwarden. Thanks for the video for keeping us updated! Hopefuly i can migrate my database to this image.
Depending on how you setup Bitwarden_RS, you may just have to change the image name in docker, and bring it back up to get it to Vaultwarden. You could make a copy of your setup with _RS and just change the port on the left side, to see if it all comes up as you expect.
the "automatic" way for frequent mysql backups is "automysqlbackup" (on basically every linux distribution. (with hourly, daily, weekly, monthly and "keep last = x" for every interval))
Thanks for consistently great content! Now I am in a pickle though :) I want to migrate from LastPass but I have to decide if I want to host myself on a Synology NAS (and maybe let my whole family use my instance) or just use their service... Hmm. Decisions, decisions.
Self-hosting is amazing, but with password managers, I'm always thinking of how best to make sure it's backed up well...so I actually do both. I self host, and then export / import backups to their service as a backup.
Fantastic, its a very good solution for a raspberry pi. I am very fun of self hosting. I read your note and you correctly mention that ownership falls on us. Backups are vital! In the event that something goes wrong and want o switch from self hosted to official bitwarden, do we have to export the file/database to a file or is like a keepass that has only a file and we can just backup the .xxx file to a different location? (compatibility between the 2) (not familiar with vault/bit warden). Since vaultwarden uses bitwarden client, there are chances that the 2 move on in different speed and could create an issue? (updated client not working with vaultwarden ??) Thanks,
So far, I've had no issues moving the exported db from one system to another, and getting it to restore properly, even from Bitwarden to Vaultwarden. I still use both, and use my Vaultwarden as a backup system. But either way, it works. You can export with a password on the file as well, which I prefer for keeping it more secure.
Excellent video as always.... I will try to set this up but only to be accessible via my VPN instead of making it publicly available. I have a question though about the database version. Do you have any idea how many users and passwords entries the default SQLite database would be able to reliably handle?
Hi Brian - first - excellent videos! Question - do you have any videos or can you look at producing a video on backing up & restoring VaultWarden database/critical files? I have VaultWarden installed in Portainer - sitting on a Debian node in Proxmox...and would like to move backup files onto a NAS storage. I am struggling finding 'understandable' material. Is that something you have considered putting together?
@@AwesomeOpenSource Hi Brian - I posted a response yesterday and TH-cam must have taken it down? Anyway, I am aware of the export feature... and that is what I have been using. But according to the GitHub, they are encouraging the whole database to be backed up. For my case, I have multiple users on our system...and Export feature of the Organization only goes so far if the users have entities sitting under their "My Vault". Does that make sense?
Nginx Reverse Proxy --- Proxy host -- contents of "Domain name" field can be copied to "Forward Hostname / IP" field ... This is good enough. ( without finding docker0 ip ) This works beautifully. Your comments please.
I think I mentioned you could setup the proxy host in several ways. You can use the private ip of the Host, the docker0 IP, or the container name. Am I misunderstanding your question?
@@AwesomeOpenSource I had been struggling for some days before I coincidentally found your video haha thanks anyway! Great work on your channel! But let me please try and share what I have learnt about this topic. You want to use the private (LAN) IP for the forward host, when such host is a different machine. If you're hosting your nginx and your app(s) as containers in a single docker host, you can connect them through the docker network and completely avoid having that traffic reaching your LAN. This way is not only easier but more secure because traffic stays inside docker. If you do this, you also don't need to bind the internal application port to an outside port. The containers must be on the same docker network to be reachable to each other. This is the case by default if you create the containers using docker-compose (they create a default bridge network) or if you manually bind them to the same docker network. So the way I'm doing it is having nginx connect to all my service networks, and then pointing the proxy hosts to their container name and internal port. As simple as that! Hope that helps
Since this channel is turning to be some sort of Open Source Knowledge Video Repository xD I'd like to share an additional note on the setup which took me a while to resolve. Maybe it's useful to someone over here :) it's about websockets which are optional, but this taught me a lot of nginx proxy manager. In order for the websocket notifications to work you have to add some custom locations to the proxy host. And these weren't easy for me until I found out. Details tab. Like you did, set FQDN and point to your container. I use docker names here so in my case vaultwarden 80. You want to check the websocket thing and block exploits. Custom locations. Here you need 3 blocks. I'll use the following pattern as placeholders: location -> scheme hostname port This is very important. Every time you use custom locations, you have to repeat the same one you had in the previous tab, but with a little tweak. In this tab, you MUST put a trailing slash on your hostnames! So be careful with the slashes here. location 1: this points to the root like we did in the details tab, but notice the additional slash in the hostname/ip / -> http vaultwarden/ 80 location 2: here we put slashes at the end of both the location and the hostname, important /notifications/hub/negotiate/ -> http vaultwarden/ 80 location 3: lastly, this is the websocket endpoint that we reach in port 3012 /notifications/hub/ -> http vaultwarden/ 3012 Also, I'd recommend activating all additional SSL toggles like HTTP2 and HSTS whenever possible, the toggle them off one by one if something doesn't work :)
nice guide as usual.. Although I think you forgot to mention you somehow need to setup nginx manager and get e-mail working.. somehow.. Unfamiliar with nginx manager or nginx.. so yeh.. since this is mandatory to get vaultwarden working, not going to happen this way.
In my Show Notes for this video I have a section on getting NGinX Proxy Manager installed and ready, as well as an entire video and article just on that topic. Maybe that will get you where you need to be.
It can, but Gmail requires you to turn off a couple of their security settings as I recall, and such. But there are tutorials on how to use GMail for SMTP out there.
I'm trying to understand the usage of TOTP when I register a new item. On mine, the Authenticator key (TOTP) field has a stuck "15" second marker and empty 6-digt placeholder. Any idea how to use this?
So, when you setup a new password for a website? If so, the website needs to offer 2FA, then you enroll in 2FA with the site, and use the application to grab the QRcode and se tthe key, or paste in the associated url for the 2FA key, and validate it.
I use mine outside my LAN. A couple of things to double check. 1. Your ISP allows you to use port 80 and 443. 2. You are assigned a public IP address. If those are good, then make sure you have port 80 and 443 forwarded to your proxy server. If thta's all good, post over at discuss.opensourceisawesome.com in the #help-me-please channel, and we'll see if we can help.
Very eye opening, and thanks. I am self-hosting Vaultwarden via Docker on my Synology. Only issue is while off LAN (mobile network for example), I am unable to make edits, changes, additions etc. They won't save. Syncing fails. Is this to be expected or do I need to do something else for this to work? Thanks.
The only thing I can imagine is that off network you are seeing a cached version of your vault, and not actually connecting to the server. You may need to adjust your firewall, port forwarding, and proxy settings.
Does VaultWarden or BitWarden have SSO support freely available? Such as ldap or oauth integration? Or is it something only available for paid users in the BitWarden version?
Like many, I'm struggling getting my email server (Sendgrid) configured. I have to tweak the environment settings many times over. What is the procedure? After a change to the environment, do I have to docker-compass to rebuild? Or is there a shortcut to testing email send parameters?
I make a change, then just re-run docker-compose up -d again, and it should bring it up with changes you make in the compose file. I believe you can force a rebuild if you don't think it's rebuilding.
@@AwesomeOpenSource Thanks for all your contributions to the open source community. Something that I, stupidly, didn't realize is that Vaultwarden provides an admin console on self-hosted installations. I was able to use that without having to stop/edit/restart docker.
Thanks for the awesome guide. It was running smoothly but after November update, bitwarden decrypted some endpoints and it suggested to upgrade the application. When I try to Upgrade using: docker-compose down docker-compose pull docker-compose up -d I am getting an error that says "502 Bad Gateway". I can't figure out how to fix this. Can you guide me to properly upgrade the docker image?
I know you told me on chat, you found it to be an issue with SMTP being set to auto instead of starttls right? Just for anyone else who may run into it.
Thanks for the video. Is it possible if you could post the Postfix configuration file here? hiding your domain name because i am having problem setting this up. And could you please also explain how you created the SMTP_user and SMTP_password ?
Let me take a look. I didn't really make a PostFix config, so let me see if i can cover again what I did. I'm using my own mail server that I run on a different server to send the email, not using postfix inside the container itself per se.
I was just showing where you would want to make changes to the compose file, but I already had mine setup, and didn't want to show any secrets, so I made a copy of their generic example. I made changes in the background off screen, then came back to start it.
@@AwesomeOpenSourcewell you‘re showing and explaining that you do not allow a new registration, and first thing you do is a registration. That‘s confusing man 😂
I setup up the ngnix exactly as you mention, I own the domain and also created the subdomain on my host provider, I add my local pi ip address and the port I choose for vaultwarden and tick everything like you did. However when trying to obtain ssl certificate it says internal error
So, if you just save the proxy first without creating the SSL, can you reach it on non-https (http only)? Do you get the normal "congratulations" page from NGinx Proxy Manager if you try your base url / domain? Lastly, check the NGinX Proxy Manager logs (either in Protainer, or in the CLI using the command "docker logs < container name >", and see if anything jumps out.
You can set it up with just the IP address, and leave out the part with the domain and the reverse proxy. You'll access it locally by IP only. IF you need more help jump over to discuss.opensourceisawesome.com and post in the #help-me-please channel, and we'll try to help you out. Just be patient after posting.
1. Make a backup of your vault (i recommend using an encrypted backup). 2. Stop the containers (docker-compose down). 3. Make a backup of the whole vaultwarden folder. 4. pull the new version (docker-compose pull) 5. Start the new container (docker-compose up -d) This is my process.
@@mcolvin yes backup from the admin section. Also backup your vault. The additional backup of the folder is a final way to get everything back as well. If you setup the volumes to be in that folder.
If you're using it in docker via docker compose, just get into the vaultwarden directory, and do the following commands: docker-compose pull docker-compose up -d
As far as the reverse proxy configuration--I kind of wish there were a GUI tool for Caddy like there is for Nginx, but its configuration is so simple it's hardly worth it. Here's what you'd need to add to your Caddyfile to implement the same sort of proxy you did: vault.yourdomain { reverse_proxy 192.168.200.20:8062 } Proxy, done. TLS, done. HTTP->HTTPS redirect, done. Certificate (including automatic renewal), done.
I think, unfortunately, the free options are abused, and worked around for more than the intended limitations, so they have to adjust their model in order to sustain the project.
Just want you to know that you are doing a tremendous job making these videos. Keep up the very good job Brian.
I appreciate that so very much! Thank you!
Just saying I wanted to say the same
As a long time Keepass User, this is an instant switch for me. thanks for bringing this to light.
Glad to help!
@@AwesomeOpenSource I just finished setting up Vaultwarden, im impressed by it over keepass, nothing wrong with keepass, but it looks feels dated + no centralization is a mess to deal with. I showed the wife how to use it on her phone and her first words in utter excitement were "so I don't have to use keepass app anymore". Pretty much sold me on transferring everything over to Vaultwarden.
Thank you. It works like a champ. Expanding this to family soon. The other videos on this topic get you running. But this one had the way to access the admin page which many gloss over. You went above and beyond. Thank You!
Fantastic!
great work thankyou people like you are what make the selfhosting hoby fun /doable -would love a tut on how to backup/restore data for a docker container like vauultwarden
Usually, if you set up the volumes mapped to the host is (basically mounting a drive) you can backup from the host volume, the just restore by setting the same volumes and putting the backup data in the place that you map.
Excellent !! They way you are exploring the opensource software and giving brief details. Also I like the way you provide the installation and configuration of software in your video tutorials.
Glad it was helpful!
Amazing. I didn't know there even exist an admin panel for Vaultwarden.
I get here because i was trying to enable Fido2 and i couldn't because some error regardind the domain setup. Thank you, you have great content!
Glad it was helpful.
Excellent work sir. Far far better than any other You Tuber in the field of Open Source implementation of IT infra.
I appreciate the grand compliment, but I'm not sure about being better than others. I just take a different approach. Mainly, because I'm learning it all before I record.
@@AwesomeOpenSource What I like is your session is oriented with a specific subject, you are concise, your in-between tips are very much valuable and most practical.
I have watched many video's on similar subject, so based on my personal experience, I came to this conclusion.
Keep up such a grand work. You are blessed with excellent voice, deeper knowledge and a rare ability of explaining everything in simple and lucid language. All the best for your valuable work in public domain.
great video - loved the in-depth information about the smtp settings since I was configuring smtp/invitations this weekend
Glad it was helpful!
I was trying out Bitwarden_RS last year but haven't fully migrated yet as I still have a subscribtion with 1password, didin't know that Bitwarden_RS ismage is now deprecated and renamed to Vaultwarden. Thanks for the video for keeping us updated! Hopefuly i can migrate my database to this image.
Depending on how you setup Bitwarden_RS, you may just have to change the image name in docker, and bring it back up to get it to Vaultwarden. You could make a copy of your setup with _RS and just change the port on the left side, to see if it all comes up as you expect.
Great job Brian! Love it. We should link our two warden videos together!
When are we due for a video together again? 🥳
I'd love to plan time to do another video with you. I'm hoping to have some time in late April or early May. We definitely need to do it though.
the "automatic" way for frequent mysql backups is "automysqlbackup" (on basically every linux distribution. (with hourly, daily, weekly, monthly and "keep last = x" for every interval))
awesome I thought I knew it all about Vaultwarden but you showed me something new 👍
Glad to hear that!
Thanks for consistently great content! Now I am in a pickle though :) I want to migrate from LastPass but I have to decide if I want to host myself on a Synology NAS (and maybe let my whole family use my instance) or just use their service...
Hmm. Decisions, decisions.
Self-hosting is amazing, but with password managers, I'm always thinking of how best to make sure it's backed up well...so I actually do both. I self host, and then export / import backups to their service as a backup.
Thank you for such a great review and explanations!
My pleasure!
28:44 - Yes, Brave also has this extension, because Brave web store = Chrome web store. :)
Excellent!
Thanks for the demo and info, have a great day
It is my absolute pleasure!
I had no idea there was an admin page, thanks!
Happy to help!
Fantastic, its a very good solution for a raspberry pi. I am very fun of self hosting.
I read your note and you correctly mention that ownership falls on us. Backups are vital!
In the event that something goes wrong and want o switch from self hosted to official bitwarden, do we have to export the file/database to a file or is like a keepass that has only a file and we can just backup the .xxx file to a different location? (compatibility between the 2)
(not familiar with vault/bit warden).
Since vaultwarden uses bitwarden client, there are chances that the 2 move on in different speed and could create an issue? (updated client not working with vaultwarden ??)
Thanks,
So far, I've had no issues moving the exported db from one system to another, and getting it to restore properly, even from Bitwarden to Vaultwarden. I still use both, and use my Vaultwarden as a backup system. But either way, it works. You can export with a password on the file as well, which I prefer for keeping it more secure.
Excellent video as always.... I will try to set this up but only to be accessible via my VPN instead of making it publicly available.
I have a question though about the database version. Do you have any idea how many users and passwords entries the default SQLite database would be able to reliably handle?
I don't. Again, a good question for the Bitwarden team.
Hi Brian - first - excellent videos!
Question - do you have any videos or can you look at producing a video on backing up & restoring VaultWarden database/critical files? I have VaultWarden installed in Portainer - sitting on a Debian node in Proxmox...and would like to move backup files onto a NAS storage. I am struggling finding 'understandable' material. Is that something you have considered putting together?
I'll definitely take a look. I just use their export function to export the data, then save the file to my NAS. They have an encrypted export option.
@@AwesomeOpenSource Hi Brian - I posted a response yesterday and TH-cam must have taken it down? Anyway, I am aware of the export feature... and that is what I have been using. But according to the GitHub, they are encouraging the whole database to be backed up. For my case, I have multiple users on our system...and Export feature of the Organization only goes so far if the users have entities sitting under their "My Vault". Does that make sense?
Very useful. Thanks!
You are very welcome!
Nginx Reverse Proxy --- Proxy host -- contents of "Domain name" field can be copied to "Forward Hostname / IP" field ... This is good enough. ( without finding docker0 ip ) This works beautifully. Your comments please.
I think I mentioned you could setup the proxy host in several ways. You can use the private ip of the Host, the docker0 IP, or the container name. Am I misunderstanding your question?
@@AwesomeOpenSource Appreciate your answer. You have correctly understood my question and further more I am very much satisfied.
@@AwesomeOpenSource I had been struggling for some days before I coincidentally found your video haha thanks anyway! Great work on your channel!
But let me please try and share what I have learnt about this topic.
You want to use the private (LAN) IP for the forward host, when such host is a different machine. If you're hosting your nginx and your app(s) as containers in a single docker host, you can connect them through the docker network and completely avoid having that traffic reaching your LAN. This way is not only easier but more secure because traffic stays inside docker. If you do this, you also don't need to bind the internal application port to an outside port. The containers must be on the same docker network to be reachable to each other. This is the case by default if you create the containers using docker-compose (they create a default bridge network) or if you manually bind them to the same docker network.
So the way I'm doing it is having nginx connect to all my service networks, and then pointing the proxy hosts to their container name and internal port. As simple as that! Hope that helps
Since this channel is turning to be some sort of Open Source Knowledge Video Repository xD I'd like to share an additional note on the setup which took me a while to resolve. Maybe it's useful to someone over here :) it's about websockets which are optional, but this taught me a lot of nginx proxy manager.
In order for the websocket notifications to work you have to add some custom locations to the proxy host. And these weren't easy for me until I found out.
Details tab. Like you did, set FQDN and point to your container. I use docker names here so in my case vaultwarden 80. You want to check the websocket thing and block exploits.
Custom locations. Here you need 3 blocks. I'll use the following pattern as placeholders: location -> scheme hostname port
This is very important. Every time you use custom locations, you have to repeat the same one you had in the previous tab, but with a little tweak. In this tab, you MUST put a trailing slash on your hostnames! So be careful with the slashes here.
location 1: this points to the root like we did in the details tab, but notice the additional slash in the hostname/ip
/ -> http vaultwarden/ 80
location 2: here we put slashes at the end of both the location and the hostname, important
/notifications/hub/negotiate/ -> http vaultwarden/ 80
location 3: lastly, this is the websocket endpoint that we reach in port 3012
/notifications/hub/ -> http vaultwarden/ 3012
Also, I'd recommend activating all additional SSL toggles like HTTP2 and HSTS whenever possible, the toggle them off one by one if something doesn't work :)
What a terrific bit of extra information! Thank you so much for this! I'll see if I can get it added to my Show Notes as well!
nice guide as usual.. Although I think you forgot to mention you somehow need to setup nginx manager and get e-mail working.. somehow.. Unfamiliar with nginx manager or nginx.. so yeh.. since this is mandatory to get vaultwarden working, not going to happen this way.
In my Show Notes for this video I have a section on getting NGinX Proxy Manager installed and ready, as well as an entire video and article just on that topic. Maybe that will get you where you need to be.
@@AwesomeOpenSource thx.. yeh.. I've decided to switch back to haproxy within pfsense which works a bit better for my needs...
Great job as usual! i struggle with the smtp part of your tuto. it doesnt send me any email. can i use gmail instead?
It can, but Gmail requires you to turn off a couple of their security settings as I recall, and such. But there are tutorials on how to use GMail for SMTP out there.
I've used gmail and you can use app password to make a dedicated password just for this use case.
I'm trying to understand the usage of TOTP when I register a new item. On mine, the Authenticator key (TOTP) field has a stuck "15" second marker and empty 6-digt placeholder. Any idea how to use this?
So, when you setup a new password for a website? If so, the website needs to offer 2FA, then you enroll in 2FA with the site, and use the application to grab the QRcode and se tthe key, or paste in the associated url for the 2FA key, and validate it.
Sir can it be accessed from outside of the local network? I have tried many times to set the reverse proxy, but I did not get that.
I use mine outside my LAN. A couple of things to double check. 1. Your ISP allows you to use port 80 and 443. 2. You are assigned a public IP address. If those are good, then make sure you have port 80 and 443 forwarded to your proxy server. If thta's all good, post over at discuss.opensourceisawesome.com in the #help-me-please channel, and we'll see if we can help.
Very eye opening, and thanks. I am self-hosting Vaultwarden via Docker on my Synology. Only issue is while off LAN (mobile network for example), I am unable to make edits, changes, additions etc. They won't save. Syncing fails. Is this to be expected or do I need to do something else for this to work? Thanks.
The only thing I can imagine is that off network you are seeing a cached version of your vault, and not actually connecting to the server. You may need to adjust your firewall, port forwarding, and proxy settings.
Does VaultWarden or BitWarden have SSO support freely available? Such as ldap or oauth integration? Or is it something only available for paid users in the BitWarden version?
Looks like there's a feature request for this, but not implemented today in VAultwarden.
Like many, I'm struggling getting my email server (Sendgrid) configured. I have to tweak the environment settings many times over. What is the procedure? After a change to the environment, do I have to docker-compass to rebuild? Or is there a shortcut to testing email send parameters?
I make a change, then just re-run docker-compose up -d again, and it should bring it up with changes you make in the compose file. I believe you can force a rebuild if you don't think it's rebuilding.
@@AwesomeOpenSource Thanks for all your contributions to the open source community. Something that I, stupidly, didn't realize is that Vaultwarden provides an admin console on self-hosted installations. I was able to use that without having to stop/edit/restart docker.
Not stupidly...it's not real obvious that it's there by any means. So glad you've found it now.
Thanks for the awesome guide. It was running smoothly but after November update, bitwarden decrypted some endpoints and it suggested to upgrade the application.
When I try to Upgrade using:
docker-compose down
docker-compose pull
docker-compose up -d
I am getting an error that says "502 Bad Gateway". I can't figure out how to fix this. Can you guide me to properly upgrade the docker image?
I know you told me on chat, you found it to be an issue with SMTP being set to auto instead of starttls right? Just for anyone else who may run into it.
@@AwesomeOpenSource Yeah, I was clueless. Thanks for the tip ;) Keep up the good work man
Thanks for the video. Is it possible if you could post the Postfix configuration file here? hiding your domain name because i am having problem setting this up. And could you please also explain how you created the SMTP_user and SMTP_password ?
Let me take a look. I didn't really make a PostFix config, so let me see if i can cover again what I did. I'm using my own mail server that I run on a different server to send the email, not using postfix inside the container itself per se.
You may create a video on Ovios Linux ( specialized storage os )
Let me look into it, and see what I find.
at 13:27 what's happening there? Why do you have 2 compose files and why are you running the one you didn't work on?
I was just showing where you would want to make changes to the compose file, but I already had mine setup, and didn't want to show any secrets, so I made a copy of their generic example. I made changes in the background off screen, then came back to start it.
@@AwesomeOpenSourcewell you‘re showing and explaining that you do not allow a new registration, and first thing you do is a registration. That‘s confusing man 😂
Very cool, makes me consider switching over from keepassXC
I used Keepass for years, and it was great, but this definitely takes up a notch for me.
Hi very good Video. Do you know of any way to enable access or audit logs to track who copied passwords etc.?
I don't, but that would be a good question for the Bitwarden team, and possibly a good suggestion for future enhancement if it doesn't exist.
thank you
You're welcome
could you make a tutorial on a self hosted rss feed?@@AwesomeOpenSource
@@tokyofamily8536 let me see what I can find.
@@AwesomeOpenSource OCR too please
is setting, security_opt:
- no-new-privileges:true a good idea in yaml file?
Thank for video and really nice. Please teach me where is admin token, so I cannot login admin page.
Check the top of the docker logs. Use the command
docker-compose logs
to see if it shows in there.
I setup up the ngnix exactly as you mention, I own the domain and also created the subdomain on my host provider, I add my local pi ip address and the port I choose for vaultwarden and tick everything like you did. However when trying to obtain ssl certificate it says internal error
So, if you just save the proxy first without creating the SSL, can you reach it on non-https (http only)? Do you get the normal "congratulations" page from NGinx Proxy Manager if you try your base url / domain? Lastly, check the NGinX Proxy Manager logs (either in Protainer, or in the CLI using the command "docker logs < container name >", and see if anything jumps out.
@@AwesomeOpenSource I got same thing as he did. Any help please
If i dont have a domain what should i do ? I just want this local
You can set it up with just the IP address, and leave out the part with the domain and the reverse proxy. You'll access it locally by IP only. IF you need more help jump over to discuss.opensourceisawesome.com and post in the #help-me-please channel, and we'll try to help you out. Just be patient after posting.
@@AwesomeOpenSource the problem is that if i leave out the part of the proxy it ask me for the SSL certificates
what is the best way to update vaultwarden?
1. Make a backup of your vault (i recommend using an encrypted backup).
2. Stop the containers (docker-compose down).
3. Make a backup of the whole vaultwarden folder.
4. pull the new version (docker-compose pull)
5. Start the new container (docker-compose up -d)
This is my process.
@@AwesomeOpenSource when you say backup, do you mean from the admin section? or how do you backup everyone's vault?
@@mcolvin yes backup from the admin section. Also backup your vault. The additional backup of the folder is a final way to get everything back as well. If you setup the volumes to be in that folder.
Can you add the script how to update already installed vaultwarden?
If you're using it in docker via docker compose, just get into the vaultwarden directory, and do the following commands:
docker-compose pull
docker-compose up -d
Can you pls add video for ldap sync?
Let me see what I can do, don't have ldap setup right now.
Is there a way to have the browser extension login if it detects the desktop app is logged in like 1Password does?
If there is, I haven't found it yet. I do have to login to them separately. I use the browser app about 99.9% more than the desktop though.
As far as the reverse proxy configuration--I kind of wish there were a GUI tool for Caddy like there is for Nginx, but its configuration is so simple it's hardly worth it. Here's what you'd need to add to your Caddyfile to implement the same sort of proxy you did:
vault.yourdomain {
reverse_proxy 192.168.200.20:8062
}
Proxy, done. TLS, done. HTTP->HTTPS redirect, done. Certificate (including automatic renewal), done.
Great Info, thanks!
free 2 person org has already been replaced with a trial
I think, unfortunately, the free options are abused, and worked around for more than the intended limitations, so they have to adjust their model in order to sustain the project.