I am currently trying to install bitwarden using docker (first time that I use this...).
I followed docker documentation to install docker and docker-compose:
# install docker
apt autoremove --purge docker docker.io docker-engine
sudo apt-get install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo apt-key fingerprint 0EBFCD88
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt update
sudo apt install docker-ce
docker run hello-world # everything went fine
# install docker-compose
curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
docker-compose --version
The output of the last command:
/bin/sh: /tmp/_MEISq4kjS/libtinfo.so.5: no version information available (required by /bin/sh)
docker-compose version 1.21.2, build a133471
I have decided that the error about the libtinfo.so.5 was not important so I have executed ./bitwarden install after downloading it.
Here is the output:
_ _ _ _
| |__ (_) |___ ____ _ _ __ __| | ___ _ __
| '_ \| | __\ \ /\ / / _` | '__/ _` |/ _ \ '_ \
| |_) | | |_ \ V V / (_| | | | (_| | __/ | | |
|_.__/|_|\__| \_/\_/ \__,_|_| \__,_|\___|_| |_|
Open source password management solutions
Copyright 2015-2018, 8bit Solutions LLC
https://bitwarden.com, https://github.com/bitwarden
===================================================
Docker version 18.03.1-ce, build 9ee9f40
/bin/sh: /tmp/_MEIj2jZwt/libtinfo.so.5: no version information available (required by /bin/sh)
docker-compose version 1.21.2, build a133471
(!) Enter the domain name for your bitwarden instance (ex. bitwarden.company.com): bitwarden.mydomain.com
(!) Do you want to use Let's Encrypt to generate a free SSL certificate? (y/n): y
(!) Enter your email address (Let's Encrypt will send you certificate expiration reminders): [email protected]
Using default tag: latest
latest: Pulling from certbot/certbot
ff3a5c916c92: Pull complete
b99d27bed84a: Pull complete
b73c0ee0dd30: Pull complete
195dd36cca8c: Pull complete
ba5a91dbafd5: Pull complete
4b7108fa2ab8: Pull complete
69d2038e8ebb: Pull complete
1edc9a9148d7: Pull complete
df940f278f55: Pull complete
920b8dda5dce: Pull complete
Digest: sha256:1e418e7e16604cf80ce36190a6a746e52e3fa30f7d73bd4ece831bb0356d14f7
Status: Downloaded newer image for certbot/certbot:latest
docker: Error response from daemon: driver failed programming external connectivity on endpoint certbot (1cb65885677c35c8914738db64118ff37700cdd59e02821ae0d95700106c7c9a): Error starting userland proxy: listen tcp 0.0.0.0:80: listen: address already in use.
On my server I have apache2.4 installed with PHP 7.2 installed with several virtual hosts and subdomains. So the port 80 is in use. Did I do something wrong, or is it a bug?
You will need to manage your LE cert manually if you already have something running on 80/443.
I don't mind managing my certificates manually, I use Let's Encrypt for my subdomains. But the thing is, it is very usual to install Bitwarden on a server that already has http server installed. I thing the installation script should propose an alternative or something.
Here by following the documentation and not being used to docker. I just don't know what to do, because Bitwarden is not installed... I can't go to the next step. I just don't know what to do.
Just select the "No" option for let's encrypt and use the prompts for the "Bring your own cert" options. This option is covered in our install docs.
https://github.com/bitwarden/core/blob/5eff4c6a407a49bd2736124a84d05c59d184d135/scripts/run.ps1#L37-L38
results in $email beeing [email protected] expriration reminders) so the cert request will fail. I don't know why this is (as I am not a pro in this language) But I tested it by removing expiration reminders) from the string and it worked directly.
You can use any own webserver and bitwarden as dockerized on the same server at the same time.
Just stop the webserver for the time you're starting bitwarden and then restart your webserver.
Then proxy the requests through your own webserver with the certificate that bitwarden/certbot has generated/ created for you. :) Done.
But: it would be cool if bitwarden.sh would say something like that:
"Port 80 is already binded, cant proceed, stop your webserver and try again" or something. :)
Sorry, but this is not practical. Almost all day I'm trying to figure out how to get this to work whit My already setup home server whit home pages and Certbot setup that is generating certificates for My pages and mail. If I run ssl manual mode I cant get to run docker whit My existing certbot folder. I cant move those files around, rename etc. If I link .pem files generated manualy in certbot it is not working. How can I get this to work?
What is not mentioned here, is that after you stop the pre-existing web server and complete the Bitwarden installation, THEN you can modify the ports it will listen on in ./bwdata/config.yml, rebuild the container, and then it will no longer conflict. If you can get past the port-less redirect issues that will follow, and don't have the invalid db credential issue, you should be golden at that point.
If you initially selected yes to the LE option, you also need to remove bwdata/letsencrypt. Otherwise the run script will try to run certbot on restarts, and you will get a bind error.
@tangiel _Thank you!_ I was trying to switch from Bitwarden certs to my own certs and I couldn't figure out why it kept trying to run Certbot. :)
Most helpful comment
If you initially selected yes to the LE option, you also need to remove
bwdata/letsencrypt. Otherwise the run script will try to run certbot on restarts, and you will get a bind error.