this post was submitted on 23 Oct 2023
31 points (94.3% liked)

Selfhosted

38707 readers
677 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
31
Bitwarden and Nginx proxy manager (aussie.zone)
submitted 11 months ago* (last edited 11 months ago) by [email protected] to c/[email protected]
11 comments fedilink hide all child comments
 

Hello

I installed bitwarden via their install script a while back and all was working well.

recently I wanted to start running a reverse proxy because security and also its cooler to type in a domain name instead of numbers. I disabled the ngnix instance that bitwarden had installed because it was hogging the same ports a Ngnix Proxy Manager.

Now how should I get Bitwarden accessable? I have the .conf file from the bitwarden Ngnix instance, can I just load that into NMP somewhere?

or should I just change the ports the old ngnix operates on and point NPM at it when the bitwarden subdomain is accessed?

if it was just one service it would be simple but there are many running in the bitwarden stack, all on the same port and I'm very new to ngnix so I can't fully grasp what the .conf file is doing and I'm unable to add new passwords to bitwarden until I get this sorted out.

Thanks

Edit: bitwarden is in docker container, as is Nginx Proxy Manager

top 11 comments
sorted by: hot top controversial new old
[–] [email protected] 8 points 11 months ago* (last edited 11 months ago) (1 children)

SWAG is great for overwhelmed Nginx beginners. It comes preconfigured with reasonable defaults and also provides configs for a bunch of popular services: https://github.com/linuxserver/reverse-proxy-confs. Both Bitwarden and Vaultwarden are on there.

Note that this setup assumes that you will run your service (Bitwarden/Vaultwarden) in a Docker container. You can make SWAG work with something that's running directly on the host, but I'd recommend not starting with that until you've fooled around with this container setup a bit and gained a better understanding of how Nginx and reverse proxies in general work.

[–] [email protected] 3 points 11 months ago (1 children)

SWAG works perfectly, so much easier. It also handles the Let's Encrypt certificates automatically - no more having expired domains.

If a service config isn't available, you can confidently copy another and make a few modifications and have it up and running in no time

[–] [email protected] 1 points 11 months ago* (last edited 11 months ago)

Nginx Proxy Manager does also manage certificates, it makes it even easier to create separate certificates for different subdomains, which is nice for my sanity.

I don't like that anybody checking out one certificate of any service and get all the subdomains I'm running too, and wildcard certificates are bad practice.

I was running the LS.io Letsencrypt container as it was named before, and SWAG for years, without any problems, it does its job, but then i've tried NPM and it made my life easier, i love the ability to change access rules or proxy settings with some simple clicks too, without having to edit countless config files for simple changes everywhere, that's what ultimately made me stay there.

[–] [email protected] 7 points 11 months ago

If you aren’t too deep into the nginx rabbit hole then I would recommend Caddy very much, it is an amazing improvement over nginx and is much friendlier to configure and use. It also supports no nonsense integration with Let’s Encrypt as an added bonus!

[–] [email protected] 3 points 11 months ago

You mentioned that you disabled the NGINX instance installed by Bitwarden, don't do that. Just change the port that it is hosting on and then point NPM at that port. You can also set the Bitwarden NGINX conf to use a self-signed certificate and then use NPM to manage the real cert.

[–] [email protected] 2 points 11 months ago* (last edited 11 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
HTTP Hypertext Transfer Protocol, the Web
SSL Secure Sockets Layer, for transparent encryption
nginx Popular HTTP server

2 acronyms in this thread; the most compressed thread commented on today has 12 acronyms.

[Thread #236 for this sub, first seen 24th Oct 2023, 04:35] [FAQ] [Full list] [Contact] [Source code]

[–] [email protected] 2 points 11 months ago* (last edited 11 months ago)

Their script has places you can specify a certificate and server name in the main config file inside your bitwarden data folder. Probably no need to use another container to accomplish the thing. For example in the config I disabled SSL and have my FW as the reverse proxy going to nginx:80.

[–] [email protected] 1 points 11 months ago (1 children)

Is bitwarden running in docker?

[–] [email protected] 1 points 11 months ago (1 children)

Yes it is

[–] [email protected] 2 points 11 months ago

In that case you would need to add a port mapping to the bitwarden container, and point NGP to that port.

[–] [email protected] 1 points 11 months ago* (last edited 11 months ago)

I'm not near a terminal to look but from what I remember I modified the given docker compose to comment out nginx and pointed the instance I already had up at the bitwarden container. There may have been another edit or two I stumbled over.

I'll look when I get home and edit this post. GL