mirror of
				https://github.com/dani-garcia/vaultwarden.git
				synced 2025-10-26 07:50:02 +02:00 
			
		
		
		
	Merge pull request #294 from i-ghost/feature/add-systemd-notes
Add systemd setup instructions to README.md
This commit is contained in:
		
							
								
								
									
										107
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										107
									
								
								README.md
									
									
									
									
									
								
							| @@ -45,6 +45,9 @@ _*Note, that this project is not associated with the [Bitwarden](https://bitward | ||||
|     - [Fail2Ban Filter](#fail2ban-filter) | ||||
|     - [Fail2Ban Jail](#fail2ban-jail) | ||||
|     - [Testing Fail2Ban](#testing-fail2ban) | ||||
|   - [Running with systemd-docker](#running-with-systemd-docker) | ||||
|     - [Setting environment variables](#setting-environment-variables) | ||||
|     - [Running the service](#running-the-service) | ||||
| - [Building your own image](#building-your-own-image) | ||||
| - [Building binary](#building-binary) | ||||
| - [Available packages](#available-packages) | ||||
| @@ -70,12 +73,12 @@ Basically full implementation of Bitwarden API is provided including: | ||||
|  * Basic single user functionality | ||||
|  * Organizations support | ||||
|  * Attachments | ||||
|  * Vault API support  | ||||
|  * Vault API support | ||||
|  * Serving the static files for Vault interface | ||||
|  * Website icons API | ||||
|  * Authenticator and U2F support | ||||
|  * YubiKey OTP | ||||
|   | ||||
|  | ||||
| ## Missing features | ||||
| * Email confirmation | ||||
| * Other two-factor systems: | ||||
| @@ -379,7 +382,7 @@ docker run -d --name bitwarden \ | ||||
|   -p 80:80 \ | ||||
|   mprasil/bitwarden:latest | ||||
| ``` | ||||
|    | ||||
|  | ||||
| When `SMTP_SSL` is set to `true`(this is the default), only TLSv1.1 and TLSv1.2 protocols will be accepted and `SMTP_PORT` will default to `587`. If set to `false`, `SMTP_PORT` will default to `25` and the connection won't be encrypted. This can be very insecure, use this setting only if you know what you're doing. | ||||
|  | ||||
| ### Password hint display | ||||
| @@ -413,7 +416,7 @@ docker run -d --name bitwarden \ | ||||
|   -v /bw-data/:/data/ \ | ||||
|   -p 80:80 \ | ||||
|   mprasil/bitwarden:latest | ||||
| ```  | ||||
| ``` | ||||
|  | ||||
| Note that you can also change the path where bitwarden_rs looks for static files by providing the `WEB_VAULT_FOLDER` environment variable with the path. | ||||
|  | ||||
| @@ -491,6 +494,98 @@ If it works correctly and your IP is banned, you can unban the ip by running: | ||||
| sudo fail2ban-client unban XX.XX.XX.XX bitwarden | ||||
| ``` | ||||
|  | ||||
| ### Running with systemd-docker | ||||
|  | ||||
| These instructions allow you to have systemd manage the lifecycle of the docker container, if you prefer. | ||||
|  | ||||
| First, install the `systemd-docker` package using your system package manager. | ||||
| This is a wrapper which improves docker integration with systemd. | ||||
|  | ||||
| For full instructions and configuration options, see the [GitHub repository](https://github.com/ibuildthecloud/systemd-docker). | ||||
|  | ||||
| As root, create `/etc/systemd/system/bitwarden.service` using your preferred editor with the following contents: | ||||
|  | ||||
| ```ini | ||||
| [Unit] | ||||
| Description=Bitwarden | ||||
| After=docker.service | ||||
| Requires=docker.service | ||||
|  | ||||
| [Service] | ||||
| TimeoutStartSec=0 | ||||
| ExecStartPre=/usr/bin/docker pull mprasil/bitwarden:latest | ||||
| ExecStart=/usr/bin/systemd-docker --cgroups name=systemd --env run \ | ||||
|   -p 8080:80 \ | ||||
|   -p 8081:3012 \ | ||||
|   -v /opt/bw-data:/data/ \ | ||||
|   --rm --name %n mprasil/bitwarden:latest | ||||
| Restart=always | ||||
| RestartSec=10s | ||||
| Type=notify | ||||
| NotifyAccess=all | ||||
|  | ||||
| [Install] | ||||
| WantedBy=multi-user.target | ||||
| ``` | ||||
|  | ||||
| Adjust the above example as necessary. In particular, pay attention to the `-p` and `-v` options, | ||||
| as these control the port and volume bindings between the container and the host. | ||||
|  | ||||
| Explanation of options which may not be self-explanatory: | ||||
|  | ||||
| - A `TimeoutStartSec` value of 0 stops systemd from considering the service failed | ||||
|   after waiting for the default startup time. This is required as it may take a while for the `docker pull` in `ExecStartPre` to finish. | ||||
| - `ExecStartPre`: Pull the docker tag before running. | ||||
| - A `Type` value of `notify` tells systemd to expect a notification from the service that it is ready. | ||||
| - A `NotifyAccess` value of `all` is required by `systemd-docker`. | ||||
|  | ||||
| #### Setting environment variables | ||||
|  | ||||
| It's possible to directly specify environment variables in the unit file in two ways: | ||||
|  | ||||
| - Using an `Environment` directive in the `[Service]` block. | ||||
| - Using the `-e` option of `docker`. In this case, you can omit the `--env` option shown in the example above. | ||||
|  | ||||
| To verify that your environment variables are set correctly, check the output of `systemctl show bitwarden.service` | ||||
| for an `Environment` line. | ||||
|  | ||||
| It's also possible to store environment variables in a separate file using the `EnvironmentFile` directive in the unit file. | ||||
|  | ||||
| Systemd can source a file of the form: | ||||
|  | ||||
| ```shell | ||||
| Key="Value" | ||||
| ``` | ||||
|  | ||||
| However, the systemd project does not mandate where this file should be stored. Consult your distribution's documentation for the | ||||
| best location for this file. For example, RedHat based distributions typically place these files in `/etc/sysconfig/` | ||||
|  | ||||
| If you're unsure, just create a file as root in `/etc/` e.g. `/etc/bitwarden.service.conf`. | ||||
|  | ||||
| In your unit file, add an `EnvironmentFile` directive in the `[Service]` block, the value being the full path to the | ||||
| file created above. Example: | ||||
|  | ||||
| ```ini | ||||
| [Unit] | ||||
| Description=Bitwarden | ||||
| After=docker.service | ||||
| Requires=docker.service | ||||
|  | ||||
| [Service] | ||||
| EnvironmentFile=/etc/bitwarden.service.conf | ||||
| TimeoutStartSec=0 | ||||
| -snip- | ||||
| ``` | ||||
|  | ||||
| #### Running the service | ||||
|  | ||||
| After the above installation and configuration is complete, reload systemd using `sudo systemctl daemon-reload`. | ||||
| Then, start the Bitwarden service using `sudo systemctl start bitwarden`. | ||||
|  | ||||
| To have the service start with the system, use `sudo systemctl enable bitwarden`. | ||||
|  | ||||
| Verify that the container has started using `systemctl status bitwarden`. | ||||
|  | ||||
| ## Building your own image | ||||
|  | ||||
| Clone the repository, then from the root of the repository run: | ||||
| @@ -526,7 +621,7 @@ mkdir $DATA_FOLDER/db-backup | ||||
| sqlite3 /$DATA_FOLDER/db.sqlite3 ".backup '/$DATA_FOLDER/db-backup/backup.sqlite3'" | ||||
| ``` | ||||
|  | ||||
| This command can be run via a CRON job everyday, however note that it will overwrite the same `backup.sqlite3` file each time. This backup file should therefore be saved via incremental backup either using a CRON job command that appends a timestamp or from another backup app such as Duplicati. To restore simply overwrite `db.sqlite3` with `backup.sqlite3` (while bitwarden_rs is stopped).  | ||||
| This command can be run via a CRON job everyday, however note that it will overwrite the same `backup.sqlite3` file each time. This backup file should therefore be saved via incremental backup either using a CRON job command that appends a timestamp or from another backup app such as Duplicati. To restore simply overwrite `db.sqlite3` with `backup.sqlite3` (while bitwarden_rs is stopped). | ||||
|  | ||||
| Running the above command requires sqlite3 to be installed on the docker host system. You can achieve the same result with a sqlite3 docker container using the following command. | ||||
| ``` | ||||
| @@ -534,7 +629,7 @@ docker run --rm --volumes-from=bitwarden bruceforce/bw_backup /backup.sh | ||||
| ``` | ||||
|  | ||||
| You can also run a container with integrated cron daemon to automatically backup your database. See https://gitlab.com/1O/bitwarden_rs-backup for examples. | ||||
|   | ||||
|  | ||||
| ### 2. the attachments folder | ||||
|  | ||||
| By default, this is located in `$DATA_FOLDER/attachments` | ||||
|   | ||||
		Reference in New Issue
	
	Block a user