starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-12-09 09:13:02 +03:00
Code Issues 429 Packages Projects Releases 10 Wiki Activity

HTTPS (via Rocket_TLS) and QNAP container station #2130

New Issue
Closed
opened 2025-10-09 17:46:52 +03:00 by OVERLORD · 6 comments
OVERLORD commented 2025-10-09 17:46:52 +03:00
Owner
Copy Link

Originally created by @Szeraax on GitHub.

Trying to enable HTTPS for this awesome project, but I'm a noob and havent ever used docker/containers before, so forgive me if I'm on the wrong tree. I'm also trying to use the Container Station (a front end app on my QNAP nas). Does my ROCKET_TLS attribute look like it should be on the right track? https://imgur.com/JkR2Rs7

Gives error:

[2019-04-22 04:27:25][rocket::config::error][ERROR] I/O error while setting tls.certs:
[2019-04-22 04:27:25][_][INFO] No such file or directory (os error 2)

Same error whether doing single or double quotes. Single quoting the whole thing gives a more generic error that didn't sound like it was the right path.

I'm so close to running this on HTTPS on QNAP! HTTP works fine.

Originally created by @Szeraax on GitHub. Trying to enable HTTPS for this awesome project, but I'm a noob and havent ever used docker/containers before, so forgive me if I'm on the wrong tree. I'm also trying to use the Container Station (a front end app on my QNAP nas). Does my ROCKET_TLS attribute look like it should be on the right track? https://imgur.com/JkR2Rs7 Gives error: [2019-04-22 04:27:25][rocket::config::error][ERROR] I/O error while setting tls.certs: [2019-04-22 04:27:25][_][INFO] No such file or directory (os error 2) Same error whether doing single or double quotes. Single quoting the whole thing gives a more generic error that didn't sound like it was the right path. I'm so close to running this on HTTPS on QNAP! HTTP works fine.
OVERLORD commented 2025-10-09 17:46:55 +03:00
Author
Owner
Copy Link

@Szeraax commented on GitHub:

It works! Bitwarden compatible server with TLS! Had to set ENV variable ROCKET_TLS to {certs="/ssl/certificate.pem",key="/ssl/private.pem"} and add a shared folder from my QNAP to /ssl on the client. You're amazing! Thank you so much for the tip.

@Szeraax commented on GitHub: It works! Bitwarden compatible server with TLS! Had to set ENV variable `ROCKET_TLS` to `{certs="/ssl/certificate.pem",key="/ssl/private.pem"}` and add a shared folder from my QNAP to `/ssl` on the client. You're amazing! Thank you so much for the tip.
OVERLORD commented 2025-10-09 17:46:56 +03:00
Author
Owner
Copy Link

@Crunch91 commented on GitHub:

Unfortunately I can't make it work with default container station method. Now I try it with docker-compose also.
Now I will try it with compose script, but nginx is not starting because of config error. Could you pls show me your docker-compose file?


version: '3'

services:
  bitwarden:
    image: bitwardenrs/server:latest
    expose:
      - "80"
    volumes:
      - ./data/bitwarden:/data
    restart: on-failure
    environment:
      WEBSOCKET_ENABLED: 'true'
    logging:
      driver: "json-file"
      
 
  nginx:
    image: nginx:1.19.4-alpine
    ports:
      - "580:80"
      - "5443:443"
    volumes:
      - ./data/nginx:/etc/nginx
      - ./data/ssl:/etc/ssl

  bw_backup:
    image: bruceforce/bw_backup:latest
    container_name: bw_backup
    restart: on-failure
    depends_on:
      - bitwarden
    volumes:
      - ./data/bitwarden:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - ./data/bitwarden:/backup_folder/
    environment:
      - DB_FILE=/data/db.sqlite3
      - BACKUP_FILE=/backup_folder/db_backup/backup.sqlite3
      - BACKUP_FILE=/data/db_backup/backup.sqlite3
      - CRON_TIME=0 5 * * *
      - TIMESTAMP=false
      - UID=0
      - GID=0
@Crunch91 commented on GitHub: Unfortunately I can't make it work with default container station method. Now I try it with docker-compose also. Now I will try it with compose script, but nginx is not starting because of config error. Could you pls show me your docker-compose file? ``` version: '3' services: bitwarden: image: bitwardenrs/server:latest expose: - "80" volumes: - ./data/bitwarden:/data restart: on-failure environment: WEBSOCKET_ENABLED: 'true' logging: driver: "json-file" nginx: image: nginx:1.19.4-alpine ports: - "580:80" - "5443:443" volumes: - ./data/nginx:/etc/nginx - ./data/ssl:/etc/ssl bw_backup: image: bruceforce/bw_backup:latest container_name: bw_backup restart: on-failure depends_on: - bitwarden volumes: - ./data/bitwarden:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro - ./data/bitwarden:/backup_folder/ environment: - DB_FILE=/data/db.sqlite3 - BACKUP_FILE=/backup_folder/db_backup/backup.sqlite3 - BACKUP_FILE=/data/db_backup/backup.sqlite3 - CRON_TIME=0 5 * * * - TIMESTAMP=false - UID=0 - GID=0 ```
OVERLORD commented 2025-10-09 17:46:57 +03:00
Author
Owner
Copy Link

@Szeraax commented on GitHub:

I used docker-compose, so it's a little different, but I created my ssl
folder in the regular file station app.
Datavol1/container/compose-vault/ssl.

Then my config looked like this to map that path as /ssl inside the
container. Finally, I set the rocket tls setting that tells it inside the
container to look for the certs inside it's virtual /ssl folder.

Does that help?

  • /share/Container/compose-vault/ssl/:/ssl/
    environment:
    ROCKET_TLS: '{certs = "/ssl/certificate.pem", key = "/ssl/private.pem"}'

On Sat, Oct 31, 2020, 2:42 AM Crunch91 notifications@github.com wrote:

@Szeraax https://github.com/Szeraax What do you mean by saying:

[...] and add a shared folder from my QNAP to /ssl on the client. [...]

Where do I do that exactly? Could you please provide information how to do
this?


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/dani-garcia/bitwarden_rs/issues/465#issuecomment-719904364,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/ABPUBT5SKZA4HV5YUVSFRI3SNPEYBANCNFSM4HHNKKVQ
.

@Szeraax commented on GitHub: I used docker-compose, so it's a little different, but I created my ssl folder in the regular file station app. Datavol1/container/compose-vault/ssl. Then my config looked like this to map that path as /ssl inside the container. Finally, I set the rocket tls setting that tells it inside the container to look for the certs inside it's virtual /ssl folder. Does that help? - /share/Container/compose-vault/ssl/:/ssl/ environment: ROCKET_TLS: '{certs = "/ssl/certificate.pem", key = "/ssl/private.pem"}' On Sat, Oct 31, 2020, 2:42 AM Crunch91 <notifications@github.com> wrote: > @Szeraax <https://github.com/Szeraax> What do you mean by saying: > > [...] and add a shared folder from my QNAP to /ssl on the client. [...] > > Where do I do that exactly? Could you please provide information how to do > this? > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <https://github.com/dani-garcia/bitwarden_rs/issues/465#issuecomment-719904364>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/ABPUBT5SKZA4HV5YUVSFRI3SNPEYBANCNFSM4HHNKKVQ> > . >
OVERLORD commented 2025-10-09 17:46:57 +03:00
Author
Owner
Copy Link

@dani-garcia commented on GitHub:

Are those certificates in the QNAP nas itself? If so, you need to mount those directories in the docker image and make the ROCKET_TLS point to the mounted paths.

If you look into https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-HTTPS, you can see that the /ssl/keys/ is the path to the keys in the host, and /ssl/ is where they get mounted in the container.

@dani-garcia commented on GitHub: Are those certificates in the QNAP nas itself? If so, you need to mount those directories in the docker image and make the ROCKET_TLS point to the mounted paths. If you look into https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-HTTPS, you can see that the `/ssl/keys/` is the path to the keys in the host, and `/ssl/` is where they get mounted in the container.
OVERLORD commented 2025-10-09 17:46:58 +03:00
Author
Owner
Copy Link

@Crunch91 commented on GitHub:

@Szeraax What do you mean by saying:

[...] and add a shared folder from my QNAP to /ssl on the client. [...]

Where do I do that exactly? Could you please provide information how to do this?

@Crunch91 commented on GitHub: @Szeraax What do you mean by saying: > > > [...] and add a shared folder from my QNAP to `/ssl` on the client. [...] Where do I do that exactly? Could you please provide information how to do this?
OVERLORD commented 2025-10-09 17:47:00 +03:00
Author
Owner
Copy Link

@Szeraax commented on GitHub:

Sure. I recall seeing something about docker-compose and QNAP that said relative paths don't work so well, so I did absolute paths. Forgot to mention that you need to add the ROCKET_TLS env variable! Here you go. Don't recall what 3012/3012 is for. but 3443:80 is just so I recall that the port is a HTTPS port.

Of course, I'll add that if you're using nginx, why do you need ROCKET_TLS working on your BitwardenRs? You should just use regular HTTP from your nginx to Bitwardenrs. Ooooh, are you talking about using TLS on nginx, not BitwardenRs directly? If yes, that's a totally different issue than what I was doing.

version: '3'
services:
 bitwarden:
  image: bitwardenrs/server
  restart: always
  volumes:
      - /share/Container/compose-vault/data/:/data/
      - /share/Container/compose-vault/ssl/:/ssl/
  environment:
   ROCKET_TLS: '{certs = "/ssl/certificate.pem", key = "/ssl/private.pem"}'
   SIGNUPS_ALLOWED: "true"
   SMTP_HOST: "smtp.gmail.com"
   SMTP_FROM: "ouyasaviors@gmail.com"
   SMTP_PORT: "587"
   SMTP_SSL: "true"
   SMTP_USERNAME: "emailaddress@gmail.com"
   SMTP_PASSWORD: "ddddddpass"
   LOG_FILE: "/data/bitwarden.log"
  ports:
      - 3443:80   #Server's home IP
      - 3012:3012 #Server's home IP
@Szeraax commented on GitHub: Sure. I recall seeing something about docker-compose and QNAP that said relative paths don't work so well, so I did absolute paths. Forgot to mention that you need to add the ROCKET_TLS env variable! Here you go. Don't recall what 3012/3012 is for. but 3443:80 is just so I recall that the port is a HTTPS port. Of course, I'll add that if you're using nginx, why do you need ROCKET_TLS working on your BitwardenRs? You should just use regular HTTP from your nginx to Bitwardenrs. Ooooh, are you talking about using TLS on nginx, not BitwardenRs directly? If yes, that's a totally different issue than what I was doing. ```#docker-compose.yaml version: '3' services: bitwarden: image: bitwardenrs/server restart: always volumes: - /share/Container/compose-vault/data/:/data/ - /share/Container/compose-vault/ssl/:/ssl/ environment: ROCKET_TLS: '{certs = "/ssl/certificate.pem", key = "/ssl/private.pem"}' SIGNUPS_ALLOWED: "true" SMTP_HOST: "smtp.gmail.com" SMTP_FROM: "ouyasaviors@gmail.com" SMTP_PORT: "587" SMTP_SSL: "true" SMTP_USERNAME: "emailaddress@gmail.com" SMTP_PASSWORD: "ddddddpass" LOG_FILE: "/data/bitwarden.log" ports: - 3443:80 #Server's home IP - 3012:3012 #Server's home IP ```
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
better for forum
bug
bug
bug
documentation
duplicate
enhancement
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
SSO
Third party
troubleshooting
troubleshooting
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#2130
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?