How to Setup Self Hosted Bitwarden
Ғылым және технология
pfsense HA Proxy Video
• (Updated Video In Desc...
Bitwarden install documentation
bitwarden.com/help/install-on...
Bitwarden backup documentation
bitwarden.com/help/backup-on-...
Connecting With Us
---------------------------------------------------
+ Hire Us For A Project: lawrencesystems.com/hire-us/
+ Tom Twitter 🐦 / tomlawrencetech
+ Our Web Site www.lawrencesystems.com/
+ Our Forums forums.lawrencesystems.com/
+ Instagram / lawrencesystems
+ Facebook / lawrencesystems
+ GitHub github.com/lawrencesystems/
+ Discord / discord
Lawrence Systems Shirts and Swag
---------------------------------------------------
►👕 lawrence.video/swag
AFFILIATES & REFERRAL LINKS
---------------------------------------------------
Amazon Affiliate Store
🛒 www.amazon.com/shop/lawrences...
UniFi Affiliate Link
🛒 store.ui.com?a_aid=LTS
All Of Our Affiliates that help us out and can get you discounts!
🛒 lawrencesystems.com/partners-...
Gear we use on Kit
🛒 kit.co/lawrencesystems
Use OfferCode LTSERVICES to get 10% off your order at
🛒 lawrence.video/techsupplydirect
Digital Ocean Offer Code
🛒 m.do.co/c/85de8d181725
HostiFi UniFi Cloud Hosting Service
🛒 hostifi.net/?via=lawrencesystems
Protect you privacy with a VPN from Private Internet Access
🛒 www.privateinternetaccess.com...
Patreon
💰 / lawrencesystems
⏱️ Time Stamps ⏱️
00:00 Host to install Self Hosted Bitwarden
00:25 SSL & SMTP prerequisites
01:20 Let's Encrypt
02:59 Install & Deploy On Linux Guide
03:57 Install docker, create Bitwarden user and paths
04:32 Bitwarden installation script
06:04 Host Installation ID
06:38 Setting SMTP and environment variable
07:53 Running Bitwarden
09:30 Browser Plugin Self hosted Settings
10:02 Admin Pages
11:14 Updating Bitwarden Server
12:12 Self Hosted Backups
12:55 Valutwarden
#bitwarden #passwordmanager #docker
Пікірлер: 246
pfsense HA Proxy Video kzread.info/dash/bejne/nKStt89uY9rLXbw.html Bitwarden install documentation bitwarden.com/help/install-on-premise-linux/ Bitwarden backup documentation bitwarden.com/help/backup-on-premise/
I've been looking into this for hours today, trying out guides for running Vaultwarden on my NAS using Docker, and ending up just testing Bitwarden on their own servers. This is so well timed - thanks!
@LAWRENCESYSTEMS
Жыл бұрын
Glad I could help!
@skorpion1298
Жыл бұрын
I use Vaultwarden with Portainer and nginx proxy. Everything running on a small PC and it was easy to Setup. If you need help I may help you out.
@lucky-13
Жыл бұрын
One thing to note and I like better is using cloudflare tunnels (in docker) vs opening ports up in a reverse proxy on my NAS.
@brandonchappell1535
7 ай бұрын
@@LAWRENCESYSTEMS any plans of doing a Vaultwarden install video on Scale like this one? You lost me at shell lol
@boonemeat2652
3 ай бұрын
I've watched so many videos for self hosted servers, but never found anything that walks through the ways or Best ways to access these outside of my home.
After seeing your last couple videos on Bitwarden, I’ve switched over to it and am self hosting with the family plan. So far I couldn’t be happier.
Really loving these new video how-to's. Very useful for people learning and getting into these things. This is one I will follow for sure.
Oh YEAH! Was hoping for a video from TOM with exactly this topic! Thanks kind sir!
You answered all the questions I've been racking up on BitWarden
I am going to work on this for my home and family. This would be a good project to put on my resume.
thanks! this video is going to come in handy tomorrow because i will be setting up my home lab tomorrow :)
Moved from Lastpass to Bitwarden with thier recent issues. I'm very happy with my transition.
Awesome! Exactly what I was looking for!
liked! thanks tom. currently using keepass with syncthing, but gonna switch to self hosted bitwarden eventually.
This is one of the best things I've ever done. Even my wife loves it. Running it in a VM on my Hyper-V. Works perfect. But I wish I could upload my cards as .jpg
Very timely with the Last Pass disaster in the news. Not that Bitwarden is as careless as Last Pass, but it's always worth considering self-hosting options.
I didn’t realize there was a debate with Vaultwarden. I’m self hosting Vaultwarden on my Synology (which was much easier to setup then what was in this video). I setup 2FA, used admin page to block new signups, firewall setup etc. I feel pretty good about the security for personal use, but I’ll have to do some research on what Tom mentioned at 13:00.
@kjeldschouten-lebbing6260
Жыл бұрын
There is literally no research to be done. Vaultwarden does not have a company attached to pay for commercial auditors to audit their code. The API is the same, however, so the API audits apply to both.
My fault for not reading FAQs but I remember sitting down and doing trial & error just to setup Bitwarden on Docker, setting up a reverse proxy config, etc. to discover that self-hosting Bitwarden does not unlock the paid features. So, I ended up installing Keeweb onto my existing Nextcloud instance. Been using ever since.
What's the advantage of installing Bitwarden on bare metal than, as example, Docker? I've switched from Proxmox back to ESXi and this would be a perfect LXC container case, but yeah :)
Great video!! Thanks. Can you provide more information on the configuration if we would like to access it internally with a DNS name? And also more information about the certificate, proxy and other components required that you are using? I would like to setup and make it available only internally. I suppose that it would work even on the road and that devices would sync when coming back.
Bitwarden was so easy to setup I was left wondering if I had missed something. LOL But it works great. Open source, free, and can be self-hosted. Just fantastic!
@designer.346
Жыл бұрын
That’s how I feel right now😂
Funny that I literally did this yesterday then see your video today.
I switched to Self-Hosted Bitwarden over a year ago, and with everything happening with LastPass, I'm glad I did. It just works. Setup with Let's Encrypt, and behind the firewall (VPN). Simple, and secure.
@waretechnologies6845
Жыл бұрын
Same here.
I'd be damn!! I was just talking about this at work and bam here you are making a video!? You are even more powerful than Amazon,Alphabet or Meta 😂
Thank you!!
Would love to see you making a video with a reverse Proxy
Lol, your video prompted me to lookup bitwarden and then to see "vaultwarden" in the Archlinux software repository. None of these tools do I use in a corporate environment. So for a number of years have been using Keepass, but honestly it's a pain in the butt keeping things smoothly going between just my wife and I through synchronization. We do have a number of attachements, does the $0 cost mean you can't have *any* attachments for personal use? Or, just you don't get to have any encrypted ones? And, if I self-host, does none of that apply at all? I can have my cake and eat it too?
Thanks for the nice walkthrough... Interested in your thoughts on the new Bitwarden Unified which has just been released into Beta
@LAWRENCESYSTEMS
Жыл бұрын
Looks nice, I did consider waiting to make this video until that version is our of beta, but I have a feeling people don't want to wait. Also, this version has a long history of working well.
@m0nji1234
Жыл бұрын
Saw the news of Bitwarden unified yesterday and thought, i will wait until tom will make a video about it, then i saw your video about bitwarden today and was kind of surprised that’s related to the „old“ method.
@dasGieltjE
Жыл бұрын
Been testing it for some time now, there are some blocking issues at the moment, but nothing that cannot be fixed. When it's released this should be a mayor improvement when run without mssql.
For cloud setup would you recommend a vm running bitwarden with only ip access from a reverse proxy. and then that reverse proxy only allows ip access from the vpn ip?
Yes, we are busy and a lot of things we need installed we will likely contract with you.
Interesting but a bit too complicated for little old me 😀I have a Synology NAS but it's too small to handle Docker. Can anyone suggest a suitable size NAS that would be adequate for this, or a small home server that could be used as a NAS and to run other services? Thanks!
How big is your installation in terms of passwords stored, shared collections and number of users? What are the scale up/out options?
@LAWRENCESYSTEMS
Жыл бұрын
A fresh install is about 152M and our production system with 8 users and a few thousand passwords is about 1G, but the backups are about 31M.
You should do a video on Docker-Mailserver (direct Docker name)
i was hoping to see vaultwarden here ;]
I was wondering if you have a guide to install BitWarden on TrueNAS Scale?
Great! Can you complete with the firewall rulles to secure the vm? You are awesome!!!!!
@LAWRENCESYSTEMS
Жыл бұрын
The only port needed if 443
Hello! thnx for your video! helpfull! but how can i startup bitwarten automacaly on boot start?
Great video Tom! I'm left wondering though. Is there no way to configure email verification with gmail?
@LAWRENCESYSTEMS
9 ай бұрын
Google is retiring (or may have retired already) the feature that would allow that.
Thanks
Where do you store your backup passwords as your cannot store them in bitwarden, chicken and egg situation
What is the difference between Lastpass' and Bitwardens servers (NOT self host) in terms of security? Is there actually a difference other than LastPass already having been attacked heavily? With all the things my personal hardware does, I am more comfortable relying on huge datacenters to host my services tbh.
Any good option for this one truenas scale? Or just use a VM?
@LAWRENCESYSTEMS
Жыл бұрын
I have not tested this on scale
How many containers does this deploy? Is it worth putting on a 2 core 4 gb VM or on my container host (much larger)
@bgroks1
Жыл бұрын
Really depends on the amount of users. If it’s just you, 2core, 2gb is working fine for me. 2GB ram minimum or MSSQL won’t work properly.
@heavy1metal
Жыл бұрын
This version runs 11 containers in the end. You can start with 1 core 2gb and just simply see how it runs... Beautiful thing about VMs, it's easy to add RAM and CPUs..
hello Tom, I get a 522 error . is there any step that we may need to do in PFSENSE to fix this issue
Im getting an error on the installing step after steps 1-7 its saying that on line49 docker: command not found, is there anything I can try to fix this?
Hi Tom, I might be a bit late to the subjecta nd I hope you can help, but is there a way to install bitwarden natively without using docker or any other container environment?
@LAWRENCESYSTEMS
10 ай бұрын
I don't have a tutorial but you could grab all the source and build it manually.
I set mine up with cloudflare zero trust. Super easy to set up and it handles all ssl certificates. You can even have multifactor authentication to even access the site for extra security
@metal-beard
Жыл бұрын
how do you put multifactor auth on it?
@zundlefire5268
Жыл бұрын
@@metal-beard In zero trust, under Access and Applications. I have it only allow certain emails to receive a one time code
Has anything changed recently with the Bitwarden install files? I'm following your steps exactly with the latest version but it doesn't work, I cannot create my acccount, shows an error on the webpage. In the logs i'm getting an error relating to the mssql db login. Using Debian 12. Also it looks like some spaces have been added for the mssql login string for TrustServerCertificate=True and MultipleActiveResultSets=False but removing the spaces didn't resolve my problem.
Just wondering, what shell and theme are you using there?
@LAWRENCESYSTEMS
Жыл бұрын
github.com/lawrencesystems/dotfiles
Paying for Dashlane at the moment. If I self host this, will this then be completely free for multiple users, or do I still need to pay something for the client's apps or other services?
@LAWRENCESYSTEMS
Жыл бұрын
bitwarden.com/pricing/
any alternatives to using docker? all docs I have found says to use docker but I do not want to
@LAWRENCESYSTEMS
Жыл бұрын
They have all the source available but I don't have a guide on it. The use Docker to make service delivery simple.
This video put me in the mindset that converting from LastPass to BitWarden is too much trouble last year. Is this actually a lot simpler? Am I fine using their servers rather than my self-hosted setup or should I 100% go self-hosted?
@LAWRENCESYSTEMS
7 ай бұрын
For just one person, using self hosted does not make a lot of sense so just use their servers.
@Saturn2888
7 ай бұрын
@@LAWRENCESYSTEMS thanks! It'd be for me, my kids, wife, and other relatives, but it's easier to just do the online account. Is it secure?
@LAWRENCESYSTEMS
7 ай бұрын
@@Saturn2888Yes, they do a good job with security
If people do self host where do they store backup of the password file? Cloud? Ummmmm??
What's everyones opinion on deploying Bitwarden selfhosted using the "Unified (Beta)" option?
@LAWRENCESYSTEMS
Жыл бұрын
I have not tested it yet, I was going to wait until it's out of beta.
@heavy1metal
Жыл бұрын
It changes the docker setup but the webapp is the same. Adds support for more external DB servers other than M$ SQL, which is a big plus.
@dasGieltjE
Жыл бұрын
Been testing it for some time now, there are some blocking issues at the moment, but nothing that cannot be fixed. When it's released this should be a mayor improvement when run without mssql.
@feo786
Жыл бұрын
@@dasGieltjE what's the issue with MSSQL?
@dasGieltjE
Жыл бұрын
@@feo786 insanely memory inefficient, also running a MariaDB instance that already serves dozens of other systems and is offsite replicated and backed up.
How would I connect an enterprise license to the self hosted server? I didn't quite understand.
@LAWRENCESYSTEMS
4 ай бұрын
You have an account on Bitwardens site where you buy the licence which has an export option to create a file that you import via the self hosted web interface.
Used to run bitwarden-rs on the Synology with Docker behind HA-proxy on pfsense. Recently made a change to vaultwarden on a Proxmox VM getting access via Cloudlfare Tunnels. No more port forwards with HA-proxy. Easy certificate handling amongst other things. Am I cheap? yes. Do I trust the vaultwarden image? yes. Do I trust Cloudflare? yes. Are they 3rd parties? yes. Isn't just about everything a 3rd party? yes. Where can you really draw the line on "trust"? Just because it had a code review? GMAB
@heavy1metal
Жыл бұрын
Trust should be based on the value of the data. If a compromise could mean the end of your own business as well as the businesses you manage, leading to litigation and other consequences then a verified source with an external audit is well worth the extra money / effort when possible.
@metal-beard
Жыл бұрын
how do you limit people from going to your CF Tunnel address?
@fourmobro6214
Жыл бұрын
@@metal-beard The CF tunnel, by itself, is security by obscurity. As it is a CNAME record, one would need to know the FQDN of the self-hosted service to get there as it is not accessible by the ISP provided public IP address. CF also does not publish the CNAME records to the public. Even if you knew the CF target of the CNAME record, you cannot access the resource from the target name. CF also blocks bad actors from creating a new CNAME record of your resource to prevent spoofing.
Is it advisable to use bitwarden/vaultwarden for a large organization with around 1000 employees?
@LAWRENCESYSTEMS
Жыл бұрын
Bitwarden yes, but Vaultwarden I don't use.
Hi Tom, any working comments about Windows/Active Directory integration? I am failing miserably at it, thanks
@LAWRENCESYSTEMS
Жыл бұрын
Not a feature we use or plan to use
@pabss3193
Жыл бұрын
@@LAWRENCESYSTEMS but still a nice challenge, riiiiiiiight? lol Thx tho, will keep chipping at it and document it the moment I get it working, but just in case... I mean... ;)
Hi Tom my browser blocks access to my self hosted bitwarden ? Please help 🥺
Hi, thanx for the video, what i dont understand here, if you setup bitwarden locally and use vpn to be more secure, you cant use the bitwarden outside of your home network?! otherwise you need to build bridge outside each time you want to use bitwarden..?! do you still recommending it this way or am i getting something wrong? do you think it is a bad idea to expose e.g. cloudflare tunnel?
@LAWRENCESYSTEMS
4 ай бұрын
I prefer to keep my Bitwarden instance behind a VPN but you can expose it directly or via a reverse proxy such as Cloudflare tunnel.
@ismailuwair187
4 ай бұрын
@@LAWRENCESYSTEMS will you be able to use it from outside your network? you will need to use the same vpn(network)?!
@LAWRENCESYSTEMS
4 ай бұрын
@@ismailuwair187I use a VPN to use it outside my network.
What was the point of making the bitwarden user and then not executing the shell script within that users directory? At least that's what Bitwardens own documentation says to do. I know it doesn't make a difference to you, but for people watching and copying you directly, they will miss the step to switch to the bitwarden user and run the shell scripts in that service accounts directory. Ultimately, not the end of the world but for consistency and management it does matter.
@LAWRENCESYSTEMS
Жыл бұрын
Fair point
@tiagomez400
7 ай бұрын
@@LAWRENCESYSTEMS you see you just did what you want not what made sense for a how to video lmaooooo garbage
Have you ever looked into passbolt as a self-hosted solution?
@LAWRENCESYSTEMS
Жыл бұрын
I have not and I have only seen sponsored reviews of it so not really sure how good it is.
@TheOGShelbyLee
Жыл бұрын
@@LAWRENCESYSTEMS it'd be interesting to get your perspective!
@LAWRENCESYSTEMS
Жыл бұрын
@@TheOGShelbyLee Due to the work involved in testing a password manager I don't know if I will be reviewing it anytime soon. Most of my reviews are products we use all the time.
From a newbie, can this process be done within a Docker container?
@LAWRENCESYSTEMS
8 ай бұрын
These instructions are for using docker.
I just spent the weekend setting up Vaultwarden, CloudFlare, Lets Entrypt and Nignix Proxy on my Unraid box. But you mentioned self signed cert, but then you had an error with the browser plug in due to SSL error. How did you get past the error? I have wireguard on my pfsense router working and with only a few apps on my phone allowed. So I could use self signed cert. How did you get past it or did you?
@mistakek
Жыл бұрын
He said it himself. Reverse proxy, specifically HA proxy on pfsense.
@DavidBrownSC
Жыл бұрын
@@mistakek sorry i must have missed that. I guess I am getting old and can't hear nor see :)
@cloud2050
Жыл бұрын
@David Brown If you are using Cloudflare and Nginx you can use Cloudflare cert to protect your environment instead. I use this in my setup. You can find many videos on KZread on this. Check the Ibracorp videos.
I cannot get this working with the iPhone IOS, SSL Error........... and a browser addon ....... won't connect as not secure type thing. Works fine from website, any fix?
@LAWRENCESYSTEMS
9 ай бұрын
You need a reverse proxy
Hi, how can I create the tunnel without having the port? I checked in the portainer and no ports are being generated! Thanks 🍻
@LAWRENCESYSTEMS
Жыл бұрын
The Cloudflare tunnels connect to the other services running on your network or in docker.
one thing is I don't understand what is the advantage of self-hosted Bitwarden vs having Bitwarden host it on your behalf on Microsoft Azure Cloud. Sidenote I use Bitwarden.
@danijelpavlovic9871
Жыл бұрын
As a nobody you are not going to be a very good target for hacking groups that are focused on hacking companies for big $$$. If you aren't pants on head retarded in terms of your home server security you should be safer than having it in the cloud. Remember that if you don't hold the vault then you don't own the vault.
@heavy1metal
Жыл бұрын
Reducing the risk of having your vault stolen in the event of an attack vs self-hosting it would have to be a targeted attack. (This is exactly what happened with LastPass)
@Brad-jb2bd
Жыл бұрын
@@heavy1metalcounterpoint user might not be as good as bitwarden at locking down their environment. An improperly secured environment is what got last pass.
Do you have any info on installing a self hosted password manager without involving Docker?
@LAWRENCESYSTEMS
Жыл бұрын
No
@MR-vj8dn
Жыл бұрын
@@LAWRENCESYSTEMS Thanks for your quick response 😊 I asked because I’m in a mission of removing and avoiding Docker on our servers with the most sensitive / security related data.
Is there big advantages to self-hosting this versus Bitwarden managed?
@LAWRENCESYSTEMS
Жыл бұрын
Upside you are in control of your data, downside you are fully responsible for managing & securing your data.
@mychaelhouck2404
Жыл бұрын
@@LAWRENCESYSTEMS thats kinda what I thought.
What keyboard are you using in the video?
@technicalthug
24 күн бұрын
Anyone know what keyboard is being used?
I already have Bitwarden deployed on it’s own VM, working well. What are your thoughts on colocating it on a docker host with other services?
@LAWRENCESYSTEMS
Жыл бұрын
I prefer not too
Non-Docker Install... Hi Tom thx for another great setup-video! Is there any chance to get bitwarden running self-hosted without docker? I'm aware, that there's different dependencies db, nginx, etc. but shouldn't it be possible to set it up manually w/o docker?
@LAWRENCESYSTEMS
Жыл бұрын
Not that I know of
I keep running into an issue where the install script cannot find Docker. (internal error, please report: running "docker.compose" failed: cannot find installed snap "docker" at revision 1458: missing file /snap/docker/1458/meta/snap.yaml) I think it's because I installed Docker natively in Ubuntu and not through Snap. I would uninstall Docker and reinstall it through Snap, but I have my Plex server running on it, and I don't want to rebuild the libraries. Any solution for this?
@LAWRENCESYSTEMS
Жыл бұрын
I have not done any testing using it with snaps.
@chrisdenny
Жыл бұрын
@@LAWRENCESYSTEMS I haven't either. I wonder it isn't picking up my Docker instance.
is there a way not to setup smtp and declare my user/pwd on admin side? im the only one who gonna use this and if i want someone to use it like my wife i will setup an account manually is that possible?
@LAWRENCESYSTEMS
Жыл бұрын
nope
Any advice on redundancy for 2 instances?
@LAWRENCESYSTEMS
Жыл бұрын
It's not designed to work that way.
@heavy1metal
Жыл бұрын
Not needed - just backup the database. The client caches a copy of the vault file which eliminates the need for 24/7 uptime. So you'll have plenty of time to spin up a new instance and attach the database in the event of failure.
@MartinHiggs84
Жыл бұрын
Thanks both
One nitpick: I personally don't like how you suggested that vaultwarden "didn't write the code", they did write their own server backend. From Scratch.
@LAWRENCESYSTEMS
Жыл бұрын
Yes, but they didn't write the front end
@kjeldschouten-lebbing6260
Жыл бұрын
@@LAWRENCESYSTEMS That's fair, but the way it was placed made it sound too much like "they just stole the code and rebranded"...
@Brad-jb2bd
Жыл бұрын
@@kjeldschouten-lebbing6260you don’t know how well their code was written. It’s not gone under audits like bitwarden so it’s fair to seer clear of it in a production environment or if your are very security conscious.
How do you make the android app work with a self signed certificate without a fqdn but instead an ip address...
@LAWRENCESYSTEMS
Жыл бұрын
you don't
Can this be done in the unraid docker apps?
@LAWRENCESYSTEMS
Жыл бұрын
I don't use Unraid but probably.
im confused on the domain stuff, do i have to buy a domain/website name? i want to host on a raspberry pi. can i just use the ip address of the pi?
@LAWRENCESYSTEMS
11 ай бұрын
You have to have a working email which requires a domain.
@bossman18899
5 ай бұрын
@@LAWRENCESYSTEMS finally got time to mess around with it. a self hosted bitwarden can be done with a gmail email address you just have to get a app password setup. self signed cert and gmail email i got it all up and running. to make things a little easier a free domain with duckdns works as well. i set one up with duckdns LAN only and with a cloudflare domain LAN only with a gmail email and its working good. so buying a domain and having a smtp email server or whatever is not a need. if your using it for a company or large scale sure probably worth it but a 1-5 person setup for home super easy to do it for free with no smtp or domain stuff.
if I set this up on a old laptop connected to power running 24/7, whats the risk of the server going down? Is this a good idea or should I invest in a real server for this project.
@LAWRENCESYSTEMS
11 ай бұрын
It's all about your risk tolerance. Most laptops only have one drive so there is not much redundancy.
@dyd
11 ай бұрын
@@LAWRENCESYSTEMS How often would you expect to preform maintenance on your server. Would a drive failing be a regular occurrence?
@LAWRENCESYSTEMS
11 ай бұрын
It's not a frequent occurrence, just statistically most likely one that should be planned for
who's here from lastpass? don't forget to change your passwords!
Nice tutorial but i can't get it to work properly. When i register a new user it gives me an error "an unhandled server error has occurred" Anyone knows what i'm doing wrong?
@Crazy--Clown
Жыл бұрын
China
For $10 a year I'll stick to premium. I trust the people that made it to be more knowledgeable in security than I am.
@andrewbunch8973
Жыл бұрын
Given what just happened with last pass do you still think this.
@cmdrbozo
Жыл бұрын
If you do the following, you're still good even if the cloud-based crypt is hacked. Don't store the entire passwords. Use the auto-generated strong passwords for storage in the crypt, BUT and some secret characters e.g., to the end of all passwords but don't store these in Bitwarden. So once the password is auto-filled add your secret characters them login. For a stored password like "stored-password" the actual password might be "stored-passwordBOB"
@martinlutherkingjr.5582
Жыл бұрын
Great idea, give all your password data to some stranger on the internet.
@eek8605
Жыл бұрын
@@andrewbunch8973 as a software engineer, having the transparency of open source, i do trust it, because with LastPass they hide everything :( Plus our cyber security team had a huge look at their code before migrating from lastpass. Because one thing that needs to be clear if someone finds the hash for your vault passwords, depending on the hashing algorithm it will take a attacker more than his life to find a matching hash....thats why i trust them :0
@designer.346
Жыл бұрын
@@martinlutherkingjr.5582so delete your KZread account then, and instagram, delete everything cause you’re giving your passwords to a stranger, Bitwarden is the best program ever made to me since I always use a different password on every site so I keep forgetting them
Their docker setup really feels over engineered, what was it? 13 containers?
@LAWRENCESYSTEMS
Жыл бұрын
They break out everything in separate containers so only the containers that need to be updated are updated. They have their new version in beta that consolidates the containers so that will be an option soon.
@tehsimo
Жыл бұрын
@@LAWRENCESYSTEMS I hadn't heard about a consolidated setup, looking forward to that then!
@JohnKlingler
Жыл бұрын
All of that for a handful of users certainly is a bit cumbersome. I can only assume that this is a bit of a facsimile of their production environment where they host a gazillion users. Separating things out like this let's them scale the various bits of the infra more granularly than if everything ran in one native process. For self-hosting, it's definitely overkill. But if the containers are all deployed as separate auto-scaling deployments in kubernetes or something like that, it's probably very cost effective, manageable, and more easily monitored when your usage spikes are in the hundreds of thousands of requests per second.
@richardbillington3185
Жыл бұрын
13 microservices :--) The way of the future, monolithic apps or microsevices AKA containers.. The way of the future, embrace
@tehsimo
Жыл бұрын
@@richardbillington3185 I run all my apps in containers, but 13 is pushing it toooo far
Cloudflare, Cloudflare, Cloudflare, - I love Cloudflare for their FREE ssl wildcard cert along with there domain hosting. And then there is the CloudflareD tunnels and proxying. When used with Authentik I believe that is a great way to self host everything. I am a long time paid subscriber to Bitwarden ($10.00 a year). I have used the self hosting solution but feel safer using their servers. Love your videos and Thank you. :-)
@metal-beard
Жыл бұрын
Can we use Authentik with CFd tunnels?
@ChrisDePasqualeNJ
Жыл бұрын
@@metal-beard I am currently using it with NPM on my PI. Love it
I'm using Vaultwarden 😀
Does it run in ARM?
@LAWRENCESYSTEMS
Жыл бұрын
This version does not, but their beta does bitwarden.com/help/install-and-deploy-unified-beta/
@mcury85
Жыл бұрын
@@LAWRENCESYSTEMS thanks Lawrence
Using vaultwarden (not bitwarden!) on an internal docker through cloudflare tunnel with cloudflare certificates!
If I am not wrong. Vaultwarden is a fork of Bitwarden. They had to change the name because of legal issues on using the same name. But I could be wrong.
@hawks5196
Жыл бұрын
Yeah they rebuilt it in rust and doesn’t have the same limitations the normal Bitwarden app does. But, you can use the default Bitwarden apps with the vaultwarden server just the same.
@M.4y
Жыл бұрын
It's not a fork. But yes, the backend is written in Rust. Frontend is 99% from Bitwarden themselves. However encryption happens on client side. So the server never gets/should not get unencrypted confidential data. But I agree with Tom 13:00
I love you that you can self-host bitwarden. But Bitwarden is one of the few services out there that I DON't want to self-host and pay someone else :)
i need an smtp server?
@LAWRENCESYSTEMS
Жыл бұрын
You need access to a working one.
Why is Bitwarden better than putting a KeePass vault file on Cloud Storage? KISS principle seems to apply here, KeePass has served me well for years and I have full control of everything.
@LAWRENCESYSTEMS
Жыл бұрын
I am working on a video to cover this very common question, but the short answer is scalability with larger teams. For single users, KeePass is fine.
I'm surprised they're relying on MSSQL though...
I may have missed it, but is this running on a standalone server or is it running on a VM?
@heavy1metal
Жыл бұрын
Neither, it's a container which is agnostic of whether or not it's a VM / bare-metal solution. How you host it, is up to you.
You skipped over the installation of Docker at the beginning. Without Docker installed, the install script for Bitwarden won't run.
@tiagomez400
7 ай бұрын
hes a horrible instructionist, he skips right over the key parts, doesnt actually show how to just shows us just how he did it without showing key steps lmaoo pure garbage
Can non standard ports be used? Or we need to expose 443? Port scanners might find it fast and take interest in my home ip then
@seeingblind2
Жыл бұрын
Security through obscurity is not advisable. Have a firewall in front OR you could always setup cloudflare in front of your web server.
@Ultrajamz
Жыл бұрын
@@seeingblind2 wouldn’t a firewall close the port and force using vpn to sync?
@M.4y
Жыл бұрын
@@Ultrajamz well you can do a lot with a firewall. You can also ban certain IP-Ranges/allow some public IPs you own.
@Ultrajamz
Жыл бұрын
@@M.4y any good user friendly firewalls that allow easy geo-based ip range blocks? So like only USA ips can even possibly connect or only certain carriers or US states?
any suggestions for homelab people that dont have a company smtp email.
@LAWRENCESYSTEMS
Жыл бұрын
www.duocircle.com/email/outbound-smtp
Why not just use KeePass?
@LAWRENCESYSTEMS
Жыл бұрын
kzread.info/dash/bejne/ZmqVy9Ondau1hrg.html
@martinlutherkingjr.5582
Жыл бұрын
@@LAWRENCESYSTEMS Haha wow thanks
I love video's like this but I hate my ISP for videos like this... blocking port 80 and 443 gah.
@fourmobro6214
Жыл бұрын
Try a cloudflare tunnel and see if you can get around that.
@majorpayne4795
Жыл бұрын
@@fourmobro6214 i have never tried that.. I'll look into it.
For self hosting. Vaultwarden > Bitwarden
@LAWRENCESYSTEMS
Жыл бұрын
I prefer to use the back end made by the dev team that made the front end.
Get their paid plan..worth it 😇
Docker only right? Why is that?
I would go with Vaultwarden (based on Bitwarden) instead, why more lightweight! Hope it helps
@Brad-jb2bd
Жыл бұрын
And vaultwarden is not audited. You are risking all of your passwords using that docker container. It would be better for you to use Bitwarden unified.