Skip to content

Latest commit

 

History

History
159 lines (136 loc) · 5.43 KB

README.md

File metadata and controls

159 lines (136 loc) · 5.43 KB

homecloud_local

Running nextcloud + traefik + bitwarden on localhost with docker

Prerequisites

  1. Install git (bash or powershell)
  2. Docker and Docker Compose installed and running on machine
  3. Get an installation id and key from bitwarden.com/host
  4. Get a Sendgrid Account at sendgrid.com
  5. Create network traefik on docker:
docker network create traefik

installation and configuration bitwarden

  1. Clone files from this repo:
git clone https://github.com/benjaminpreiss/homecloud_local.git
  1. Download bitwarden install script (make sure that it is downloaded to the same directory as nextcloud-docker-compose.yml):

    • bash:
    curl -Lso bitwarden.sh https://go.btwrdn.co/bw-sh \
    && chmod +x bitwarden.sh
    
    • powershell:
    Invoke-RestMethod -OutFile bitwarden.ps1 `
        -Uri https://go.btwrdn.co/bw-ps
    
  2. Install bitwarden via script and complete Prompts in the installer. Press Enter without specifying a domain. Decline the questions regarding certificates. Enter your installation id and key.

    • bash:
    ./bitwarden.sh install
    
    • powershell:
    .\bitwarden.ps1 -install
    
  3. Adjust ./bwdata/config.yml:

    • http_port: 8090
    • https_port: 8443
  4. Adjust ./bwdata/env/global.override.env to configure SMTP mail server settings, YubiKey OTP API credentials, HaveIBeenPwned (HIBP) breach report API key, etc. Most importantly these lines (replace smtp settings with data from your sendgrid account, otherwise account creation won't work):

globalSettings__baseServiceUri__vault=https://bitwarden.localhost
globalSettings__baseServiceUri__api=https://bitwarden.localhost/api
globalSettings__baseServiceUri__identity=https://bitwarden.localhost/identity
globalSettings__baseServiceUri__admin=https://bitwarden.localhost/admin
globalSettings__baseServiceUri__notifications=https://bitwarden.localhost/notifications
...
globalSettings__attachment__baseUrl=https://bitwarden.localhost/attachments
...
globalSettings__mail__replyToEmail=****@****.***
globalSettings__mail__smtp__host=smtp.sendgrid.net
globalSettings__mail__smtp__port=587
globalSettings__mail__smtp__ssl=false
globalSettings__mail__smtp__username=apikey
globalSettings__mail__smtp__password=***********
  1. Create docker-compose.override.yml at ./bwdata/docker/docker-compose.override.yml:
version: '3'

services:
  nginx:
    labels:
      - traefik.enable=true
      - traefik.docker.network=traefik
      
      # http service and router for bitwarden
      - traefik.http.routers.bitwarden_router_http.entryPoints=web
      - traefik.http.routers.bitwarden_router_http.service=bitwarden_service_http
      - traefik.http.routers.bitwarden_router_http.rule=Host("bitwarden.localhost")
      - traefik.http.services.bitwarden_service_http.loadbalancer.server.port=8080
      
      # https service and router for bitwarden
      - traefik.http.routers.bitwarden_router_https.entryPoints=websecure
      - traefik.http.routers.bitwarden_router_https.tls=true
      - traefik.http.routers.bitwarden_router_https.service=bitwarden_service_https
      - traefik.http.routers.bitwarden_router_https.rule=Host("bitwarden.localhost")
      - "traefik.http.routers.bitwarden_router_https.tls.certresolver=myresolver"
      - traefik.http.services.bitwarden_service_https.loadbalancer.server.port=8080

      # permanent http to https redirect
      - traefik.http.routers.bitwarden_router_http.middlewares=bitwarden_https_redirect
      - traefik.http.middlewares.bitwarden_https_redirect.redirectscheme.scheme=https
      - traefik.http.middlewares.bitwarden_https_redirect.redirectscheme.permanent=true
    networks:
      - traefik
      - default

networks:
  traefik:
    external: true
  1. Rebuild bitwarden:
    • bash:
    ./bitwarden.sh rebuild
    
    • powershell:
    .\bitwarden.ps1 -rebuild
    

Configuration nextcloud

  1. Adjust passwords and usernames in ./db.env
  2. Make sure nextcloud-docker-compose.yml is located at ./

Configuration traefik

  1. Make sure traefik-docker-compose.yml is located at ./

Start containers

  1. Start bitwarden:
    • bash:
    ./bitwarden.sh start
    
    • powershell:
    .\bitwarden.ps1 -start
    
  2. Start nextcloud:
docker-compose -f ./nextcloud-docker-compose.yml up -d
  1. Start traefik:
docker-compose -f ./traefik-docker-compose.yml up -d

Access

Now you should be able to access

The browser will try to keep you from accessing bitwarden.localhost and nextcloud.localhost, because of invalid certificates. Nevertheless you can insist on entering the page and ignore the warnings about security.


Credits

Most of this I didn't find out by myself. It is a compilation of findings from