BitWarden

Self-host password vault with Bitwarden on Synology NAS via Docker

Alex Camilleri

1 min read

Creating a Bitwarden container

Create the Bitwarden container where you usually keep your containers. In this example we will use /volume1/docker/bitwarden/.

Access your NAS via SSH, and then create the docker container with the following setup:

docker run -d \
  --name=bitwarden \
  --restart=always \
  -v /volume1/docker/bitwarden/data/:/data/ \
  -p 9080:80 \
  mprasil/bitwarden:latest

Redirecting subdomain to Synology NAS

Make a CNAME record pointing from a subdomain (i.e. bitwarden.mydomain.com) to the NAS via DDNS. It should look something like bitwarden.mydomain.com -> mydomain.ddns.net

Setting up reverse proxy on Let's Encrypt

Go to the folder where you set your proxy configurations in your Let's Enctypt container (i.e. volume1/docker/letsencrypt/config/nginx/proxy-confs/) and put the following block of code in a file names bitwarden.subdomain.conf.

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name vault.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 128M;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_bitwarden bitwarden;
        proxy_pass http://MYIP:PORT;
    }

    location /notifications/hub {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_bitwarden bitwarden;
        proxy_pass http://MYIP:PORT;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }

    location /notifications/hub/negotiate {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_bitwarden bitwarden;
        proxy_pass http://MYIP:PORT;
    }

}

Make sure you change MYIP with your NAS IP address, and PORT with the port you have set up for reverse proxy in your docker creation command (in this case 9080).

Once this is done and the file is saved, restart the Let's Encrypt container with the command docker restart letsencrypt.

Sign up for more like this.

Enter your email
Subscribe