Bitwarden_rs updating config file

Having issues with your DietPi installation or found a bug? Post it here.
jetspeed
Posts: 6
Joined: Thu Feb 18, 2021 10:02 am

Bitwarden_rs updating config file

Post by jetspeed »

Hi guys,

I've installed Bitwarden_rs using dietpi-software and it all seems to be working.

I want to do some hardening, like disabling new user registrations and invitations.

So I followed the dietpi guide which indicates the config file is located at /mnt/dietpi_userdata/bitwarden_rs/bitwarden_rs.env

So I uncommented/edited the file with

SIGNUPS_ALLOWED=false
INVITATIONS_ALLOWED=false

I restarted my RPi, but it still seems to show the Create Account button?

Am I doing it right?
User avatar
Joulinar
Posts: 3688
Joined: Sat Nov 16, 2019 12:49 am

Re: Bitwarden_rs updating config file

Post by Joulinar »

Hi,

did you actually tried to complete the registration of a new user? There are some messages on Bitwarden Github about the register button still being available but final registration should not work
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
jetspeed
Posts: 6
Joined: Thu Feb 18, 2021 10:02 am

Re: Bitwarden_rs updating config file

Post by jetspeed »

Joulinar wrote: Thu Feb 18, 2021 9:58 pm Hi,

did you actually tried to complete the registration of a new user? There are some messages on Bitwarden Github about the register button still being available but final registration should not work
Ah, you are indeed correct. I incorrectly assumed the disabling registrations in the config would also logically disable the button.

I'm now trying to figure out how add the root certificate in iOS. I transferred cert.pem to the device and installed the profile, but the BitWarden iOS app doesn't seem to like it. It reports an invalid certificate.

Or do I need to do something like this: https://github.com/dani-garcia/bitwarde ... rypt-certs

If you can point me in the right direction, I can do some more research on it.
User avatar
Joulinar
Posts: 3688
Joined: Sat Nov 16, 2019 12:49 am

Re: Bitwarden_rs updating config file

Post by Joulinar »

yes this is an issue that will be corrected for new installations on upcoming release 7.0.

On current installations the self signed certificate we create will not be accepted by iOS. Therefore you would need to recreate the entire certificate

Removing the old certificate and following should work

Code: Select all

openssl req -reqexts SAN -subj '/CN=DietPi Bitwarden_RS' -config <(cat /etc/ssl/openssl.cnf <(echo -ne "[SAN]\nsubjectAltName=DNS:$(</etc/hostname),IP:$(mawk 'NR==4' /run/dietpi/.network)\nbasicConstraints=CA:TRUE,pathlen:0"))\
 -x509 -days 7200 -sha256 -extensions SAN -out /mnt/dietpi_userdata/bitwarden_rs/cert.pem\
 -newkey rsa:4096 -nodes -keyout /mnt/dietpi_userdata/bitwarden_rs/privkey.pem
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
jetspeed
Posts: 6
Joined: Thu Feb 18, 2021 10:02 am

Re: Bitwarden_rs updating config file

Post by jetspeed »

Many thanks for the confirmation.

I tried running the command above, but got:
req: Use -help for summary.
User avatar
Joulinar
Posts: 3688
Joined: Sat Nov 16, 2019 12:49 am

Re: Bitwarden_rs updating config file

Post by Joulinar »

ah sorry, there are some spaces lost while copying the code. I corrected the statement above. There is a leading space on line 2 and 3.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
jetspeed
Posts: 6
Joined: Thu Feb 18, 2021 10:02 am

Re: Bitwarden_rs updating config file

Post by jetspeed »

Many thanks for your help, I was able to install the certificate.

Unfortunately, I still get the same invalid certificate error when trying to login using the Bitwarden app.

I'm using the IP address of dietpi for the self hosted URL, i.e. https://192.168.1.100:8001

Is this correct?
User avatar
Joulinar
Posts: 3688
Joined: Sat Nov 16, 2019 12:49 am

Re: Bitwarden_rs updating config file

Post by Joulinar »

you need to install the certificate on iOS before. So download the certificate and store it on your mobile device.

One our online docs we describe how to download: https://dietpi.com/docs/software/cloud/#bitwarden_rs

This guide describe how to install the cert files on iOS14 https://www.theictguy.co.uk/adding-trus ... -to-ios14/
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
jetspeed
Posts: 6
Joined: Thu Feb 18, 2021 10:02 am

Re: Bitwarden_rs updating config file

Post by jetspeed »

Sorry, I should have been clearer.

I did regenerate the certificate, and also uploaded to my iOS device and installed the certificate. It shows the green tick this time.

I also added full trust via the settings, but still the Bitwarden iOS app would not connect.

I also installed the certificate in Windows 10:

Bitwarden app - failed to fetch
Edge browser - all good, padlock shown
Chrome browser - all good, padlock shown
Firefox browser - works, but still connection not secure warning

Is there anything you would like me to try, or should I wait for the next release?
User avatar
Joulinar
Posts: 3688
Joined: Sat Nov 16, 2019 12:49 am

Re: Bitwarden_rs updating config file

Post by Joulinar »

there will be no other change on the next release, except the certificate configuration you already have. On my test I was able to use the iOS app without issues. Maybe I will run some more test somewhere this weekend.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Post Reply