I am trying to setup bitwarden on docker using portainer (single host). The host OS is AlmaLinux 9.x with SELinux in enforcing mode. I am getting the following error:
[user@host ~]$ ./bitwarden.sh install
_ _ _ _
| |__ (_) |___ ____ _ _ __ __| | ___ _ __
| '_ \| | __\ \ /\ / / _` | '__/ _` |/ _ \ '_ \
| |_) | | |_ \ V V / (_| | | | (_| | __/ | | |
|_.__/|_|\__| \_/\_/ \__,_|_| \__,_|\___|_| |_|
Open source password management solutions
Copyright 2015-2023, 8bit Solutions LLC
===================================================
bitwarden.sh version 2023.2.1
Docker version 20.10.23, build 7155243
Docker Compose version v2.16.0
(!) Enter the domain name for your Bitwarden instance (ex. bitwarden.example.com): bitwarden.satellite5.us
(!) Do you want to use Let's Encrypt to generate a free SSL certificate? (y/n): n
(!) Enter the database name for your Bitwarden instance (ex. vault): bitwarden_db
2023.2.1: Pulling from bitwarden/setup
Digest: sha256:a9b9ae952fe44f47236b1b97072569a0f5774129a391e3be026334928bc395eb
Status: Image is up to date for bitwarden/setup:2023.2.1
docker.io/bitwarden/setup:2023.2.1
mkdir: cannot create directory '/bitwarden/docker': Permission denied
mkdir: cannot create directory '/bitwarden/ssl': Permission denied
mkdir: cannot create directory '/bitwarden/letsencrypt': Permission denied
mkdir: cannot create directory '/bitwarden/identity': Permission denied
mkdir: cannot create directory '/bitwarden/nginx': Permission denied
mkdir: cannot create directory '/bitwarden/ca-certificates': Permission denied
chown: cannot read directory '/bitwarden': Permission denied
(!) Enter your installation id (get at https://bitwarden.com/host): 58875ea1-fb7b-4b91-9158-afc4002b9c4e
(!) Enter your installation key: eEpURoEI0Vjbs59UJXHE
(!) Do you have a SSL certificate to use? (y/n): n
(!) Do you want to generate a self-signed SSL certificate? (y/n): y
Unhandled exception. System.UnauthorizedAccessException: Access to the path '/bitwarden/ssl/self/bitwarden.satellite5.us/' is denied.
---> System.IO.IOException: Permission denied
--- End of inner exception stack trace ---
at System.IO.FileSystem.CreateDirectory(String fullPath)
at System.IO.Directory.CreateDirectory(String path)
at Bit.Setup.CertBuilder.BuildForInstall() in /home/runner/work/server/server/util/Setup/CertBuilder.cs:line 42
at Bit.Setup.Program.Install() in /home/runner/work/server/server/util/Setup/Program.cs:line 95
at Bit.Setup.Program.Main(String[] args) in /home/runner/work/server/server/util/Setup/Program.cs:line 52
[user@host ~]$
Not sure why it is failing.
I am no expert here… But this looks like a permission issue to me. Did you follow the doco Search results | Bitwarden ?
Did you run the install as the bitwarden user? I would revisit the above doco and ensure you have completed all steps. Once you have done this you could try manually creating a directory to see if you get any errors before re-running the install.
You may also want to edit your post and anonymize host names, installation ID & key etc.
2 Likes
Removed all the data and files. Re-downloaded and generated new install id and key.
[ameyer@docker9000 ~]$ rm -rf bitwarden.sh bwdata
[ameyer@docker9000 ~]$ ls -la
total 43832
drwx------. 9 ameyer ameyer 4096 Mar 13 09:41 .
drwxr-xr-x. 5 root root 65 Mar 12 21:51 ..
-rw-------. 1 ameyer ameyer 20207 Mar 13 09:37 .bash_history
-rw-r--r--. 1 ameyer ameyer 18 Oct 14 11:58 .bash_logout
-rw-r--r--. 1 ameyer ameyer 141 Oct 14 11:58 .bash_profile
-rw-r--r--. 1 ameyer ameyer 492 Oct 14 11:58 .bashrc
drwx------. 3 ameyer ameyer 18 Feb 8 11:44 .config
-rwxr-xr-x. 1 ameyer ameyer 20254720 Feb 28 23:28 kompose
-rw-------. 1 ameyer ameyer 20 Mar 10 11:32 .lesshst
-rw-r--r--. 1 ameyer ameyer 24550248 Feb 13 11:23 main
drwxr-xr-x. 11 ameyer ameyer 4096 Mar 8 20:23 netbox-docker
drwxr-xr-x. 25 ameyer ameyer 4096 Feb 13 11:57 rundeck
drwxr-xr-x. 2 ameyer ameyer 4096 Feb 28 23:30 rundeck-kubernetes
drwxr-xr-x. 24 ameyer ameyer 4096 Feb 10 16:35 rundeck-main
drwx------. 2 ameyer ameyer 29 Jan 26 22:17 .ssh
-rw-------. 1 ameyer ameyer 13960 Mar 12 21:45 .viminfo
-rw-r--r--. 1 ameyer ameyer 174 Feb 13 11:23 .wget-hsts
[ameyer@docker9000 ~]$ curl -Lso bitwarden.sh "https://func.bitwarden.com/api/dl/?app=self-host&platform=linux" && chmod 700 bitwarden.sh
[ameyer@docker9000 ~]$ ls -la bitwarden.sh
-rwx------. 1 ameyer ameyer 4443 Mar 13 09:41 bitwarden.sh
[ameyer@docker9000 ~]$
Tried the install again. I even tried creating the folder structure myself.
[ameyer@docker9000 ~]$ rm -rf bwdata/
[ameyer@docker9000 ~]$ mkdir -pv ~/bitwarden/{docker,ssl,letsencrypt,identity,nginx,ca-certificates}
mkdir: created directory '/home/ameyer/bitwarden'
mkdir: created directory '/home/ameyer/bitwarden/docker'
mkdir: created directory '/home/ameyer/bitwarden/ssl'
mkdir: created directory '/home/ameyer/bitwarden/letsencrypt'
mkdir: created directory '/home/ameyer/bitwarden/identity'
mkdir: created directory '/home/ameyer/bitwarden/nginx'
mkdir: created directory '/home/ameyer/bitwarden/ca-certificates'
[ameyer@docker9000 ~]$
[ameyer@docker9000 ~]$ ./bitwarden.sh install
_ _ _ _
| |__ (_) |___ ____ _ _ __ __| | ___ _ __
| '_ \| | __\ \ /\ / / _` | '__/ _` |/ _ \ '_ \
| |_) | | |_ \ V V / (_| | | | (_| | __/ | | |
|_.__/|_|\__| \_/\_/ \__,_|_| \__,_|\___|_| |_|
Open source password management solutions
Copyright 2015-2023, 8bit Solutions LLC
https://bitwarden.com, https://github.com/bitwarden
===================================================
bitwarden.sh version 2023.2.1
Docker version 20.10.23, build 7155243
Docker Compose version v2.16.0
(!) Enter the domain name for your Bitwarden instance (ex. bitwarden.example.com): MY-HOSTNAME
(!) Do you want to use Let's Encrypt to generate a free SSL certificate? (y/n): n
(!) Enter the database name for your Bitwarden instance (ex. vault): bitwardendb
2023.2.1: Pulling from bitwarden/setup
Digest: sha256:a9b9ae952fe44f47236b1b97072569a0f5774129a391e3be026334928bc395eb
Status: Image is up to date for bitwarden/setup:2023.2.1
docker.io/bitwarden/setup:2023.2.1
mkdir: cannot create directory '/bitwarden/docker': Permission denied
mkdir: cannot create directory '/bitwarden/ssl': Permission denied
mkdir: cannot create directory '/bitwarden/letsencrypt': Permission denied
mkdir: cannot create directory '/bitwarden/identity': Permission denied
mkdir: cannot create directory '/bitwarden/nginx': Permission denied
mkdir: cannot create directory '/bitwarden/ca-certificates': Permission denied
chown: cannot read directory '/bitwarden': Permission denied
(!) Enter your installation id (get at https://bitwarden.com/host): MY-INSTALL-ID
(!) Enter your installation key: MY-INSTALL-KEY
(!) Do you have a SSL certificate to use? (y/n): n
(!) Do you want to generate a self-signed SSL certificate? (y/n): y
Unhandled exception. System.UnauthorizedAccessException: Access to the path '/bitwarden/ssl/self/bitwarden.satellite5.us/' is denied.
---> System.IO.IOException: Permission denied
--- End of inner exception stack trace ---
at System.IO.FileSystem.CreateDirectory(String fullPath)
at System.IO.Directory.CreateDirectory(String path)
at Bit.Setup.CertBuilder.BuildForInstall() in /home/runner/work/server/server/util/Setup/CertBuilder.cs:line 42
at Bit.Setup.Program.Install() in /home/runner/work/server/server/util/Setup/Program.cs:line 95
at Bit.Setup.Program.Main(String[] args) in /home/runner/work/server/server/util/Setup/Program.cs:line 52
[ameyer@docker9000 ~]$
Installation should be carried out by the “bitwarden” user from the /opt/bitwarden directory. Are you doing that? It looks like you are using a user “ameyer” and not “bitwarden”…?
MUST it be bitwarden user?
I just created the bitwarden user with a home folder of /opt/bitwarden and download the install file there and ran through the installation. I got the SAME error.
[bitwarden@docker9000 ~]$ ./bitwarden.sh install
_ _ _ _
| |__ (_) |___ ____ _ _ __ __| | ___ _ __
| '_ \| | __\ \ /\ / / _` | '__/ _` |/ _ \ '_ \
| |_) | | |_ \ V V / (_| | | | (_| | __/ | | |
|_.__/|_|\__| \_/\_/ \__,_|_| \__,_|\___|_| |_|
Open source password management solutions
Copyright 2015-2023, 8bit Solutions LLC
https://bitwarden.com, https://github.com/bitwarden
===================================================
bitwarden.sh version 2023.2.1
Docker version 20.10.23, build 7155243
Docker Compose version v2.16.0
(!) Enter the domain name for your Bitwarden instance (ex. bitwarden.example.com): hostname
(!) Do you want to use Let's Encrypt to generate a free SSL certificate? (y/n): n
(!) Enter the database name for your Bitwarden instance (ex. vault): DB_NAME
2023.2.1: Pulling from bitwarden/setup
Digest: sha256:a9b9ae952fe44f47236b1b97072569a0f5774129a391e3be026334928bc395eb
Status: Image is up to date for bitwarden/setup:2023.2.1
docker.io/bitwarden/setup:2023.2.1
mkdir: cannot create directory '/bitwarden/docker': Permission denied
mkdir: cannot create directory '/bitwarden/ssl': Permission denied
mkdir: cannot create directory '/bitwarden/letsencrypt': Permission denied
mkdir: cannot create directory '/bitwarden/identity': Permission denied
mkdir: cannot create directory '/bitwarden/nginx': Permission denied
mkdir: cannot create directory '/bitwarden/ca-certificates': Permission denied
chown: changing ownership of '/bitwarden/scripts/run.sh': Permission denied
chown: changing ownership of '/bitwarden/scripts': Permission denied
chown: changing ownership of '/bitwarden/env/uid.env': Permission denied
chown: changing ownership of '/bitwarden/env': Permission denied
chown: changing ownership of '/bitwarden': Permission denied
(!) Enter your installation id (get at https://bitwarden.com/host):
(!) Enter your installation key:
(!) Do you have a SSL certificate to use? (y/n): n
(!) Do you want to generate a self-signed SSL certificate? (y/n): y
Unhandled exception. System.UnauthorizedAccessException: Access to the path '/bitwarden/ssl/self/bitwarden.satellite5.us/' is denied.
---> System.IO.IOException: Permission denied
--- End of inner exception stack trace ---
at System.IO.FileSystem.CreateDirectory(String fullPath)
at System.IO.Directory.CreateDirectory(String path)
at Bit.Setup.CertBuilder.BuildForInstall() in /home/runner/work/server/server/util/Setup/CertBuilder.cs:line 42
at Bit.Setup.Program.Install() in /home/runner/work/server/server/util/Setup/Program.cs:line 95
at Bit.Setup.Program.Main(String[] args) in /home/runner/work/server/server/util/Setup/Program.cs:line 52
[bitwarden@docker9000 ~]$
I assume you followed all the other steps in the doc? Add the user to the docker group, change permissions on the /opt/bitwarden/ directory etc etc?
If so, then I am at a loss… Hopefully, someone else will come along with an idea or two. Failing that you could always contact support.
Yes. Creating the new user gave the appropriate permissions and then I added the new to the docker group.