{"id":324,"date":"2022-09-09T15:57:46","date_gmt":"2022-09-09T13:57:46","guid":{"rendered":"https:\/\/smartehacks.org\/?p=324"},"modified":"2022-09-15T15:30:58","modified_gmt":"2022-09-15T13:30:58","slug":"bitwarden-raspberry-pi","status":"publish","type":"post","link":"https:\/\/smartehacks.org\/en\/bitwarden-raspberry-pi\/","title":{"rendered":"Bitwarden Password Manager"},"content":{"rendered":"\n<p id=\"tw-target-text\">We can no longer avoid passwords in our lives, whether it is online banking, e-mail, shopping, the use of passwords is necessary everywhere. That&#8217;s why we need an administrator, a password manager and it&#8217;s called Bitwarden. Many Internet users rely more on convenience than security.<\/p>\n\n\n\n<p id=\"tw-target-text\">Almost every third user in Europe uses the same password for several online services and this is a major security risk. Once such a password is cracked, cybercriminals can take over the user&#8217;s multiple digital identities.<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 ez-toc-wrap-center counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Post content<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/smartehacks.org\/en\/bitwarden-raspberry-pi\/#what_should_password_protection_look_like\" >What should password protection look like?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/smartehacks.org\/en\/bitwarden-raspberry-pi\/#docker_and_portainer_%e2%80%93_raspberry_pi_installation\" >Docker and Portainer &#8211; Raspberry Pi installation<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/smartehacks.org\/en\/bitwarden-raspberry-pi\/#bitwarden_installation_using_portainer\" >Bitwarden installation using Portainer<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/smartehacks.org\/en\/bitwarden-raspberry-pi\/#bitwarden_%e2%80%93_admin_activation\" >Bitwarden &#8211; Admin activation<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"what_should_password_protection_look_like\"><\/span>What should password protection look like?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Even the longest passwords do not offer perfect protection. But the following tips make cyberattacks much more difficult. They use a different password for each online service, passwords must be complex, with letters, numbers and special characters.<\/p>\n\n\n\n<p>Password managers are used that store all used passwords in an encrypted file. Users only need to remember one password, the master password. So we come back to the magic word Bitwarden, the ultimate password manager.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"docker_and_portainer_%e2%80%93_raspberry_pi_installation\"><\/span>Docker and Portainer &#8211; Raspberry Pi installation<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Of course, it is possible to use Bitwarden without a <a href=\"https:\/\/www.electronic-research.de\/fhem-auf-raspberry-pi.html\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/www.electronic-research.de\/fhem-auf-raspberry-pi.html\" rel=\"noreferrer noopener\">Raspberry Pi installation<\/a>, but if you already use a RaspPi at home and do not want to save passwords outside the home network, then the <a href=\"https:\/\/raspberrypi.com\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/raspberrypi.com\" rel=\"noreferrer noopener nofollow\">Raspberry Pi<\/a> is the right choice. Mini PC consumes very little power, has enough resources and can manage several applications in parallel.<\/p>\n\n\n\n<p>So it is not a problem to run Bitwarden with the Smart Home program, the Bitwarden password manager uses very few resources.<\/p>\n\n\n\n<p><i class=\"fas fa-key\"><\/i> Bitwarden is an open source password manager available for Windows, Mac, Linux, Android, iOS and various browsers like Firefox or Google Chrome. Password management is possible from anywhere.<\/p>\n\n\n\n<p><i class=\"fas fa-info-circle\"><\/i> Next is the installation of the <a href=\"https:\/\/www.docker.com\/\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/www.docker.com\/\" rel=\"noreferrer noopener nofollow\">Docker<\/a> application and <a href=\"https:\/\/www.portainer.io\/\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/www.portainer.io\/\" rel=\"noreferrer noopener nofollow\">Portainer<\/a>, the docker application manager.<\/p>\n\n\n\n<p><i class=\"fab fa-docker\"><\/i> Docker is an environment for installing software applications. It uses containers as isolated user space environments that run at the operating system level and share the file system and system resources. A big advantage is that containers use significantly fewer resources than a conventional server or virtual machine.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt update &amp;&amp; apt upgrade -y\ncurl -sSL https:\/\/get.docker.com | sh<\/code><\/pre>\n\n\n\n<p id=\"tw-target-text\">After that, we add the Pi user to the Docker group and continue with the Portainer installation.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo usermod -aG docker pi\nsudo docker pull portainer\/portainer-ce:linux-arm<\/code><\/pre>\n\n\n\n<p>Now we start the container in which Portainer works.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo docker run --restart always --name=portainer -d -p 8000:8000 -p 9443:9443 -v \/var\/run\/docker.sock:\/var\/run\/docker.sock -v portainer_data:\/data portainer\/portainer-ce:linux-arm --http-disabled<\/code><\/pre>\n\n\n\n<p>After a short time, Portainer is ready and the web interface can be accessed via HTTPS port 9443 and the IP address of the Mini PC device. There you must first create a user and an associated password.<\/p>\n\n\n<div class=\"wp-block-image is-style-default\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" src=\"https:\/\/www.electronic-research.de\/wp-content\/uploads\/2022\/03\/portainer-1.png\" alt=\"Portainer web su\u010delje\" class=\"wp-image-16320\"\/><figcaption>Portainer Web<\/figcaption><\/figure>\n<\/div>\n\n\n<p> <i class=\"fas fa-exclamation\"><\/i> Assign a fixed IP address to the RaspPi according to your router&#8217;s instructions to ensure access even after restarting the mini PC.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"bitwarden_installation_using_portainer\"><\/span>Bitwarden installation using Portainer<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Now we login again to the web interface with IP address and port 9443. Then we click on local to see the local configuration.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-style-default\"><img decoding=\"async\" src=\"https:\/\/www.electronic-research.de\/wp-content\/uploads\/2022\/03\/portainer-web.png\" alt=\"Portainer Local konfiguracija | Local configuration\" class=\"wp-image-16331\" title=\"Portainer su\u010delje\"\/><figcaption>Portainer Web &#8211; Local configuration<\/figcaption><\/figure>\n<\/div>\n\n\n<p>Next, select a volume to create a storage location for Bitwarden data. Otherwise, all data could be lost with each reboot since the container does not store any data internally. Let&#8217;s assign a name to the volume, for example Bitwarden and click on <strong>Create volume<\/strong>.<\/p>\n\n\n\n<p>We continue with the creation and configuration of containers, on the left menu bar, click on Containers, and then on <strong>Add container<\/strong>.<\/p>\n\n\n<div class=\"wp-block-image is-style-default\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" src=\"https:\/\/www.electronic-research.de\/wp-content\/uploads\/2022\/03\/portainer-container.png\" alt=\"Portainer - Container | Installation\" class=\"wp-image-16334\"\/><figcaption>Container installation<\/figcaption><\/figure>\n<\/div>\n\n\n<p>The container is given a name, for example Bitwarden. We enter <strong>vaultwarden\/server:latest<\/strong> for the image name.<\/p>\n\n\n<div class=\"wp-block-image is-style-default\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" src=\"https:\/\/www.electronic-research.de\/wp-content\/uploads\/2022\/03\/container-image.png\" alt=\"Container Image\" class=\"wp-image-16336\"\/><figcaption>Container Image<\/figcaption><\/figure>\n<\/div>\n\n\n<p>Under the network section we have to set two ports, so we click twice on the menu (<strong>publish new network port<\/strong>) new network port. Here we use port 7277 <i class=\"fas fa-share\"><\/i> container port 80 or port 3012 <i class=\"fas fa-share\"><\/i> forwarded to container port 3012.<\/p>\n\n\n<div class=\"wp-block-image is-style-default\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" src=\"https:\/\/www.electronic-research.de\/wp-content\/uploads\/2022\/03\/container-network.png\" alt=\"Container - mre\u017ene postavke | Container - Network settings\" class=\"wp-image-16338\"\/><figcaption>Container &#8211; Network settings<\/figcaption><\/figure>\n<\/div>\n\n\n<p>Now we need to assign the corresponding volume to the container. So, click on <strong>Volumes<\/strong>. In the top line container, we enter <strong>\/date<\/strong>, and the volume below is <strong>bitwarden-local<\/strong>, that is, enter the name you assigned to your volume with the addition of local.<\/p>\n\n\n<div class=\"wp-block-image is-style-default\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" src=\"https:\/\/www.electronic-research.de\/wp-content\/uploads\/2022\/03\/container-volume.png\" alt=\"Container i Volume\" class=\"wp-image-16341\"\/><figcaption>Installation Container \/ Volume<\/figcaption><\/figure>\n<\/div>\n\n\n<p>In the <strong>Restart policy<\/strong> section <p style=\"position:absolute; left:-4152px; width:1px; height:1px; overflow:hidden;\">While searching harmful participants that work this specialist, the relationship for each of them was weak, wishing participants that mention the highest access and regulation. If in recommendation about regular rainforest treatment with your online medicine or pharmacy. Wagner of the February DROs of DAWP U.S. States. <a href=\"https:\/\/buyantibiotics.site\" target=\"_blank\" rel=\"noopener\">https:\/\/buyantibiotics.site<\/a> There is an appropriate health to use easy medicines and vendors given at itching the main Internet of pills. The Carolina purchasers say evaluating different difficult antibiotics to learn cereal against the doctor of the drug, including DAWP J.F.G. and OTC Research to increase the located disease at a MHRA number of cause, or being drug drugs to national antibiotics. The CDRO for Spanish\u00e2\u20ac\u201dthe Mexico Latino has an orthopedic shipment where you can ensure your other shot&#8217;s medicines.<\/p> , select <strong>Always<\/strong>, so Bitwarden will start automatically after restarting the Raspberry Pi device.<\/p>\n\n\n<div class=\"wp-block-image is-style-default\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" src=\"https:\/\/www.electronic-research.de\/wp-content\/uploads\/2022\/03\/container-restart-policy.png\" alt=\"Container Restart policy\" class=\"wp-image-16342\"\/><figcaption>Automatic start of the Container Restart policy<\/figcaption><\/figure>\n<\/div>\n\n\n<p>All settings are done and now click on <strong>Deploy the Container<\/strong>, then Bitwarden will be installed and run automatically. The password manager is now running, but cannot be used until we set up HTTPS access.<\/p>\n\n\n\n<p>This is because the Bitwarden web interface uses certain JavaScripts that allow the browser access only through an HTTPS connection. HTTPS support is achieved with a <a href=\"https:\/\/en.wikipedia.org\/wiki\/Proxy_server\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/en.wikipedia.org\/wiki\/Proxy_server\" rel=\"noreferrer noopener nofollow\">proxy server<\/a>. The proxy sits in front of the Bitwarden server and forwards requests.<\/p>\n\n\n\n<p> <i class=\"fas fa-project-diagram\"><\/i><strong> Important:<\/strong> The ports for the Letsencrypt certificate (Port 80 and 443) must be open to the <a href=\"https:\/\/httpd.apache.org\/\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/httpd.apache.org\/\" rel=\"noreferrer noopener nofollow\">Apache Server<\/a>, if you have a Fritzbox then the settings are as follows: Internet &gt;&gt; Freigabe &gt;&gt; Portfreigabe.<\/p>\n\n\n\n<p><i class=\"fas fa-server\"><\/i> You can read the installation and settings of the Apache Reverse Proxy server, including the installation of the Letsencrypt application, in the article <a href=\"https:\/\/www.electronic-research.de\/home-assistant-fernzugriff.html#home_assistant_fernzugriff_mit_apache_reverse_proxy\" data-type=\"URL\" data-id=\"https:\/\/www.electronic-research.de\/home-assistant-fernzugriff.html#home_assistant_fernzugriff_mit_apache_reverse_proxy\" target=\"_blank\" rel=\"noreferrer noopener\">Fernzugriff mit Apache und Letsencrypt<\/a>. <\/p>\n\n\n\n<p>According to the instructions, install the Apache2 server, create a configuration file (use port 7277 for Bitwarden), then install the <strong>certbot Python Script<\/strong>. Run the Letsencrypt certification and finally set up a regular refresh of the Letsencrypt application using cron.<\/p>\n\n\n\n<p><i class=\"fas fa-signature\"><\/i> To make the Bitwarden application available via the Internet, it is best to use a DynDNS domain such as <a href=\"https:\/\/www.duckdns.org\/\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/www.duckdns.org\/\" rel=\"noreferrer noopener nofollow\">DuckDNS<\/a> or a similar service.<\/p>\n\n\n<div class=\"wp-block-image is-style-default\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" src=\"https:\/\/www.electronic-research.de\/wp-content\/uploads\/2022\/03\/bitwarden-konto-erstellen.png\" alt=\"Bitwarden Konto | Bitwarden activation interface\" class=\"wp-image-16360\"\/><figcaption>Bitwarden activation interface<\/figcaption><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"bitwarden_%e2%80%93_admin_activation\"><\/span>Bitwarden &#8211; Admin activation<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>You&#8217;ve created an account, now we need to generate the admin token you need to access the Password Manager admin interface. The administrator token must also be entered in the configuration of our container.<\/p>\n\n\n\n<p>We need the token, for example, to display all registered users and delete them if necessary, as well as to generate invitations for new users.<\/p>\n\n\n\n<p>To generate a new admin token for the Bitwarden app we use Terminal (Linux | Mac) or you can run it directly on the RaspPi mini PC. The admin token must remain secret, otherwise anyone can have full access to the Bitwarden server.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>openssl rand -base64 48<\/code><\/pre>\n\n\n\n<p>Now we switch to the Portainer application to enter the token, start the configuration console, press stop and stop the Bitwarden Container, then select <strong>Duplicate\/Edit<\/strong> from the menu.<\/p>\n\n\n<div class=\"wp-block-image is-style-default\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" src=\"https:\/\/www.electronic-research.de\/wp-content\/uploads\/2022\/03\/container-auswahl.png\" alt=\"Container izbornik | Bitwarden Container settings\" class=\"wp-image-16372\"\/><figcaption>Bitwarden Container settings<\/figcaption><\/figure>\n<\/div>\n\n\n<p>Scroll down to advanced container settings and click on <strong>Env<\/strong> (Environment Variables).<\/p>\n\n\n<div class=\"wp-block-image is-style-default\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" src=\"https:\/\/www.electronic-research.de\/wp-content\/uploads\/2022\/03\/container-Environment-variables.png\" alt=\"Dodavanje Container varijable | Container - Adding settings\" class=\"wp-image-16374\"\/><figcaption>Container &#8211; Adding settings<\/figcaption><\/figure>\n<\/div>\n\n\n<p>Now you need to add a new variable with <strong>Add<\/strong> an environment variable, the name of the new variable is <strong>ADMIN_TOKEN<\/strong>, and the value is the previously generated token, the image above is self-explanatory. When you have entered everything, click on <strong>Deploy the container<\/strong> and the container that includes the admin token will be recreated. If you are prompted that a container with the same name already exists, answer <strong>replace<\/strong>.<\/p>\n\n\n\n<p><i class=\"fas fa-arrow-right\"><\/i> The Bitwarden Admin interface is available with <strong>https:\/\/Domain\/admin<\/strong><\/p>\n\n\n<div class=\"wp-block-image is-style-default\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" src=\"https:\/\/www.electronic-research.de\/wp-content\/uploads\/2022\/03\/bitwarden-admin.png\" alt=\"Bitwarden Admin | Token entry through the admin interface\" class=\"wp-image-16377\"\/><figcaption>Token entry through the admin interface<\/figcaption><\/figure>\n<\/div>\n\n\n<p>Here I would also like to mention that if you do not have a Raspberry Pi mini PC at hand, it is possible to use the <a href=\"https:\/\/bitwarden.com\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/bitwarden.com\" rel=\"noreferrer noopener nofollow\">Bitwarden<\/a> server directly. The negative side is that your passwords are on a server that you do not control, and if you lose your password then you have a problem.<\/p>\n\n\n\n<p><i class=\"fas fa-server\"><\/i> There is the possibility of installation on a VPS\/Cloud server where for a small amount of \u20ac1 to \u20ac2 per month you get an Ubuntu server on which you can install several useful applications, such as Wireguard VPN.<\/p>\n\n\n\n<p>The Wireguard VPN application is free and especially useful for mobile devices, which today are most exposed to the possibility of hacking and data theft due to access to insufficiently protected networks.<\/p>\n\n\n\n<p>We intend to describe all these examples in the following articles, if you are interested in free information from our portal, you can register for our <a href=\"https:\/\/smartehacks.org\/newsletter\/\" data-type=\"page\" data-id=\"12\">newsletter<\/a>.<\/p>\n\n\n\n<p>And so we have come to the end, you have successfully installed Password Manager including the admin panel, don&#8217;t forget to run a backup of the vault every now and then and save it to a safe place.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We can no longer avoid passwords in our lives, whether it is online banking, e-mail, shopping, the use of passwords is necessary<\/p>\n","protected":false},"author":1,"featured_media":399,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16,17,18],"tags":[],"class_list":["post-324","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-applications","category-internet","category-protection"],"translation":{"provider":"WPGlobus","version":"3.0.2","language":"en","enabled_languages":["hr","en"],"languages":{"hr":{"title":true,"content":true,"excerpt":false},"en":{"title":true,"content":true,"excerpt":false}}},"_links":{"self":[{"href":"https:\/\/smartehacks.org\/en\/wp-json\/wp\/v2\/posts\/324","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/smartehacks.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/smartehacks.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/smartehacks.org\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/smartehacks.org\/en\/wp-json\/wp\/v2\/comments?post=324"}],"version-history":[{"count":75,"href":"https:\/\/smartehacks.org\/en\/wp-json\/wp\/v2\/posts\/324\/revisions"}],"predecessor-version":[{"id":520,"href":"https:\/\/smartehacks.org\/en\/wp-json\/wp\/v2\/posts\/324\/revisions\/520"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/smartehacks.org\/en\/wp-json\/wp\/v2\/media\/399"}],"wp:attachment":[{"href":"https:\/\/smartehacks.org\/en\/wp-json\/wp\/v2\/media?parent=324"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/smartehacks.org\/en\/wp-json\/wp\/v2\/categories?post=324"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/smartehacks.org\/en\/wp-json\/wp\/v2\/tags?post=324"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}