I just installed dietpi on my raspberry pi 4 and I am trying to run vaultwarden.
I installed it using sudo dietpi-software. Now I have no idea what to do to set it up. I can’t find a guide for dietpi, I only can find guides for docker installs but this doesn’t seem to use docker.
have a look to our online docs DietPi Documentation - DietPi.com Docs
There all our tools are described, including dietpi-software
. This will give an idea on how to install optimized software.
according to our docs, just open https://<your.IP>:8001
Cloud and Backup Systems Software Options - DietPi.com Docs
Vaultwarden is completly configured and ready to use once installation finished
correct, we have created a Debian apt package for our users to save time and resource.
thank you so much i had no idea the docs existed for each package. sorry for wasting your time.
so i followed the guide, i am stuck at the part where I have to add the certificates.
I used sudo dietpi-letsencrypt to create a cert. I dont get how to add it to the config file located at ‘/mnt/dietpi_userdata/vaultwarden/vaultwarden.env’
i cant find the pem files created by letsencrypt
how do you plan to access Vaultwarden at the end? Via https://<your.DDNS.com>:8001
?
i found the files at /etc/letsencrypt/something.ddnsaddress.com/… and changed the variable in the .env file but now I cant even access the login page in http mode.
yes i plan to use something.ddns…
I checked the vaultwarden logs, it says
Dec 18 21:34:31 DietPi vaultwarden[479]: [INFO] No .env file found.
Dec 18 21:34:31 DietPi vaultwarden[479]: Error: Rocket.
Dec 18 21:34:31 DietPi vaultwarden[479]: Custom {
Dec 18 21:34:31 DietPi vaultwarden[479]: kind: PermissionDenied,
Dec 18 21:34:31 DietPi vaultwarden[479]: error: “error reading TLS file /etc/letsencrypt/live/my.ddns.com/cert.pem
: Permission denied (os error 13)”,
Dec 18 21:34:31 DietPi vaultwarden[479]: },
should i be using the sudo account to run vaultwarden or something?
anarchy:
Dec 18 21:34:31 DietPi vaultwarden[479]: kind: PermissionDenied,
Dec 18 21:34:31 DietPi vaultwarden[479]: error: “error reading TLS file /etc/letsencrypt/live/my.ddns.com/cert.pem
: Permission denied (os error 13)”,
This is not goanna work. Vaultwarden has no access to these files.
Question is, if you like to access Vaultwarden via port 8001
or without using something like a sub path on your domain. Means without the need to enter port 8001
on your URL
i would like to be able to use the bitwarden client on my phone and the bitwarden apps on the computer to access my raspberry pi. So i think it has to work without the 8001 right?
in this case you should think of using a revers proxy. This would simplify the usage of SSL certificates as well. Typically, a web server like Nginx or Apache would do.
So can i install frp or nginx using the dietpi-software installer?
Is there a guide for dietpi on how to set these up for vaultwarden?
Use Nginx via our installer. I would recommend using dietpi-letsencrypt
to setup SSL on Nginx next. Once done you could configure the proxy for Vaultwarden
We don’t have a direct guide. Just have a look to proxy example on Vaultwarden GitHub Proxy examples · dani-garcia/vaultwarden Wiki · GitHub You could use them as starting point.
should i be modifying the file located at /etc/nginx/nginx.conf ?
No, don’t touch the main configuration file. Better to create an own configuration at /etc/nginx/sites-dietpi/*.conf;
I tried this in the directory you recommended, it still doesn’t work. Did i miss anything out?
server {
listen 443 ssl http2;
server_name myddnsname.ddnsprovider.com;
ssl_certificate /etc/letsencrypt/live/myddnsname.ddnsprovider.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/myddnsname.ddnsprovider.com/privkey.pem;
# Specify SSL config if using a shared one.
#include conf.d/ssl/ssl.conf;
# Allow large attachments
client_max_body_size 128M;
location / {
proxy_pass http://127.0.0.1:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /notifications/hub {
proxy_pass http://127.0.0.1:3012;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /notifications/hub/negotiate {
proxy_pass http://127.0.0.1:80;
}
}
also my vaultwarden is only listening to port 8001, not sure what i did wrong there,
dietpi@DietPi:~$ ss -tulpn | grep LISTEN
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
tcp LISTEN 0 1024 0.0.0.0:8001 0.0.0.0:*
tcp LISTEN 0 128 [::]:22 [::]:*
the whole server
block is not needed. should be fine to use location
section only. As well you need to disable HTTPS on vaultwarden, to allow HTTP connection. We did something similar for lighttpd
Confused Reverse proxy and vaultwarden - #45 by IIMustangII1151 and Confused Reverse proxy and vaultwarden - #21 by Joulinar
nano /mnt/dietpi_userdata/vaultwarden/vaultwarden.env
change the following things
IP_HEADER=X-Forwarded-For
WEBSOCKET_ENABLED=true
WEBSOCKET_ADDRESS=0.0.0.0
WEBSOCKET_PORT=3012
DOMAIN=> [https://domain.com](https://domain.com/)
#ROCKET_TLS={certs="./cert.pem",key="./privkey.pem"}
the domain line must look exactly like this?
I did DOMAIN=https://myadd.ddnsprovider.com
,
now the vaultwarden log shows,
Dec 18 22:49:02 DietPi vaultwarden[485]: [2022-12-18 22:49:02.312][vaultwarden::api::notifications][INFO] Starting WebSockets server on 0.0.0.0:3012
Dec 18 22:49:02 DietPi vaultwarden[485]: [2022-12-18 22:49:02.325][start][INFO] Rocket has launched from http://0.0.0.0:8001
Dec 18 22:50:04 DietPi vaultwarden[485]: [2022-12-18 22:50:04.940][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.1.99:59194
Dec 18 22:50:04 DietPi vaultwarden[485]: [2022-12-18 22:50:04.942][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.1.99:59195
Dec 18 22:50:04 DietPi vaultwarden[485]: [2022-12-18 22:50:04.953][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.1.99:59196
Dec 18 22:50:04 DietPi vaultwarden[485]: [2022-12-18 22:50:04.955][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.1.99:59197
Dec 18 22:50:04 DietPi vaultwarden[485]: [2022-12-18 22:50:04.956][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.1.99:59198
Dec 18 22:50:04 DietPi vaultwarden[485]: [2022-12-18 22:50:04.958][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.1.99:59200
Dec 18 22:50:05 DietPi vaultwarden[485]: [2022-12-18 22:50:05.983][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.1.99:59204
Dec 18 22:50:05 DietPi vaultwarden[485]: [2022-12-18 22:50:05.985][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.1.99:59205
Dec 18 22:50:06 DietPi vaultwarden[485]: [2022-12-18 22:50:06.098][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.1.99:59206
Dec 18 22:50:06 DietPi vaultwarden[485]: [2022-12-18 22:50:06.100][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.1.99:59207
Dec 18 22:50:06 DietPi vaultwarden[485]: [2022-12-18 22:50:06.120][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.1.99:59208
Dec 18 22:50:06 DietPi vaultwarden[485]: [2022-12-18 22:50:06.120][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.1.99:59209
Dec 18 22:50:06 DietPi vaultwarden[485]: [2022-12-18 22:50:06.122][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.1.99:59211
Dec 18 22:50:06 DietPi vaultwarden[485]: [2022-12-18 22:50:06.123][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.1.99:59212
Dec 18 22:50:06 DietPi vaultwarden[485]: [2022-12-18 22:50:06.913][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.1.99:59214
Dec 18 22:50:06 DietPi vaultwarden[485]: [2022-12-18 22:50:06.915][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.1.99:59215
Dec 18 22:50:06 DietPi vaultwarden[485]: [2022-12-18 22:50:06.921][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.1.99:59216
Dec 18 22:50:06 DietPi vaultwarden[485]: [2022-12-18 22:50:06.923][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.1.99:59217
Dec 18 22:50:06 DietPi vaultwarden[485]: [2022-12-18 22:50:06.923][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.1.99:59218
Dec 18 22:50:06 DietPi vaultwarden[485]: [2022-12-18 22:50:06.925][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.1.99:59220
Dec 18 22:50:11 DietPi vaultwarden[485]: [2022-12-18 22:50:11.945][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.1.99:59228
Dec 18 22:50:11 DietPi vaultwarden[485]: [2022-12-18 22:50:11.947][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.1.99:59229
Dec 18 22:50:11 DietPi vaultwarden[485]: [2022-12-18 22:50:11.955][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.1.99:59230
Dec 18 22:50:11 DietPi vaultwarden[485]: [2022-12-18 22:50:11.956][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.1.99:59231
Dec 18 22:50:11 DietPi vaultwarden[485]: [2022-12-18 22:50:11.957][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.1.99:59233
Dec 18 22:50:11 DietPi vaultwarden[485]: [2022-12-18 22:50:11.958][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.1.99:59234
Played with it. At least I don’t have these entries on my log. But it’s information only about connection from local IP 192.168.1.99
that should be fine. Are you able to access Vaultwarden locally using http://you.ip.address:8001
now??
My Nginx setup as follow
nano /etc/nginx/sites-dietpi/vaultwarden.conf
added following
location / {
proxy_http_version 1.1;
proxy_set_header "Connection" "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://you.ip.address:8001;
}
location /notifications/hub/negotiate {
proxy_http_version 1.1;
proxy_set_header "Connection" "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://you.ip.address:8001;
}
location /notifications/hub {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Forwarded $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://you.ip.address:3012;
}
next, remove root locating
from default
config file to avoid duplicate location /
nano /etc/nginx/sites-available/default
mark lines for location /
using #
# location / {
# try_files $uri $uri/ =404;
# }
Restart Nginx and you should be done
systemctl restart nginx.service
I have done all the steps, I can access it locally but the site pops up as untrusted. I need to forward the port so I can use it on the bitwarden app, I am guessing external is 8080 and internal is 8001 right?