Home Assistant Community Add-on: Bitwarden RS

Installation Home Assistant OS
,
61

You need to expose Bitwarden (port 7277) by a port forward on your router. On your phone you can install any Bitwarden App or browser add-in and set the server to your own Bitwarden server (using your public IP and port 7277, or using a combination of DuckDNS / Nginx Proxy Manager as mentioned above)

62

my setup:
local:
http://192.168.a.b port 8123 Home Assistant
http://192.168.a.b port 7277 Bitwarden
Use DuckDNS for a DNS entry to my public IP (81.x.x.x)
Configured Nginx Proxy Manager with 2 proxy hosts:

  1. myduckdnsdomain.duckdns.org --> 192.168.a.b:8123 (force SSL), certificate created in Nginx Manager
  2. bitwardenxxx.myduckdnsdomain.duckdns.org --> 192.168.a.b:7277 (force SSL), certificate created in Nginx Manager

Configured router to forward port 443 (https) and 80 (required for certificate refresh) to 192.168.a.b

1 Like
63

And no certificates via the DuckDns config?

64

I think I still retrieve them, but I donā€™t use them anymore. Hassio runs without SSL and certificates. My http: section is:

http:
# Disabled ssl because on reverse proxy
#  ssl_certificate: /ssl/fullchain.pem
#  ssl_key: /ssl/privkey.pem 
#  base_url: !secret http_base_url
  ip_ban_enabled: true
  login_attempts_threshold: 5
  use_x_forwarded_for: true
  trusted_proxies:
  - 192.168.a.b
65

I have step one working just like you described
For step two:
Are you using the same duckdns domain that you used in step 1?

66

Yes. DuckDNS also forwards the subdomain (registered xx.duckdns.org, and this also forwards yyy.xx.duckdns.org)

67

Thanks for the help, got it working!

68

Are you running it in an panel_iframe?
For me it works fine directly -> https://bitwarden.a.b/
But not in a panel IFrame :frowning:

Refused to display 'https://bitwarden.a.b/' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb moz-extension://*".

Is there some directive to around this?

69

Hi,
can anyone telle me how to upgrade the add-on from 0.3.1 to 0.5.1? After rebooting my home assistant raspi I was able to install 0.5.1 but it did not migrate the users oder settings.
Iā€™m still able to start 0.3.1 but it does not auto-update to anything newer?
Can anyone give me tipps what to do?

70

Is there a way, the mobile app or browser add-on can only sync when on Home WiFi and work with offline cache when away ( is that security issue having a local copy ). I just donā€™t want to expose this outside home.

71

:tada: Release v0.6.0

Full Changelog

This is a general maintenance release.

:hammer: Changes

  • :hammer: Update add-on config with new password & list features
  • :books: Update add-on documentation to use new YAML configuration format
  • :hammer: Re-branding
  • :arrow_up: Upgrades add-on base image to v3.0.1
  • :hammer: Update community forum links

Questions? Join our Discord server! https://discord.me/hassioaddons
Enjoying my add-ons? Consider supporting my work:
https://github.com/sponsors/frenck or https://patreon.com/frenck

72

Hi All,

Was fighting to let it work. But here is how I did it and login via iOS app:

In router have forward 3 ports:

x.x.x.x:80 > 192.168.xxx.xxx:80
x.x.x.x:443 > 192.168.xxx.xxx:443
x.x.x.x:7051 > 192.168.xxx.xxx:7277

HA and Bitwarden using the same SSL Certs.

in Bitwarden iOS app I add:

https://<domain>:7051

is also using for HA to access it from internet

73

Can I use Nabu Casa instead of portforwarding?
I tried but cannot login.

74

No you cannot use this add-on via Nabu Casa Cloud.

75

What is the suggested backup strategy?
Rely on the hassio backups? Iā€™m guessing the sqlite3 db is volume mounted somewhere which will be included in those backups.
Bitwarden-RS however suggests using sqlite3 backup commands to avoid corrupted db files, is this considered for a future feature? Some incremental backup and restore or the like.

4 Likes
76

I installed this Add-On working great. Only sending emails gives a error.
In mail.info log at my server i see error ā€œWRONG_VERION_NUMBERā€

All my normal mail is working with mailserver. How can i solve this?
I tried everything in settings of Bitwarden email part.

78

Hi, Iā€™m trying to use the same config but I receive always not trusted certificate, even if I can access to bitwarden webpage from https and 7277 port opened, also from android app, so I can access but not secure, would like to manage a trusted access. I run proxmox with 2 home assistant vm and access to them writing in the browser for the first myduckdnsdomain.duckdns.org, for the second mysecondvm.myduckdnsdomain.duckdns.org and for bitwarden is similar to yours. For the 2 home assistant vmā€™s the certificate is valid and I have lock green, for bitwarden I havenā€™t, using caddy (only because I was unable to make nginx working) I think configured well but maybe not. How can the lestā€™s encrypt already owned certificate be used also for accessing bitwarden?

79

Is it somehow possible to integrade emails into the bitwarden addon? I would like to create a Two Factor Authentification to Bitwarden per Mail

80

Hi all, here again to ask, after some try I now have homeassistant working on proxmox ct, inside it I have duckdns, caddy and bitwarden rs as addons, I can reach bitwarden vault from android app with a difficult process to obtain a cert and installed it on the phone, and bitwarden vault only from a duckdns domain, so if for example duckdns, like a few time ago, is down, I have no access to the vault, so is there a way, maybe expkained in simple mode, to access locally the bitwarden vault in https or http? Most browser doesnā€™t allow to access no ssl but for me is a difficult argument and would like to solve, I think it is usefull also for other many users of bitwarden.

81

Is the vault including password data backed up in the snapshots or should I get some alternative backup in place? Donā€™t wanna lose my passwords.