...
 
Commits (2)
......@@ -5,9 +5,11 @@
"description": "file://DESCRIPTION.md",
"changelog": "file://CHANGELOG",
"tagline": "Rust implementation of the Bitwarden API",
"version": "0.1.4",
"version": "0.2.0",
"healthCheckPath": "/healthcheck",
"httpPort": 80,
"optionalSso": true,
"postInstallMessage": "<sso>Any users with access should automatically receive an invite and be able to register for their own accounts. They will need to create a new password for this application due to client side encryption requirements. You can manage the server through the admin interface at `/admin`</sso><nosso>On initial creation, no users will have access to the server. You must visit `/admin` and invite any users that you wish to have access.</nosso> You can find your admin token in the logs for the application when it starts up.",
"addons": {
"ldap": {},
"localstorage": {},
......
......@@ -48,8 +48,6 @@ ENV ROCKET_WORKERS=10
ENV DATA_FOLDER=/app/data
ENV CONFIG_FILE=/app/data/config.json
ENV SIGNUPS_ALLOWED=false
ENV INVITATIONS_ALLOWED=true
ENV WEBSOCKET_ENABLED=true
RUN mkdir -p /app/data
......@@ -62,7 +60,7 @@ RUN rm /etc/apache2/sites-enabled/*
RUN sed -e 's,^ErrorLog.*,ErrorLog "|/bin/cat",' -i /etc/apache2/apache2.conf
RUN a2disconf other-vhosts-access-log
COPY apache.conf /etc/apache2/sites-enabled/bitwarden.conf
RUN a2enmod ldap authnz_ldap proxy proxy_http proxy_wstunnel rewrite
RUN a2enmod proxy proxy_http proxy_wstunnel rewrite
# Copies Bitwarden files from build images
COPY --from=vault /web-vault /app/code/web-vault
......
......@@ -13,8 +13,6 @@ ENV ROCKET_WORKERS=10
ENV DATA_FOLDER=/app/data
ENV CONFIG_FILE=/app/data/config.json
ENV SIGNUPS_ALLOWED=false
ENV INVITATIONS_ALLOWED=true
ENV WEBSOCKET_ENABLED=true
RUN mkdir -p /app/data
......@@ -27,7 +25,7 @@ RUN rm /etc/apache2/sites-enabled/*
RUN sed -e 's,^ErrorLog.*,ErrorLog "|/bin/cat",' -i /etc/apache2/apache2.conf
RUN a2disconf other-vhosts-access-log
COPY apache.conf /etc/apache2/sites-enabled/bitwarden.conf
RUN a2enmod ldap authnz_ldap proxy proxy_http proxy_wstunnel rewrite
RUN a2enmod proxy proxy_http proxy_wstunnel rewrite
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
......
......@@ -52,7 +52,7 @@ DOCKER_TAG := cloudron-app-bitwarden
# The latest version that this should be tagged as.
# This should equal whatver is in your `CloudronManifest.json` file. If you
# do not have `jq` installed, you should hard code this value.
VERSION := $(shell jq -r .version CloudronManifest.son || echo 'latest')
VERSION := $(shell jq -r .version CloudronManifest.json || echo 'latest')
# Full registry/repo/tag. This is used for pushing and pulling.
DOCKER_FULL := $(DOCKER_REGISTRY)/$(DOCKER_REPO)/$(DOCKER_TAG)
......
......@@ -13,25 +13,6 @@
ProxyErrorOverride Off
ProxyPass / http://127.0.0.1:3000/
<Location /admin>
AllowOverride None
Order deny,allow
Deny from All
AuthType Basic
AuthBasicProvider ldap
AuthName "Use your Cloudron admin account to login"
AuthLDAPURL ${CLOUDRON_LDAP_URL}/${CLOUDRON_LDAP_USERS_BASE_DN}?username?sub?(memberof=cn=admins,${CLOUDRON_LDAP_GROUPS_BASE_DN})
AuthLDAPBindDN "${CLOUDRON_LDAP_BIND_DN}"
AuthLDAPBindPassword "{CLOUDRON_LDAP_BIND_PASSWORD}"
Require valid-user
Satisfy any
ProxyPreserveHost On
ProxyErrorOverride Off
ProxyPass http://127.0.0.1:3000/admin/
</Location>
<Location /healthcheck>
Order allow,deny
Allow from all
......
......@@ -3,9 +3,12 @@ set -e
export ADMIN_TOKEN=$(cat /app/data/admin_token)
echo "=> Generate LDAP config"
# Generate ldap sync config from template
sed -e "s/##LDAP_SERVER/${CLOUDRON_LDAP_SERVER}/"\
if [ -z "${CLOUDRON_LDAP_SERVER}" ]; then
echo "=> SSO integration disabled. Skip LDAP invites"
else
echo "=> Generate LDAP config"
# Generate ldap sync config from template
sed -e "s/##LDAP_SERVER/${CLOUDRON_LDAP_SERVER}/"\
-e "s/##LDAP_PORT/${CLOUDRON_LDAP_PORT}/"\
-e "s/##LDAP_USERS_BASE_DN/${CLOUDRON_LDAP_USERS_BASE_DN}/"\
-e "s/##LDAP_BIND_DN/${CLOUDRON_LDAP_BIND_DN}/"\
......@@ -14,5 +17,6 @@ sed -e "s/##LDAP_SERVER/${CLOUDRON_LDAP_SERVER}/"\
-e "s/##ADMIN_TOKEN/${ADMIN_TOKEN}/"\
/app/code/ldap_config.template.toml > /run/ldap_config.toml
export CONFIG_PATH=/run/ldap_config.toml
exec /app/code/bitwarden_rs_ldap
export CONFIG_PATH=/run/ldap_config.toml
exec /app/code/bitwarden_rs_ldap
fi
......@@ -3,6 +3,8 @@
set -eu
echo "=> Exporting env vars expected by Bitwarden"
export SIGNUPS_ALLOWED=false
export INVITATIONS_ALLOWED=true
export DOMAIN=$CLOUDRON_APP_ORIGIN
export SMTP_HOST=$CLOUDRON_MAIL_SMTP_SERVER
export SMTP_FROM=$CLOUDRON_MAIL_FROM
......@@ -24,9 +26,12 @@ fi
export ADMIN_TOKEN=$(cat /app/data/admin_token)
echo "=> Admin token: ${ADMIN_TOKEN}"
echo "=> Generate LDAP config"
# Generate ldap sync config from template
sed -e "s/##LDAP_SERVER/${CLOUDRON_LDAP_SERVER}/"\
if [ -z "${CLOUDRON_LDAP_SERVER}" ]; then
echo "=> SSO integration disabled. No LDAP config to generate"
else
echo "=> Generate LDAP config"
# Generate ldap sync config from template
sed -e "s/##LDAP_SERVER/${CLOUDRON_LDAP_SERVER}/"\
-e "s/##LDAP_PORT/${CLOUDRON_LDAP_PORT}/"\
-e "s/##LDAP_USERS_BASE_DN/${CLOUDRON_LDAP_USERS_BASE_DN}/"\
-e "s/##LDAP_BIND_DN/${CLOUDRON_LDAP_BIND_DN}/"\
......@@ -34,6 +39,7 @@ sed -e "s/##LDAP_SERVER/${CLOUDRON_LDAP_SERVER}/"\
-e "s/##BITWARDEN_HOSTNAME/${CLOUDRON_APP_HOSTNAME}/"\
-e "s/##ADMIN_TOKEN/${ADMIN_TOKEN}/"\
/app/code/ldap_config.template.toml > /run/ldap_config.toml
fi
echo "=> Starting supervisord"
exec /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon -i Bitwarden