SECURE YOUR SERVER
The basic Bitwardenrs server is up and running, but there are key elements missing: One, there’s no security, and two, you can’t access the server outside your local network. To see what’s required, visit the Bitwardenrs wiki ( https://github.com/dani-garcia/ bitwarden_rs/wiki). The best solution is to use a third-party certificate such as Let’s Encrypt, but it’s complicated to set up—start your search at https:// blog.linuxserver.io/2019/01/15/selfhosting-bitwarden/.
If, however, you’re not intending to use Bitwarden on your iPhone or Android, you can generate your own self-signed certificate as outlined in the wiki (see “Using a Private CA and making SSL certs work with Chrome”) in conjunction with the domain name you’re using to point to your server.
This involves OpenSSL , and Windows users must first download and install the full version of Win64 OpenSSL ( https://slproweb.com/ products/Win32OpenSSL .html)— choose Win32 OpenSSL and adapt the commands below if you’re running Bitwardenrs on Windows 32-bit.
Once installed, type “environment” into the “Search” box. Click “Set the system environment variables” followed by “Environment Variables.” Click “New” under “System variables,” name it “OP ENSSL _CON F” and click “Browse File” to select “C:\Program Files\OpenSSL -Win64\bin\openssl. cfg.” Once created, select “Path” under “System variables” and click “Edit” followed by “New” to insert “C:\ Program Files\OpenSSL -Win64\bin\.” Click “OK.” You should now be able to open a Command Prompt window, navigate to a suitable location (such as “C:\keys”), then issue the commands listed to create the required keys. When generating the “Bitwarden.ext” file, substitute “Bitwarden.local” with your own domain name.
Next, switch to the “Enabling
HTTPS ” section of the wiki for additional steps to follow—if you’re running Bitwardenrs on a NAS , visit www.synoforum.com/threads/378/
(Synology) and https://github.com/ dani-garcia/bitwarden_rs/issues/465 (QNAP) for more help with setting things up.