30-04-2021

Bitwarden Apache



Hello all,
I have bitwarden-rs running for some time now. And my family and me are happy with this.
But I had another look at the wiki for changes and I’m not sure anymore if I have setup fail2ban in the right way.

Bitwarden_rs Apache

Could someone have a look at these settings, and advise me?

Bitwarden Apache

In /etc/Apache2/sites-available/subdomain.domain.com-le-ssl.conf
#added for bitwarden
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /notifications/hub(.*) ws://localhost:3012/$1 [P,L]
ProxyPass / http://localhost:9011/
SSLProxyEngine on
ProxyPreserveHost On
ProxyRequests Off
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
#till here bitwarden

Apache

/etc/fail2ban/jail.d/bitwarden.local
[bitwarden]
enabled = true
port = 80,443,8081,9011
filter = bitwarden
#action = iptables-allports[name=bitwarden, chain=FORWARD]
banaction = %(banaction_allports)s
logpath = /bw-data/bitwarden.log
maxretry = 3
bantime = 14400
findtime = 14400

Bitwarden apache2

On the wiki I see this:

Note: Docker uses the FORWARD chain instead of the default INPUT chain. Therefore replace the banaction line with the following action when using Docker:
action = iptables-allports[name=bitwarden_rs, chain=FORWARD]

Bitwarden behind reverse proxy apache ubuntu 18.04: Bitwarden 17.9k members in the Bitwarden community. Bitwarden is an open source password management platform for individuals, teams, and business organizations. Press J to jump to the feed. I have an Apache2 server for my cloud and Collaboraonline(with Apache reverse proxy) and now I've tried to install Bitwarden on my server(self-hosted) but there is one problem, in the Bitwarden docker is already Nginx as webserver and if I will start Bitwarden, Nginx failed to start on port 0.0.0.0:443, cause my Apache server already listing on this port. The Bitwarden Vulnerability Disclosure Program enlists the help of the hacker community at HackerOne to make Bitwarden more secure. HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. Bitwarden Vault Security. Since all of your data is fully encrypted before it ever leaves your device, only you have access to it. Not even the team at Bitwarden can read your data, even if we wanted to. Your data is sealed with end-to-end AES-256 bit encryption, salted hashing, and PBKDF2 SHA-256. Learn more about Bitwarden security.

NOTE: Do not use this if you use a reverse proxy before Docker container. If proxy, like apache2 or nginx is used, use the ports of the proxy and do not use chain=FORWARD, only when using Docker without proxy!

Bitwarden Docker Apache

Is the banaction line in jail.d okay then? Or should I use: action = iptables-allports[name=bitwarden
without the “chain=FORWARD]” part?