My instance of bitwardenRS seemed to be working quite fine since 10/2020. I have been looking into using fail2ban as a security layer so I started following the guide on the bitwarden_rs wiki to do that. A prerequisite is that I configure logging so I went in to my docker-compose.yml . This is my docker-compose.yml before starting to configure logging (I use nginx as a reverse proxy):
docker-compose.yml
version: ‘3’
services:
bitwarden:
image: bitwardenrs/server
restart: always
ports:
- 845:80
volumes:
- ./bw-data:/data/
environment:
WEBSOCKET_ENABLED: ‘true’ # Required to use websockets
SIGNUPS_ALLOWED: ‘false’ # set to false to disable signups
Following the wiki, I included LOG_FILE: /data/bitwarden.log then stopped and restarted the contatiner. When I checked the bw-data folder there was no log. Thinking that I needed to generate something to go in the log I loaded up my vault login in my browser and tried a couple of incorrect logins then tried adding a new account. I was very surprised to see the “Create Account” page load as I was sure I had disabled that after creating my account. I went back to my yml and confirmed that I had SIGNUPS_ALLOWED: ‘false’. I have tried different ways to add the logfile path and none were successful.
Getting nowhere with the logfile I tried enabling the admin page to delete the test account I had created when I realised SIGNUPS_ALLOWED: ‘false’ wasn’t being respected. That didn’t work. I also tried disabling password hint and that has not worked either. Below is my current docker-compose.yml:
docker-compose.yml
version: ‘3’
services:
bitwarden:
image: bitwardenrs/server
restart: always
ports:
- 845:80
volumes:
- ./bw-data:/data/
environment:
WEBSOCKET_ENABLED: ‘true’ # Required to use websockets
SIGNUPS_ALLOWED: ‘false’ # set to false to disable signups
LOG_FILE: /home/$USER/bitwarden/bw-data/bitwarden.log # Added to test logging
LOG_LEVEL: ‘warn’ # Combine with extended logging below to reduce log messages
EXTENDED_LOGGING: ‘true’
SHOW_PASSWORD_HINT: ‘false’
ADMIN_TOKEN: ‘long random token here’
I really don’t know what is happening here. My instance seems to be working OK. With credit to this guide, How to self-host Bitwarden Password Manager and others I got bitwardenRS installed, proxied with nginx and working https from letsencrypt. I can login to the vault, the browser extensions and android integrations are connected and sync ok. It just seems that none of the changes I make to the docker-compose.yml are being implemented. If I use incorrect syntax eg EXTENDED_LOGGING=true instead of EXTENDED_LOGGING: ‘true’ in the yml I get an error when starting the container so it at least seems to be checking the file but not acting on some variables. Help, please.