Home Assistant Community Add-on: Bitwarden RS

smile · February 19, 2024, 5:43am

Thanks, Port forwarding was missing Now working fine

bhozar · February 29, 2024, 10:39am

Thank You for this. Got it working great

Crady123 · August 1, 2024, 7:17am

Hi, is there a way to connect to the Vaultwarden Add-On without duckdns / portforwarding?
I am using the HomeAssistant cloud with a subdomain e.g. - or might cloudflare do the job?

Gugul · August 29, 2024, 8:28pm

Sorry for late response. I moved to separate container outside of HA

CrouchingWorm · August 30, 2024, 7:34am

Thank you!
I got it working in the end.
Appreciate you replying.

doors.sl · January 9, 2025, 7:13pm

Is it possible to disable the create account option? I see that is possible with bitwarden_rs and an environment variable. I’m just not sure how to set an env variable in the addon
Thanks!

carmanber · January 12, 2025, 10:43am

Hi in case someone, is stuck to expose securely bitwarden, here is a small guide on how to do it.

If you do not already use Nginx Proxy Manager to redirect traffic to your HA server:

Download Nginx Proxy Manager
Configure it as per doc and create your pass and user for Nginx
Create a new proxy host that redirects to HA (see the screenshot). Your Domain Name is your public available domain and sub for home assistant, for ex: homeassistant.mydomain.com

ExposeHA1264×1142 101 KB
Create a new SSL certificate. Put your email address and agree to the term of use. If you use an external DNS provider (I use for ex. Route53 from AWS) you need to check the Use DNS challenge option and then you can follow this doc: addons/letsencrypt/DOCS.md at df9bfbe2d4f5ee5597a0471e6c872da82ab3996d · home-assistant/addons · GitHub . If not, uncheck this option.

HA-SSL1052×1142 101 KB
Go the log of Nginx Manager and try to access your HA instance via your public URL, for ex: homeassistant.mydomain.com. You should see an error message with an IP address you need to add this IP address in step 6.
Replace the http section in the configuration.yaml of your HA instance, it should look like this (previous configuration should be commented or deleted):

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - a.b.c.d/24 #The IP address your found in the log at step 5
    - 192.168.1.e #Your HA internal IP address
  ip_ban_enabled: true
  login_attempts_threshold: 3

You should now be able to connect to your HA server via https and your public domain.

For everyone

Install Vaultwarden addon and configure it as per doc
In the admin panel you need to add the URL you want to use for your BitWarden instance, for ex: bitwarden.mydomain.com

ConfigBit1890×568 114 KB
In the BitWarden addon configuration, uncheck the SSL option and restart it.

grafik2132×382 10.8 KB
Create a new host in Nginx as per previous point 4. But using your bitwarden URL, for ex: bitwarden.mydomain.com. You need to redirect to the bitwarden port 7277.

BitRoute994×1132 92.3 KB
Create a new certificate with SSL as per previous point 5
Your bitwarden instance is now securely publicly expose

N.B: They are some internet websites that let you check the security setup of your server. Just check it to be sure you do not expose yourself to security breach.

carmanber · January 17, 2025, 6:06pm

Simply add your argon2 token, previously generateed in the admmin pannel.
Do not forget to remove the quote 'from the token before copy pasting it, I was stuck on the exact same part

TheCodeMan · February 7, 2025, 7:33pm

I am using the Bitwarden addon with the Home Assistant VM. I see an option to change the port number and I’d like to change it to 443 for internal and external access. I don’t want to use Nginxproxy since I am using a Cloudflare tunnel. I am able to change the port but there is no option to refresh or replace the SSL certificate. The Windows app will connect but the iPhone app will not. It errors out. Any ideas on how I can do this, or does it just have to run on port 7277 in the Home Assistant VM?

carmanber · February 10, 2025, 8:06pm

443 is a reserved port for https. I really do not think you can use it like this. You can use any other free port, just run a port check, but honestly, there is no point not using the default port.

For the mobile app to function you need to issue a certificate from a public certification authority, that is why I recommend you to use Lets Encrypt.

If you connect via VPN just let the default port and connect to your internal IP address + port. However, you willl not be able to issue a non-self signed certificate if you are not exposing your IP. Your last possibility, is to self sign your certificate and then add it to your phone. Not sure it will work but you can give it a try…

draic · March 12, 2025, 11:34am

but why is the data folder not accessible in the first place? This is important for doing full backups (attachments etc) and for migration purposes