The Synology NAS essentially gives me a sweet UI for deploying Docker containers. A bit like with Docker Desktop, but in the browser. I use it to host my Unifi Cloud Key in a container, also. I pulled down the image and spun up a container. I mapped the /data directory to my NAS volume for persistent storage. Docker BitwardenRS proxified for Synology NAS A docker-compose ready package to run BitwardenRS proxified with Caddy server. This setup provides a BitwardenRS server with support of websocket notifications. The goal is to keep the Synology NAS system untouched to be upgrade-proof. Install Docker and Docker Compose. Bitwarden will be deployed and run on your machine using an array of Docker containers. Bitwarden can be run with any Docker Edition or plan. Evaluate which edition is best for your installation. Deployment of containers is orchestrated using Docker Compose. Some Docker installations, including Windows. Today we are going to look at how to self-host bitwarden on a Synology NAS! Bitwarden is a password manager that can be self-hosted if desired. The benefit of self-hosting is that you are in control of your data and don’t need to rely on a third party to manage it.
This update will focus on the 'LiveSync' feature that offers BW users instant sync of any updates across platforms. So for example, if you add a new entry using the web UI that same entry will be visible in any web browser extension as well as your app. The process works in all directions and its really instant.
This is possible using the websocket protocol. Considering that the official version (paid) method will not work with this custom one, developers have offered an alternative that works just as well.
In the default setup of this image, you can see that the web ui is using one port (port 80 by default) and that there is also a port 3012. This is the port that can be used for all websocket needs.
There is a prerequisite for this to work and that's a reverse proxy (more info here: dani-garcia/bitwarden_rs). Now I will assume that you already are using it (there is also a resource on that) but keep in mind that in order to make this work, setting up a reverse proxy entry via DSM UI will NOT give you the desired effect.
As you can see in the link above there are 2 application paths that need to be set via reverse proxy. This is not possible using the UI and needs to be done by hand.
Bitwarden Synology Fail2ban
Now I will assume also that you have had your BW setup so far via the built-in reverse proxy, so the next steps need to be followed (if you haven't then just skip to step 3).
01. Stop your BW container
NOTE: Make sure to add WEBSOCKET_ENABLED=true to your BW instance
02. Delete the existing reverse proxy BW entry from Control Panel > Application Portal > Reverse proxy
03. Using a text editor create a .conf file with the name of your choice (custom_rp.conf for example)
04. Paste the following content inside it and change the following elements!
Bitwarden_rs Synology Docker
- server_name > enter your bw public domain name
- ssl_certificate > path to your SSL certificate (full chain would be preferred)
- ssl_certificate_key > path to your ssl certficate private key
- proxy_pass > change the URL to point to your NAS ip address as well the port that you are using with your BW docker.
Keep in mind to use port numbers that you have mapped to the OUTSIDE of your container (host side, not inside the container)
04. Copy the file to your NAS (a temp location)
05. Log in your NAS via SSH and elevate to root permission (sudo -i)
06. Copy the file to this location: /usr/local/etc/nginx/sites-enabled using cp
command
07. Restart nginx service with the following command: synoservice -restart nginx
Thats it! This revers entry will not be visible inside your RP or Certificates dialog so keep this in mind. Test out your BW LiveSync and never again click the 'sync now' button!
Just another note on this matter. These steps WILL NOT provide you with a live sync feature on your devices that use the push method
Install Docker Synology
I have installed Bitwarden on my Synology into Docker, It’s working well. What I want to add there is Websocket notification. I have added the new option to the wariables “websocket_enabled=true” and also in reverse proxy on NAS i added to the “custom header” feature “websocket”, but it still doesn’t work. I can see the message in bitwarden’s log: ‘/notifications/hub’ should be proxied to the websocket server or notifications won’t work. Can you please help me to fix this? In the Bitwarden’s read only config list I see: websocket address: 0.0.0.0. Maybe this is the problem? Shouldn’t there be 127.0.0.1? But how to add it if so… Thank you