Docker – Bitwarden_rs – self signed certificate

Bitwarden_rs will not work on Chrome without SSL, so we are going to create a self signed certificate. If you are going to host Bitwarden on the internet (outside your local network), use certbot instead.

Prerequisites: working Docker installation on Linux

As sudo or root, make persistent data directories for SSL and Bitwarden files on the Docker host machine:

mkdir -p /docker_data/bitwarden/ssl
cd /docker_data/bitwarden/ssl

Generate certificate and a key.
You will be asked to enter cert data, enter whatever you wan’t, it doesn’t really matter since it’s self signed:

openssl req -x509 -newkey rsa:4096 -keyout bitwarden.key \
-out bitwarden.crt -days 720 -nodes

Start the container, wait until container starts and then go to https://yourdockerhost

docker run -d --restart always --name bitwarden -e \
ROCKET_TLS='{certs="/ssl/bitwarden.crt",key="/ssl/bitwarden.key"}' \
-v /docker_data/bitwarden/ssl/:/ssl/ -v \
/docker_data/bitwarden/:/data/ -p 443:80 bitwardenrs/server:latest

You can check container status with “docker ps”:

docker ps

Output:

Login to Bitwarden wegbui via self signed SSL now.

2 comments

  1. Hi! excellent tutorial, all other tutorial seemed complicated for me, I have a question hoy do I renew the cert when is the time?

    THX

    1. Hello,

      login to your Docker host and enter container shell with docker exec command, delete cert and repeat procedure from tutorial. How to delete cert in container:

      root@docker:~# docker exec -it bitwarden /bin/bash
      root@d5ea4f6627b7:/# ls /ssl
      bitwarden.crt bitwarden.key
      root@d5ea4f6627b7:/# rm -rf /ssl/bitwarden.crt /ssl/bitwarden.key

      bitwarden in the example above is container name (docker exec -it “container name” /bin/bash). You can get container name on your Docker host by running command docker ps. More info: https://phase2.github.io/devtools/common-tasks/ssh-into-a-container/

Leave a Reply

Your email address will not be published.