On-Premise hosting -> Synology -> Android app connection error

Hey folks,
i have recently deployed bitwarden on my Synology NAS in Docker.
Unfortunaltly it was not really as simple as mostly described.
It’s a long list of trouble i had, but I am gonna try to keep it short.

What i want to achieve:

  1. [SOLVED!] I’d like to host bitwarden on my Synology NAS (DS1515+, 8GB RAM)
  2. An self-updating Let’s Encrypt SSL certificate
  3. Bitwarden reachable via my own domain (-bitwarden.domain.com)
  4. [SOLVED!] Using the Bitwarden android app to connect to my NAS (disabling IPv6 for DDNS, fixed it)
  5. [SOLVED!, SOMEWHAT] Reaching Bitwarden via https://bitwarden.domain.com without appending a port no. (not possible due to security reason and used ports)

What i have achieved so far:

  1. I have successfully deployed Bitwarden on my NAS
  2. I can reach it over the internet using browsers on Windows and Android, aswell as the Windows app via hxxps://bitwarden.domain.com:3443/#
  3. SSL certificate is generated via Synology Control Panel/Certificate and manually imported into bwdata/ssl/bitwarden.domain.com/
  4. SSL certificate is being shown as trusted on all browsers i have tested.
  5. Set up NGINX to use custom ports 3443 and 5080 and forwarded them on my Router (Fritz!Box 7490) to my NAS

What is currently NOT working, may or may not be the problem.

  1. default ports 80/443 being used/blocked by the NAS itself, resulting in trouble by generating a SSL certificate during Bitwarden installation.

  2. SSL Certificate is not trusted (broken certificate chain?) → When i check my domain via hxxps://digicert.com i get the following result:

    Certificate does not match name -bitwarden.domain.com
    Subject -bitwarden.synology.me (which is my DDNS)
    Valid from 16/Feb/2017 to 15/Jan/2038
    Issuer -bitwarden.synology.me (which is my DDNS)
    SSL Certificate is not trusted
    The certificate is not signed by a trusted authority (checking against Mozilla’s root store).
    If you bought the certificate from a trusted authority, you probably just need to install one or more
    Intermediate certificates. Contact your certificate provider for assistance doing this for your server
    platform.

Background details about my stuff:

  1. I own the domain -bitwarden.domain.com which has a CNAME record pointing to my existing DDNS record of my Synology.
    (i.e. -bitwarden.domain.com CNAME -bitwarden.synology.me)
  2. My NAS was already reachable via DDNS “-nas.synology.me” aswell as “-nas.domain.com” before deploying Bitwarden and installing docker.
  3. reverse proxy configuration: source: HTTPS | hostname: -bitwarden.domain.com | port: 443 — Destination: HTTPS | Hostname: localhost | port: 3443

I hope you might help me somehow or point me at least into the right direction. :wink:

Krowne

you can look at haproxy to be a frontend to all your various web enabled self hosted apps (docker or not).
That way you enable HTTPS to your haproxy front end. Haproxy wil relay traffic to your internal server in http. that is my config and it was working with a lot of web applications before i added bitwarden to the pool…send me a PM if you need more help

Hey sabimimi,
thank you for the tip and your reply, i am gonna check it out.

I have the same problem on my synology. what is the solution to the problem?

Hey Gitsko,

I have the same problem on my synology. what is the solution to the problem?

You mean you cant access your self hosted vault via app?
If so then try to disable IPv6 routing in your DDNS Control Panel.

At least it worked for me, because my ISP hast not enabled IPv6 for private users yet.

ok ithink i have a other problem, i have also install bitwarden on my synology nas, the docker container starts and i see no problem but thw frontend dont show anything and i have a timeout.

Can you pls help me ?

There is a issue on Github https://github.com/bitwarden/server/issues/253

bitwarden server has been deprecated and changed to vaultwarden.server on the docker registry. Hope that helps

So that there is no confusion with people reading this thread, vaultwarden is NOT a Bitwarden product. It is written by a different developer in an entirely different language, although it is designed to look and behave very similarly to the actual Bitwarden server. Many people don’t understand that knock-offs like vaultwarden or bitwarden_rs are NOT designed, distributed or supported by Bitwarden Inc. You also store your secrets in vaultwarden at your own risk - it does NOT have the same security standards that Bitwarden products do.

so which version do you use? Which was my original question. That is why I am asking. For precisely what you just described. I knew all of that already.

Maybe you should change what you wrote then, @Pnelsond8 . Bitwarden server is definitely NOT deprecated nor was it ever changed to vaultwarden.

I use the standard BW server on a Docker stack within a Linux box, not on a Synology unit. The standard BW server software is only supported on x86/AMD64 chipsets, not ARM, which most home Synology users are probably running.

The other option is the new Bitwarden Unified server, which does run on ARM, and is currently in a beta release (reportedly very stable, but not for enterprise or production environments just yet). Here are some links:

I think the miscommunication was the fact that there is a bitwarden server on docker called the same name as the official bitwarden server from bitwarden. No offense, but the hostile tone isn’t necessary. I’m looking for helpful info from the community, not aggression.

Sounds like copyright infringement.

Hey Paul,

You may instead be thinking of Bitwarden_RS (aka written in Rust) which is the previous name of the Vaultwarden project.
https://hub.docker.com/r/bitwardenrs/server
The project was renamed due in part to prevent any user confusion between the two and further separate the offical release from the unofficial 3rd party rewrite.

As you can see the image in docker hub is not the same name but instead bitwardenrs and released from the bitwardenrs developer and not the Official Bitwarden docker repo.

I believe David was simply trying to clarify the point further for any users who may reference this posting in the future as there have been a sub-set of users who are not aware of the differences between the two.

1 Like