First of all thanks everyone in the team for this initiative, last year found out that even being .NetCore there was no image available for ARM (for setting it up on a Rasberry Pi) I thought on start working on that myself… When early on February picked up my intentions and found this was happening was a nice surprise (even though it chopped my brilliant idea for contributing).
So after some afternoons spread across a couple of weeks figuring out a few things (several unrelated to Bitwarden itself) I was able to get my unified instance up and running. Being this my first Bitwarden installation, process is not complex but I found two things that can be improved in the official install and deploy guide to ease onboarding:
-
SSL: both docker and docker compose examples only map port 80 and wrap it up with:
Congratulations! Your unified deployment is now up and running at
https://your.domain.com. Visit the web vault in your browser to confirm that it’s working. You may now register a new account and log in.The fact that SSL is required for the frontend to work properly is not mentioned until you get to the Environment Variables section, halfway the article.
Suggestion: include a list of prerequisites at the beginning of the guide so its easier to make sure you got all needed stuff (also considering what’s been mentioned in this thread regarding Letsencript integration). I guess having proposed deployment diagrams is not your intention (as there are many ways to achieve this) but might also help.
-
Email: similar to previous point, email configuration is shown way down in the guide and is not clear what’s is needed for. Based on my experience you might get away without configuring this at all, but even that is confusing as the application shows the link for sending the email verificatio (for instance) that can be used and process successfully showing green toast even sending email was impossible without the SMTP configured.
Suggestion: clarify which features require SMTP configured properly and explain what would happen if not set.
On top of that I have two feature requests that can be interesting for you to consider:
-
Support for secrets: nothing is mentioned in the documentation and I wandered a bit through the repository but found nothing that would allow an easy way to setup sensitive pieces of the configuration (like passwords and keys) through docker secrets. Guys from linuxerver.io have several flavours for implementing that in their images, for instance. I will give a try to write myself some kind of hack for this in my stack configuration, but having it in the image itself is gonna be better and safer for everyone.
-
Handling error when not served over https: right now when Bitwarden web app is loaded through http it seems to be perfect but when you try to use the registration it silently fails. Using browser’s developer console in the end can be seen that a null reference happened:
Cannot read properties of null (reading ‘importKey’)Rather than this, it could be clearer for the user setting this up if when loading web application over an http address the app itself shows a warning about this (depending on how affected is the frontend based on the lack of SSL maybe it can fail to load with a harsher message regarding the missing configuration)
I’m happy to write this in a more formal way in case you find this valuable.
Hope this helps. Cheers.