Editing Introduction to a Self Managed Life: a 13 hour & 28 minute presentation by FUTO software (section)

= '''Self-Hosted Bitwarden Password manager:''' =

<span id="this-is-a-bad-idea."></span>
== This is a bad idea. ==

We are going to set this up on our mailcow virtual machine at 192.168.5.3.

This is a bad idea. You shouldn’t do this. Not only are you starting off as a beginner self-managing something that literally is the key to every aspect of your life, but you aren’t even saving money. Simple basics like the <code>haveibeenpwned</code> integration to check for leaked passwords will cost you more to do yourself when self-hosting than it would if you just paid Bitwarden.

A big reason we’re doing this is freedom; we want freedom from crappy companies. Bitwarden isn’t a bad company. They treat users well, and they give you the freedom to self-host your own instance with software they’ve open-sourced. If anything, these are the types of companies that have done more to earn the public’s trust than the rest.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_8197e237.png
File:lu67917r1ezu_tmp_8ad58b71.png
File:lu67917r1ezu_tmp_251d8ba7.png
</gallery>

<span id="step-1-configure-dns-resolution-in-pfsense"></span>
== Step 1: '''Configure DNS Resolution in pfSense''' ==

Before installing Bitwarden, we should configure DNS resolution since our server (192.168.5.3) already resolves to <code>mailserver.home.arpa</code>.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_6b44e385.png
File:lu67917r1ezu_tmp_b1a9776a.png
File:lu67917r1ezu_tmp_32ced0e0.png
</gallery> '''Add Additional DNS Entry'''

# Log into your pfSense dashboard.
# Navigate to '''Services''' &gt; '''DNS Resolver'''.
# Scroll down to '''Host Overrides'''.
# Click the plus ('''+''') button to add a new entry.
# Fill in the following:
#* '''Host''': <code>bitwarden</code>
#* '''Domain''': <code>home.arpa</code>
#* '''IP Address''': <code>192.168.5.3</code>
#* '''Description''': Bitwarden Password Manager
# For '''Additional Names for this Host''':
#* '''Host name''' should be <code>mailserver</code> since 192.168.5.3 is also our mailserver and already has a static mapping as a mailserver.
#* '''Domain''' should be <code>home.arpa</code> (or whatever you set as your domain in '''System —&gt; General Settings''').
#* '''Description''' can be anything you want.
# Click '''Save'''.
# Click '''Apply Changes'''.

'''Note''': This server will now respond to both <code>mailserver.home.arpa</code> and <code>bitwarden.home.arpa</code>.

'''Step 2 below is only necessary if you did NOT follow these while you were setting up this virtual machine for <code>mailcow</code> mailserver. Skip ahead to Step 3 if you already did this when setting up <code>mailcow</code>.'''

<span id="step-2-prepare-system-for-bitwarden-installation"></span>
== Step 2: Prepare system for Bitwarden installation: ==

<span id="ssh-into-the-mailserver-computer"></span>
==== 2.0 SSH into the mailserver computer ====

<pre>ssh louis@192.168.5.3</pre>
OR

<pre>ssh louis@bitwarden.home.arpa</pre>
<span id="update-and-upgrade-your-system-2"></span>
==== 2.1 Update and upgrade your system ====

<pre>sudo apt update &amp;&amp; sudo apt upgrade -y
sudo apt install curl git wget apt-transport-https ca-certificates software-properties-common -y</pre>
<span id="verify-docker-installation"></span>
==== 2.2 Verify Docker installation: ====

<span id="if-you-elected-to-install-mailcow-already-this-part-is-already-done-you-can-skip-to-step-3"></span>
===== IF YOU ELECTED TO INSTALL MAILCOW ALREADY, THIS PART IS ALREADY DONE &amp; YOU CAN SKIP TO STEP 3! =====

**If you installed mailcow &amp; followed the instructions for it, you already installed docker properly on this virtual machine, and have no need to do this again. Skip to step 3 if that is the case.

Run <code>docker --version</code> and make sure the version is 24.0.0 or later. If not, remove the old version:

<pre>sudo apt remove docker docker-engine docker.io containerd runc</pre>
<span id="install-docker-using-official-docker-script-2"></span>
==== 2.3 Install Docker using official Docker script: ====

<pre>curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh</pre>
<blockquote>'''Note:''' It’s very important to use the official Docker installation and not the Snap version. The Snap version can cause issues due to its sandboxed nature, making it a mess for <code>mailcow</code>’s requirements. It is bad for our purposes, don’t use it.
</blockquote>
<span id="install-docker-compose-prerequisites"></span>
==== 2.4 Install Docker Compose &amp; prerequisites: ====

<pre>sudo apt install docker-compose-plugin -y
sudo systemctl enable --now docker</pre>
<span id="make-sure-it-worked"></span>
==== 2.5 Make sure it worked ====

Run <code>docker compose version</code> and make sure the version is 2.0 or higher.

<span id="step-3-configure-bitwarden-environment"></span>
== Step 3: Configure Bitwarden Environment ==

''[https://bitwarden.com/help/install-on-premise-linux/#install-docker-and-docker-compose Bitwarden’s installation instructions]'' are the opposite of Onlyoffice’s. They actually work, and their documentation is amazing. You can find them ''[https://bitwarden.com/help/install-on-premise-linux/#install-docker-and-docker-compose here]''.

<span id="create-bitwarden-user-and-set-permissions"></span>
==== 3.1 Create Bitwarden user and set permissions ====

<pre>sudo adduser bitwarden
sudo usermod -aG docker bitwarden</pre>
Use the following command to log in as the new user, <code>bitwarden</code>:

<pre>sudo login</pre>
Enter credentials for the <code>bitwarden</code> user to log in.

<span id="create-and-configure-bitwarden-directory"></span>
==== 3.2: Create and Configure Bitwarden Directory ====

<pre>sudo mkdir /opt/bitwarden
sudo chmod -R 700 /opt/bitwarden
sudo chown -R bitwarden:bitwarden /opt/bitwarden</pre>
<span id="enable-docker-service"></span>
==== 3.3: Enable Docker Service ====

<pre>sudo systemctl start docker
sudo systemctl enable docker</pre>
<span id="download-and-prepare-installation-script"></span>
==== 3.4: Download and Prepare Installation Script ====

<pre>cd /opt/bitwarden
curl -Lso bitwarden.sh &quot;https://func.bitwarden.com/api/dl/?app=self-host&amp;platform=linux&quot;
chmod +x bitwarden.sh</pre>
<span id="run-the-installation-script"></span>
==== 3.5: Run the Installation Script ====

<pre>./bitwarden.sh install</pre>
<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:image-20241107020120196.png
</gallery>

</div>
<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:image-20241107020217334.png
</gallery>

</div>
<span id="installation-configuration-notes"></span>
==== 3.6 Installation Configuration Notes ====

During installation, you’ll need to provide:

* '''Domain Name''': Use <code>bitwarden.home.arpa</code>
* '''SSL Certificate''': Choose ‘n’ for Let’s Encrypt if using a self-signed certificate
** Bitwarden auto-generates a self-signed certificate for you. Isn’t Bitwarden nice?
* '''Installation Credentials''': Get these from [https://bitwarden.com/host/ bitwarden.com/host]

'''Important''': Your installation ID and key will look similar to:

<pre>462b197d-14f0-410e-a2c6-b21200fd09f2
Pcf8vNk5udgT3dI9OWJj</pre>
<span id="port-configuration"></span>
==== 3.7 Port Configuration ====

If running multiple services (like mailcow), you’ll need to modify the ports in <code>/opt/bitwarden/bwdata/config.yml</code>:

<pre>http_port: 81    # Changed from 80
https_port: 444  # Changed from 443</pre>
<span id="step-4-configure-bitwarden-settings"></span>
== Step 4: Configure Bitwarden Settings ==

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_923a1598.png
File:lu67917r1ezu_tmp_f60bd933.png
File:lu67917r1ezu_tmp_4581e09b.png
</gallery>

<span id="set-up-domain-and-email-settings"></span>
==== 4.1: Set Up Domain and Email Settings ====

Edit the environment file:

<pre>nano /opt/bitwarden/bwdata/env/global.override.env</pre>
Add the following configurations. Use the credentials from your Postmark SMTP relay account to fill in the username, password, <code>globalSettings__mail__smtp__port</code>, and <code>globalSettings__mail__smtp__host</code> below. Feel free to adjust them based on your email and who you are using for SMTP relay. '''This assumes that you set up Postmark as an SMTP relay in the mailcow/mailserver section of this guide! If you did not, you will have to find another SMTP relay service'''; Gmail offers one. This is needed so that your Bitwarden instance can send emails to you without them going straight to spam.

<pre>globalSettings__domain__baseUrl=https://bitwarden.home.arpa
globalSettings__mail__smtp__host=smtp.postmarkapp.com
globalSettings__mail__smtp__port=587
globalSettings__mail__smtp__ssl=false
globalSettings__mail__smtp__username=&lt;your_email_username&gt;
globalSettings__mail__smtp__password=&lt;your_email_password&gt;
globalSettings__mail__smtp__from=putfromemailhere@youremail.com
adminSettings__admins=putanadminemailhere@youremail.com</pre>
<span id="apply-changes-and-start-service"></span>
==== 4.2 Apply changes and start service ====

<pre>./bitwarden.sh rebuild
./bitwarden.sh start</pre>
<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_99b3c521.png
File:lu67917r1ezu_tmp_9005c753.png
File:lu67917r1ezu_tmp_7df1fc57.png
File:lu67917r1ezu_tmp_4832b6bd.png
File:lu67917r1ezu_tmp_8d7c905.png
File:lu67917r1ezu_tmp_e7d3966a.png
File:lu67917r1ezu_tmp_bc67ac1b.png
File:lu67917r1ezu_tmp_a557cbd9.png
File:lu67917r1ezu_tmp_bda10420.png
File:lu67917r1ezu_tmp_d6aa6557.png
File:lu67917r1ezu_tmp_eb377cee.png
File:lu67917r1ezu_tmp_6543bc05.png
File:lu67917r1ezu_tmp_cb1afd48.png
File:lu67917r1ezu_tmp_235ea9d2.png
File:lu67917r1ezu_tmp_323c7ce.png
</gallery>

<span id="step-5-browser-extension-setup"></span>
== Step 5: Browser Extension Setup ==

# '''Make sure VPN Connection''': Connect to your home server VPN
# '''Install Extension''':
#* [https://chrome.google.com/webstore/detail/bitwarden-free-password-ma/nngceckbapebfimnlniiiahkandclblb Chrome Web Store]
#* Firefox: [https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/ Firefox Add-ons]

<blockquote>'''Critical Step''': When logging in, change the server URL from bitwarden.com to your self-hosted instance (e.g., <code>https://bitwarden.home.arpa:444</code>) '''DON’T FORGET THE ALTERNATIVE PORT AT THE END IF YOU CHOSE AN ALTERNATIVE PORT!'''
</blockquote>
<span id="optional-pin-extension"></span>
==== Optional: Pin Extension ====

* For Chrome/Brave: Right-click the Bitwarden icon and select “Pin”

<span id="setting-up-zfs-for-data-storage"></span>