Hi all !
Back to business after a long period without any time to give to the subject.
I eventually managed to install and configure nginx with certbot and letsencrypt to proxy pass trafic to my Bitwarden_RS docker container using HTTPS and SSL certificates.
But now I have a couple of questions to clean all the installation.
-
Domain name / server name
I’m using a dynamic DNS from NoIp.com, which is “briceparmentier.ddns.net”, which is pointing to my personal external IP address (my box). I want to use this to target several tools at home, so I want to use “briceparmentier.ddns.net/bitwarden”, “briceparmentier.ddns.net/othertool”, etc…
Do I need to create different nginx configuration files or can I use a single one named “briceparmentier.ddns.net” and then create several “location” blocks in it?
Here is my current nginx file:server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name briceparmentier.ddns.net; location / { proxy_pass https://localhost:XXX; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /othertool/ { root /var/www/; } ssl_certificate /etc/letsencrypt/live/briceparmentier.ddns.net/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/briceparmentier.ddns.net/privkey.pem; # managed by Certbot }
So currently the defaults URL goes to bitwarden with my selected port XXX. Eventually I want to have “location /bitwarden/”. This leads me to next question.
- Launch again container with different options
The documentation of Bitwarden_RS says that the DOMAIN variable must be set to be able to host bitwarden at a subdir of the main domain. Then following this page Using an alternate base dir · dani-garcia/bitwarden_rs Wiki · GitHub I need to add -e DOMAIN=“blablabla” to my container setup.
So I need to stop my bitwarden container and run it again using different options.
This will also allow me to get rid of the SSL parameters as they are now managed by my reverse proxy.
I’m not very confident to do this so I would need that you confirm I’m doing it the right way.
Here is the script I used to run my bitwarden container:
docker run -d --name bw \
-e ROCKET_TLS='{certs="/bw/ssl/bitwarden.crt",key="/bw/ssl/bitwarden.key"}' \
-e ADMIN_TOKEN=blablabla \
-v /bw-data/:/data/ -v /ssl/:/ssl/ \
-p XXX:80 \
--restart always bitwardenrs/server:latest
So i can now remove the -e ROCKET_TLS=… and the -v /ssl/:/ssl/ right ?
Also if I stop my container and run this script again, it will tell me that the container already exists. Is there a way to change the parameters of an existing container? Or, as I’ve stored data outside the container with -v /bw-data/:/data/, can i simply remove the existing container and create a new one by running my script after modifying it ?
So my script would look like this:
docker run -d --name bw \
-e DOMAIN="http://briceparmentier.ddns.net/bitwarden \
-e ADMIN_TOKEN=blablabla \
-v /bw-data/:/data/ \
-p XXX:80 \
--restart always bitwardenrs/server:latest
Thanks again all for your help and support !