Bitwarden_rs will not work on Chrome without SSL, so we are going to create a self signed certificate. If you are going to host Bitwarden on the internet (outside your local network), use certbot instead.
Prerequisites: working Docker installation on Linux
As sudo or root, make persistent data directories for SSL and Bitwarden files on the Docker host machine:
mkdir -p /docker_data/bitwarden/ssl cd /docker_data/bitwarden/ssl
Generate certificate and a key.
You will be asked to enter cert data, enter whatever you wan’t, it doesn’t really matter since it’s self signed:
openssl req -x509 -newkey rsa:4096 -keyout bitwarden.key \ -out bitwarden.crt -days 720 -nodes
Start the container, wait until container starts and then go to https://yourdockerhost
docker run -d --restart always --name bitwarden -e \
ROCKET_TLS='{certs="/ssl/bitwarden.crt",key="/ssl/bitwarden.key"}' \
-v /docker_data/bitwarden/ssl/:/ssl/ -v \
/docker_data/bitwarden/:/data/ -p 443:80 bitwardenrs/server:latest
You can check container status with “docker ps”:
docker ps
Output:
Login to Bitwarden wegbui via self signed SSL now.
Hi! excellent tutorial, all other tutorial seemed complicated for me, I have a question hoy do I renew the cert when is the time?
THX
Hello,
login to your Docker host and enter container shell with docker exec command, delete cert and repeat procedure from tutorial. How to delete cert in container:
root@docker:~# docker exec -it bitwarden /bin/bashroot@d5ea4f6627b7:/# ls /ssl
bitwarden.crt bitwarden.key
root@d5ea4f6627b7:/# rm -rf /ssl/bitwarden.crt /ssl/bitwarden.key
bitwarden in the example above is container name (docker exec -it “container name” /bin/bash). You can get container name on your Docker host by running command
docker ps. More info: https://phase2.github.io/devtools/common-tasks/ssh-into-a-container/