💻 Bitwarden Unified Beta (feedback thread)

It does look like Oracle has a EntityFrameworkCore provider and it even looks like they are keeping it pretty well updated so there is a path towards possibly being able to support it but before I would want to add support for it I will really like to see their source code for the provider be open sourced (maybe it is but I can’t find it) so if we run into issues we can possibly even help upstream the fixes and I would want to see that there would be significant usage of such database with Bitwarden.

So in that vain I would say make a full feature request here on the forums and if it has a lot of community support we can look into supporting it in the future.

I’ve restored your feature request here: Support Oracle Database as database backend for unified deployment

Dear community and Unified beta developers,
I’m very happy with the unified docker version. If I would open the site up to the internet, through reverse proxy, everyone could click CREATE ACCOUNT from the login page. As system owner, I would like to be able to grant and deny access to new users.

I know Vaultwarden has a possibility to disable that function, and the self-hosted version can also be configured to disable that.
I haven’t been able to find documentation on how to configure this for the Unified Beta; is it even possible?

In the settings.env file you should be able to add the line globalSettings__disableUserRegistration=true to disable user registration. The line might already exist and be commented out.

2 Likes

For future reference, I found the currently available options in the environment settings on github.
I must have overlooked the line containing ‘disableUserRegistration’ somehow…
Thanks, that works like a charm!
Since I use docker run, I added the following line to my command:
-e globalSettings__disableUserRegistration=true \

Feature name

  • custom email subject (suffix).

Feature function

  • Having a custom subject (suffix) for emails will improve on recognizing where the email came from and the validity of the emails.

I have set up bitwarden Unified twice (once with nginx/SSL and once with the unmodified docker-compose on port 80) but run into the same problem both times. I get to the login page fine, and click on “New around here? Create account”. I enter all my information as requested and click on “Create account” and… nothing. It doesn’t act like it is registering the click at all. It changes to a “hand” icon but there is no link shown when I hover over the “Create account” button. What am I missing? I can’t seem to do anything further.

1 Like

at the risk of sounding like I’m *******, I read the unified documentation page, and I don’t get it. what are the main differences between the standard unix self hosted install I did about a month ago and this new unified install? looks the same, afaik.

In my exoerience:
Difficulty of installation. Number of docker containers (only one, vs multiple in standard), external database like mysql is made possible (mssql docker is created in standard). Possibility to locate data wherever you want (docker volume, vs /opt/bitwarden).
Unified is more for the tech enthusiast. For example, it’s now easier to install it to a Synology server. When I installed the selfhosted version in /opt, the system partition was full, resulting in errors. That’s solved by switching to unified. (it may also be possible to move data to volume1 with standard selfhosted script somehow, but I didn’t make it that far)
Unified lowers the bar for selfhosting.

Hey Jeff, here is a summary:

  • Simplify configuration and optimize resource usage (CPU, memory) by deploying Bitwarden with a single Docker image.

  • Utilize different database solutions such as MSSQL, PostgreSQL, MySQL/MariaDB.

  • Run on ARM architecture for alternative systems such as Raspberry Pi and NAS servers.

More info here: https://bitwarden.com/help/install-and-deploy-unified-beta/

Hey,

I’ve successfully setup up my raspberry pi with bitwarden unified + mariadb.
Two questions:

  • Is or will sqlite be supported (found nothing in the documentation)?
  • How do I backup my data (also found nothing in the documentation)?
    Do I need to backup the whole /var/lib/docker/…/bitwarden_bitwarden and /…/bitwarden_data?

Thanks!

so for a 2nd grader (a trending way to explain things, lol) more complex to install but compatible with more hardware, and lighter weight? will it be packaged for synology? what I would like to see is an appliance that can be installed on proxmox or other hypervisors, or even better, why not just package it as a cloud optional desktop app like 1Password (where I came from).

You might like to check the post by MaddGDad, as he points a link where they configure it for a Synology NAS.

Hi, I never really used the old container setup but I now deployed the Unified container.
Using a mysql container on the side.

What I noticed and struggling with is that it seems that the Bitwarden container itself needs internet access to register the server ID and key. And also when creating users and such it wants to connect to e.g. https://identity.bitwarden.com
The “Create account” button hangs and gives an error when isolating the server from internet.

On-prem we would really like to isolate the Bitwarden server to be used on the private network only (we don’t need push notifications etc)
Is this possible ?

Hi, like I replied to the original post.
It seems that Bitwarden needs internet access to connect to certain services , like Create account
So your container needs outbound internet access

Thank you for supporting sqlite in the latest 2022.2 release! I moved my implementation from mysql to sqlite, and it works so much easier for small-scale implementations. Backup and recovery works like a charm, too, and is much more resource friendly.

I’m not sure about Leslie’s suggestion regarding internet access, but in my case I struggled a bit with the problem regarding account creation but when checking with the browser development tools I was able to narrow it down to problems regarding access without https (there are multiple threads discussing that, like this one for instance)

So instead of accessing the application directly, used a reverse proxy I’ve already setup with https support. Just doing that, everything went fine.

Hope this helps.

First of all thanks everyone in the team for this initiative, last year found out that even being .NetCore there was no image available for ARM (for setting it up on a Rasberry Pi) I thought on start working on that myself… When early on February picked up my intentions and found this was happening was a nice surprise (even though it chopped my brilliant idea for contributing).

So after some afternoons spread across a couple of weeks figuring out a few things (several unrelated to Bitwarden itself) I was able to get my unified instance up and running. Being this my first Bitwarden installation, process is not complex but I found two things that can be improved in the official install and deploy guide to ease onboarding:

  • SSL: both docker and docker compose examples only map port 80 and wrap it up with:

    Congratulations! Your unified deployment is now up and running at https://your.domain.com . Visit the web vault in your browser to confirm that it’s working. You may now register a new account and log in.

    The fact that SSL is required for the frontend to work properly is not mentioned until you get to the Environment Variables section, halfway the article.

    Suggestion: include a list of prerequisites at the beginning of the guide so its easier to make sure you got all needed stuff (also considering what’s been mentioned in this thread regarding Letsencript integration). I guess having proposed deployment diagrams is not your intention (as there are many ways to achieve this) but might also help.

  • Email: similar to previous point, email configuration is shown way down in the guide and is not clear what’s is needed for. Based on my experience you might get away without configuring this at all, but even that is confusing as the application shows the link for sending the email verificatio (for instance) that can be used and process successfully showing green toast even sending email was impossible without the SMTP configured.

    Suggestion: clarify which features require SMTP configured properly and explain what would happen if not set.

On top of that I have two feature requests that can be interesting for you to consider:

  • Support for secrets: nothing is mentioned in the documentation and I wandered a bit through the repository but found nothing that would allow an easy way to setup sensitive pieces of the configuration (like passwords and keys) through docker secrets. Guys from linuxerver.io have several flavours for implementing that in their images, for instance. I will give a try to write myself some kind of hack for this in my stack configuration, but having it in the image itself is gonna be better and safer for everyone.

  • Handling error when not served over https: right now when Bitwarden web app is loaded through http it seems to be perfect but when you try to use the registration it silently fails. Using browser’s developer console in the end can be seen that a null reference happened:

    Cannot read properties of null (reading ‘importKey’)
    

    Rather than this, it could be clearer for the user setting this up if when loading web application over an http address the app itself shows a warning about this (depending on how affected is the frontend based on the lack of SSL maybe it can fail to load with a harsher message regarding the missing configuration)

I’m happy to write this in a more formal way in case you find this valuable.

Hope this helps. Cheers.

On this topic you can look into the current waitlist for the Bitwarden Secrets manager beta which as I understand should be launching into beta soon.
Though I do not believe this will be supported for self-hosting just yet I would imagine eventually this would be worked in and eventually to the Unified Beta as well.

Oh dear!!! That’'s bold (and great)!

I wasn’t going that far… but just having a way to fill the environment variables out of the secrets being injected as files in /run/secrets. So rather than specifying in my compose something like:

    environment:
      # Database
      BW_DB_PROVIDER: mysql
      BW_DB_SERVER: dbserver
      BW_DB_DATABASE: db-name
      BW_DB_USERNAME: db-user
      BW_DB_PASSWORD: my-password-in-plain-text

Use:

    environment:
      # Database
      BW_DB_PROVIDER: mysql
      BW_DB_SERVER: dbserver
      BW_DB_DATABASE: db-name
      BW_DB_USERNAME: db-user
      FILE__BW_DB_PASSWORD: /var/run/db-password