On-Premise hosting -> Synology -> Android app connection error

Ask the Community Password Manager
1

Hey folks,
i have recently deployed bitwarden on my Synology NAS in Docker.
Unfortunaltly it was not really as simple as mostly described.
It’s a long list of trouble i had, but I am gonna try to keep it short.

What i want to achieve:

  1. [SOLVED!] I’d like to host bitwarden on my Synology NAS (DS1515+, 8GB RAM)
  2. An self-updating Let’s Encrypt SSL certificate
  3. Bitwarden reachable via my own domain (-bitwarden.domain.com)
  4. [SOLVED!] Using the Bitwarden android app to connect to my NAS (disabling IPv6 for DDNS, fixed it)
  5. [SOLVED!, SOMEWHAT] Reaching Bitwarden via https://bitwarden.domain.com without appending a port no. (not possible due to security reason and used ports)

What i have achieved so far:

  1. I have successfully deployed Bitwarden on my NAS
  2. I can reach it over the internet using browsers on Windows and Android, aswell as the Windows app via hxxps://bitwarden.domain.com:3443/#
  3. SSL certificate is generated via Synology Control Panel/Certificate and manually imported into bwdata/ssl/bitwarden.domain.com/
  4. SSL certificate is being shown as trusted on all browsers i have tested.
  5. Set up NGINX to use custom ports 3443 and 5080 and forwarded them on my Router (Fritz!Box 7490) to my NAS

What is currently NOT working, may or may not be the problem.

  1. default ports 80/443 being used/blocked by the NAS itself, resulting in trouble by generating a SSL certificate during Bitwarden installation.

  2. SSL Certificate is not trusted (broken certificate chain?) → When i check my domain via hxxps://digicert.com i get the following result:

    Certificate does not match name -bitwarden.domain.com
    Subject -bitwarden.synology.me (which is my DDNS)
    Valid from 16/Feb/2017 to 15/Jan/2038
    Issuer -bitwarden.synology.me (which is my DDNS)
    SSL Certificate is not trusted
    The certificate is not signed by a trusted authority (checking against Mozilla’s root store).
    If you bought the certificate from a trusted authority, you probably just need to install one or more
    Intermediate certificates. Contact your certificate provider for assistance doing this for your server
    platform.

Background details about my stuff:

  1. I own the domain -bitwarden.domain.com which has a CNAME record pointing to my existing DDNS record of my Synology.
    (i.e. -bitwarden.domain.com CNAME -bitwarden.synology.me)
  2. My NAS was already reachable via DDNS “-nas.synology.me” aswell as “-nas.domain.com” before deploying Bitwarden and installing docker.
  3. reverse proxy configuration: source: HTTPS | hostname: -bitwarden.domain.com | port: 443 — Destination: HTTPS | Hostname: localhost | port: 3443

I hope you might help me somehow or point me at least into the right direction. :wink:

Krowne