Bitwarden Chromium

Bitwarden Chrome
Bitwarden Chrome Vault Is Logged Out
Bitwarden Chrome Autofill
Bitwarden Chromium Github

Będzie po angielsku bo może przyda się światu. ;)

Short instruction how to run Bitwarden service on home Qnap NAS.

Configuring the keyboard shortcuts used by a Bitwarden Browser Extension differs based on which browser you’re using. To access the configuration menu: In Chrome, enter chrome://extensions/shortcuts in the address bar. In Chromium-based browsers like Brave, substitute chrome for the relevant browser name (e.g. EDIT: Many thanks to u/Jaibamon, since the new Edge is based on Chromium, it's possible to use bitwarden extension from Google's Chrome Web Store at. Just enable 'Allow extensions from other stores' in Edge under menu 'Extensions' Chrome Web Store's version works perfectly.

Install „Container Station” on your Qnap. On the left panel of” Container Station” click on „Create” button and then on „Create Application” in upper right corner of window. In the text input field put content of the following listing and name this new application „bitwarden”.

Accept it and run. What you have really done is Docker Compose YAML configuration file which pulls 3 images from Docker Hub server:

bitwarden_rs – an unofficial Bitwarden server implemented in Rust language,
nginx – web server required here as proxy for HTTPS requests,
bw_backup – a docker image running cron job to backup bitwarden database.

and runs containers of them inside „Container Station”.

You should pay particular attention to the ports configuration, line with „580:80” and „5443:443” frases. „580” and „5443” are outside ports which are open on the Qnap itself. You can change to whatever fits for you but don’t use 80, 443 or 8080 because they are already taken by Qnap own services.

Before you run freshly created application (that’s Qnap Container Station’s name for docker-compose GUI) SSH log into Qnap and go to application folder:

Now, you must create configuration for nginx:

Save it as nginx.conf to /share/Container/container-station-data/application/bitwarden/data/nginx folder.

Now, you have to create self signed certificate to encrypt HTTP requests with SSL. To do this log in to Qnap with SSH and run following commands:

In this repo you’ll find two interesting files: data/ssl/bitwarden.ext:

and script called create_ssl.sh:

You can edit data/ssl/bitwarden.ext to make cert generating easier. Look at this lines:

and this:

Warning: your certificate will be valid only for above domains. I use Pi-hole local DNS to redirect bitwarden.fubar to my QNap IP address.

OK, run create_ssl.sh script and follow instructions. At the and you will find whole new structure of folders with files in ssl directory.

Copy certs and private folders to /share/Container/container-station-data/application/bitwarden/data/ssl.

Now, start Bitwarden application:

Open web browser and go to the URL like: https://bitwarden.fubar:5443, remeber to change domain to same value as in DNS.1 for ssl.

Bitwarden Chrome

You should see Bitwarden login page:

Time to install and use Bitwarden clients on desktops (macOS, Linux, Windows) and mobiles (Android, iOS) but before you’ll do it first go back to SSH session on you Qnap and copy „myCA.crt” file on your computer.

This file is, root CA certificate that will make your Bitwarden clients think that certificate used to connect is valid even it is self signed by you.

Install CA certificate on every host you use with Bitwarden client:

macOS – double click on CRT file and it will open in Keychain Access, add it to System keychain and choose „Always Trust” option,

Linux (Debian/Ubuntu)- https://askubuntu.com/questions/73287/how-do-i-install-a-root-certificate

If your CA is in PEM format convert .pem file to a .crt file:

Create a directory for extra CA certificates in /usr/share/ca-certificates:

2. Copy server_rootCA.crt file to this directory:

3. Let Debian/Ubuntu add the .crt file’s path relative to /usr/share/ca-certificates to /etc/ca-certificates.conf:

3a. To do this non-interactively, run:

Windows – don’t use it.

Firefox – go to Preferences -> Privacy & Security -> View Certificates. Click Import, then choose PEM/CRT file, select „Trust this CA to identify websites.”

Chrome – in macOS it uses Keychain so you don’t need to add it again. For Linux check this website: https://thomas-leister.de/en/how-to-import-ca-root-certificate/. Quick hint: go to Settings -> Privacy & Security -> Security -> Manage Certificates and Import.

Warning! Original Bitwarden Desktop client use chromium sandbox so you HAVE TO install CA certificate into Chromium!!!

When CA certificate is in right place the last thing is:

before you connect every Bitwarden client must „know” the right address of Bitwarden server.

Bitwarden Chrome Vault Is Logged Out

Run client and click gear icon:

then put your server address in 4 fields:

Bitwarden Chrome Autofill

Server URL
Web vault server URL
API server URL
Identity server URL

Remember to put it in the following form: https://my.ip.address:myport, in case your server has IP 10.0.0.1 and port 5443 it should be: https://10.0.0.1:5443 like in image below. If you use domain name (as me) you should replace IP with domain: