On-Premise hosting -> Synology -> Android app connection error

Hey folks,
i have recently deployed bitwarden on my Synology NAS in Docker.
Unfortunaltly it was not really as simple as mostly described.
It’s a long list of trouble i had, but I am gonna try to keep it short.

What i want to achieve:

  1. [SOLVED!] I’d like to host bitwarden on my Synology NAS (DS1515+, 8GB RAM)
  2. An self-updating Let’s Encrypt SSL certificate
  3. Bitwarden reachable via my own domain (-bitwarden.domain.com)
  4. [SOLVED!] Using the Bitwarden android app to connect to my NAS (disabling IPv6 for DDNS, fixed it)
  5. [SOLVED!, SOMEWHAT] Reaching Bitwarden via https://bitwarden.domain.com without appending a port no. (not possible due to security reason and used ports)

What i have achieved so far:

  1. I have successfully deployed Bitwarden on my NAS
  2. I can reach it over the internet using browsers on Windows and Android, aswell as the Windows app via hxxps://bitwarden.domain.com:3443/#
  3. SSL certificate is generated via Synology Control Panel/Certificate and manually imported into bwdata/ssl/bitwarden.domain.com/
  4. SSL certificate is being shown as trusted on all browsers i have tested.
  5. Set up NGINX to use custom ports 3443 and 5080 and forwarded them on my Router (Fritz!Box 7490) to my NAS

What is currently NOT working, may or may not be the problem.

  1. default ports 80/443 being used/blocked by the NAS itself, resulting in trouble by generating a SSL certificate during Bitwarden installation.

  2. SSL Certificate is not trusted (broken certificate chain?) --> When i check my domain via hxxps://digicert.com i get the following result:

    Certificate does not match name -bitwarden.domain.com
    Subject -bitwarden.synology.me (which is my DDNS)
    Valid from 16/Feb/2017 to 15/Jan/2038
    Issuer -bitwarden.synology.me (which is my DDNS)
    SSL Certificate is not trusted
    The certificate is not signed by a trusted authority (checking against Mozilla’s root store).
    If you bought the certificate from a trusted authority, you probably just need to install one or more
    Intermediate certificates. Contact your certificate provider for assistance doing this for your server
    platform.

Background details about my stuff:

  1. I own the domain -bitwarden.domain.com which has a CNAME record pointing to my existing DDNS record of my Synology.
    (i.e. -bitwarden.domain.com CNAME -bitwarden.synology.me)
  2. My NAS was already reachable via DDNS “-nas.synology.me” aswell as “-nas.domain.com” before deploying Bitwarden and installing docker.
  3. reverse proxy configuration: source: HTTPS | hostname: -bitwarden.domain.com | port: 443 — Destination: HTTPS | Hostname: localhost | port: 3443

I hope you might help me somehow or point me at least into the right direction. :wink:

Krowne

you can look at haproxy to be a frontend to all your various web enabled self hosted apps (docker or not).
That way you enable HTTPS to your haproxy front end. Haproxy wil relay traffic to your internal server in http. that is my config and it was working with a lot of web applications before i added bitwarden to the pool…send me a PM if you need more help

Hey sabimimi,
thank you for the tip and your reply, i am gonna check it out.

I have the same problem on my synology. what is the solution to the problem?

Hey Gitsko,

I have the same problem on my synology. what is the solution to the problem?

You mean you cant access your self hosted vault via app?
If so then try to disable IPv6 routing in your DDNS Control Panel.

At least it worked for me, because my ISP hast not enabled IPv6 for private users yet.

ok ithink i have a other problem, i have also install bitwarden on my synology nas, the docker container starts and i see no problem but thw frontend dont show anything and i have a timeout.

Can you pls help me ?

You should start a new thread for that matter, then.
Since i am still hoping to get some help for my problems mentioned above. (the SSL part mainly) :wink:

Check these guides, maybe there is already something you missed and that might possibly help you:

hxxps://forum.synology.com/enu/viewtopic.php?t=146054

hxxps://xpenology.com/forum/topic/12455-bitwarden-self-hosted-password-manager-on-docker/

There is a issue on Github https://github.com/bitwarden/server/issues/253