CodePre.com

Free Online Tutorials
Home Linux Installing Vaultwarden (Bitwarden_RS) and non-docker PostgreSQL on Centos 8 / Rocky Linux

Installing Vaultwarden (Bitwarden_RS) and non-docker PostgreSQL on Centos 8 / Rocky Linux

Vaultwarden (Bitwarden_RS) is an open source password manager. A lightweight fork of the well-known Bitwarden, written in Rust. SQLite, MariaDB, PostgreSQL are used as a database

Preparation

Let’s update the OS, install the necessary packages 

                      
                        $ sudo dnf -y install epel-release
$ sudo dnf -y update
$ sudo dnf -y install tar nano wget gcc cmake openssl-devel sqlite-devel postgresql-devel mariadb-devel

Add a user on whose behalf the Vaultwarden service will run 

                      
                        $ sudo useradd -m -U -r -d /opt/vaultwarden vaultwarden
$ sudo chmod 750 /opt/vaultwarden

Installing Rust

Switch to the created user 

                      
                        $ sudo su - vaultwarden

Install Rust, according to the official manual 

                      
                        $ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
1) Proceed with installation (default)

Setting up the shell 

                      
                        $ source ~/.profile
$ source ~/.cargo/env

Checking 

                      
                        $ rustc -V
rustc 1.55.0 (c8dfcfe04 2021-09-06)

Switch back to sudo-user 

                      
                        $ exit

Installing Node JS

Create a directory for node and install node there 

                      
                        $ sudo mkdir /opt/node
$ cd /opt/node
$ sudo wget https://nodejs.org/dist/latest-v16.x/node-v16.11.1-linux-x64.tar.xz
$ sudo tar xJvf node-v16.11.1-linux-x64.tar.xz
$ sudo ln -s /opt/node/node-v16.11.1-linux-x64 /opt/node/current
$ for f in $(ls -1 /opt/node/current/bin/); do sudo ln -s "/opt/node/current/bin/${f}" /usr/sbin/; done

Installing Vaultwarden (Bitwarden_RS)

Switch to the created user and install the service 

                      
                        $ sudo su - vaultwarden
$ wget https://github.com/dani-garcia/vaultwarden/archive/refs/tags/1.22.2.tar.gz
$ tar xzvf 1.22.2.tar.gz
$ cd vaultwarden-1.22.2
$ cargo build --features postgresql --release

Installing the web interface 

                      
                        $ cd target/release
$ wget https://github.com/dani-garcia/bw_web_builds/releases/download/v2.23.0/bw_web_v2.23.0.tar.gz
$ tar xzvf bw_web_v2.23.0.tar.gz

Create a data directory, which we will later specify in the settings 

                      
                        $ cd
$ mkdir data

Let’s create a config file for Vaultwarden 

                      
                        $ nano /opt/vaultwarden/vaultwarden-1.22.2/target/release/.env

DATA_FOLDER=/opt/vaultwarden/data
DATABASE_URL='postgresql://pguser:[email protected]:5432/vaultwarden_db'
DATABASE_MAX_CONNS=10

# openssl rand -base64 48
ADMIN_TOKEN='Q8rKXS3l6jmUYrcJGlwueZhiiIZWteGMVZe7Db/qFe0nQ68C5P5H4Bdi/1AMv4xU'
DOMAIN='https://vault.itdraft.ru'
#LOG_FILE=/var/log/vaultwarden.log
USE_SYSLOG=true
LOG_LEVEL=info
ENABLE_DB_WAL=true
DB_CONNECTION_RETRIES=15
DISABLE_ICON_DOWNLOAD=true
ICON_DOWNLOAD_TIMEOUT=10
ICON_BLACKLIST_REGEX='^(192.168.0.[0-9]+|192.168.1.[0-9]+)$'
#SIGNUPS_ALLOWED=false
#SIGNUPS_VERIFY=false
#SMTP_HOST=
#SMTP_FROM=
#SMTP_FROM_NAME=
#SMTP_PORT=587
#SMTP_SSL=true
#SMTP_USERNAME=
#SMTP_PASSWORD=
#SMTP_TIMEOUT=
ROCKET_ADDRESS=127.0.0.1
ROCKET_PORT=4756
WEBSOCKET_ENABLED=true
WEBSOCKET_PORT=3658
ORG_CREATION_USERS=admin
TRASH_AUTO_DELETE_DAYS=7

All parameters of the configuration file are described in the template, from the downloaded archive

Switch to sudo-user 

                      
                        $ exit

Installing PostgreSQL

Disable postgresql from the system repository 

                      
                        $ sudo dnf -qy module disable postgresql
$ sudo dnf module list postgresql

Install PostgreSQL from the Postgres repository 

                      
                        $ sudo dnf -y install https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
$ sudo dnf -y install postgresql13 postgresql13-server

We initiate the base, start the service 

                      
                        $ sudo /usr/pgsql-13/bin/postgresql-13-setup initdb
$ sudo systemctl enable --now postgresql-13
$ systemctl status postgresql-13

Create a database user and base, as in the configuration file 

                      
                        $ sudo su - postgres
$ psql
=# CREATE DATABASE vaultwarden_db;
=# c vaultwarden_db;
=# CREATE ROLE "pguser" WITH LOGIN PASSWORD 'pgpass';
=# GRANT ALL PRIVILEGES ON DATABASE "vaultwarden_db" TO "pguser";
=# GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "pguser";
=# q
$ exit

Systemd Unit

Create Systemd Unit 

                      
                        $ sudo nano /etc/systemd/system/vaultwarden.service

[Unit]
Description=Bitwarden Server (Rust Edition)
Documentation=https://github.com/dani-garcia/vaultwarden/
# If you use a database like mariadb,mysql or postgresql, 
# you have to add them like the following and uncomment them 
# by removing the `# ` before it. This makes sure that your 
# database server is started before bitwarden_rs ("After") and has 
# started successfully before starting bitwarden_rs ("Requires").

# Only sqlite
#After=network.target

# PostgreSQL
After=network.target mariadb.service
Requires=postgresql-13.service

# Mysql
# After=network.target mysqld.service
# Requires=mysqld.service

# PostgreSQL
# After=network.target postgresql.service
# Requires=postgresql.service

[Service]
# The user/group bitwarden_rs is run under. the working directory (see below) should allow write and read access to this user/group
User=vaultwarden
Group=vaultwarden
# The location of the .env file for configuration
EnvironmentFile=/opt/vaultwarden/vaultwarden-1.22.2/target/release/.env
# The location of the compiled binary
ExecStart=/opt/vaultwarden/vaultwarden-1.22.2/target/release/vaultwarden
# Set reasonable connection and process limits
LimitNOFILE=1048576
LimitNPROC=64
# Isolate bitwarden_rs from the rest of the system
PrivateTmp=true
PrivateDevices=true
##ProtectHome=true
ProtectSystem=strict
# Only allow writes to the following directory and set it to the working directory (user and password data are stored here)
WorkingDirectory=/opt/vaultwarden/vaultwarden-1.22.2/target/release/
ReadWriteDirectories=/opt/vaultwarden/vaultwarden-1.22.2/target/release/
# Allow bitwarden_rs to bind ports in the range of 0-1024
#AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

We start the service, check 

                      
                        $ sudo systemctl daemon-reload
$ sudo systemctl enable vaultwarden --now
$ sudo systemctl status vaultwarden

Installing and configuring Nginx

Add the repository 

                      
                        $ sudo nano /etc/yum.repos.d/nginx.repo

[nginx-stable]
name=nginx stable repo
baseurl=https://nginx.org/packages/
                        
                          centos
                        
                        /$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=https://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

Install Nginx, disable the default config 

                      
                        $ sudo dnf -y install nginx
$ sudo mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf_disabled

Create config for vaultwarden 

                      
                        $ sudo nano /etc/nginx/conf.d/vaultwarden.conf
server {
    listen 80;

    server_name vault.itdraft.ru;
    return 301 https://vault.itdraft.ru$request_uri;
}

server {
  listen 443 ssl http2;
  server_name vault.itdraft.ru;

  ssl_certificate            /etc/nginx/ssl/vault.crt;
  ssl_certificate_key        /etc/nginx/ssl/vault.key;

  error_log /var/log/nginx/vaultwarden_error.log;
  access_log /var/log/nginx/vaultwarden_access.log;

  # Allow large attachments
  client_max_body_size 128M;

  location / {
    proxy_pass https://127.0.0.1:4756;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }

  location /notifications/hub {
    proxy_pass https://127.0.0.1:3658;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }

  location /notifications/hub/negotiate {
    proxy_pass https://127.0.0.1:4756;
  }

  # Optionally add extra authentication besides the AUTH_TOKEN
  # If you don't want this, leave this part out
  location /admin {
    # See: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
#    auth_basic "Private";
#    auth_basic_user_file /etc/nginx/passwd/bwAdmin;

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_pass https://127.0.0.1:4756;
  }
}

Checking the config, launching Nginx 

                      
                        $ sudo nginx -t
$ sudo systemctl enable --now nginx

Configuring Firewall, Disabling SELinux

Opening web ports 

                      
                        $ sudo firewall-cmd --permanent --add-service=http
$ sudo firewall-cmd --permanent --add-service=https
$ sudo firewall-cmd --reload

Disable SELinux 

                      
                        $ sudo nano /etc/sysconfig/selinux
SELINUX=disabled

$ sudo setenforce 0

Installation is complete. Go to the desired URL in the browser, create a user, export passwords

Related Posts

Instale Discourse en Rocky Linux 9

Cómo instalar Discourse en Rocky Linux 9

En este tutorial, le mostraremos cómo instalar Discourse en Rocky Linux 9. Para aquellos de ustedes que no lo sabían,…

Primeros pasos con MongoDB usando Rust

Introducción MongoDB es una base de datos NoSQL que almacena datos en documentos formados por pares de campo-valor. Estos se…

Cómo interconectar VPC entre ubicaciones de Vultr con Wireguard

Esto es una vista previa. Vea la solución completa en GitHub.com. Introducción Una nube privada virtual (VPC) es una red…
Lector de libros electrónicos crqt-ng

Aplicación de lector de libros electrónicos crqt-ng

crqt-ng es una aplicación de lectura de libros electrónicos gratuita y de código abierto para Linux, Windows y MacOS. Actualmente…
PyGlosario

PyGlossary Diccionario Glosario Convertidor de archivos

PyGlossary es un convertidor de archivos de diccionario gratuito y de código abierto para Linux, Windows y MacOS. Está escrito…
Instale Zeek Network Security Monitor en Ubuntu 22.04 LTS Jammy Jellyfish

Cómo instalar Zeek Network Security Monitor en Ubuntu 22.04 LTS

En este tutorial, le mostraremos cómo instalar Zeek Network Security Monitor en Ubuntu 22.04 LTS. Para aquellos de ustedes que…

Descifre automáticamente su disco usando TPM2

Este artículo demuestra cómo configurar clevis y systemd-cryptenroll usando un chip Trusted Platform Module 2 para descifrar automáticamente sus particiones…
Comente todas las opciones para deshabilitar la suspensión de la computadora portátil al cerrar la tapa

Deshabilite la suspensión y la hibernación en el escritorio de Linux

Cuando básicamente suspende o hiberna su escritorio Linux, todas las aplicaciones y archivos abiertos se guardan en la memoria (ya…
Elija Preferencias en la pestaña Configuración

Descargue, instale y configure NotepadQQ en Linux

Si son fanáticos de Notepad ++ en Windows, entonces en este artículo, veamos la alternativa de Linux: NotepadQQ. NotepadQQ es…
Idea inteligente

Cómo instalar Kotlin en Linux

Kotlin es un lenguaje de programación de alto nivel, multiplataforma y tipado estáticamente que ha ganado popularidad en los últimos…