...
 
Commits (20)
[0.1.0]
* Initial version
[0.1.3]
* update to upstream 1.9.0
[0.1.4]
* update to upstream 1.9.1
......@@ -5,20 +5,28 @@
"description": "file://DESCRIPTION.md",
"changelog": "file://CHANGELOG",
"tagline": "Rust implementation of the Bitwarden API",
"version": "0.1.1",
"version": "0.1.4",
"healthCheckPath": "/healthcheck",
"httpPort": 80,
"addons": {
"localstorage": {},
"ldap": {},
"localstorage": {},
"scheduler": {
"ldap_sync": {
"schedule": "*/5 * * * *",
"command": "/app/code/ldap_sync.sh"
}
},
"sendmail": {}
},
"manifestVersion": 1,
"manifestVersion": 2,
"minBoxVersion": "4.1.5",
"website": "https://github.com/dani-garcia/bitwarden_rs",
"contactEmail": "support@cloudron.io",
"icon": "file://logo.png",
"tags": [
"password"
],
"mediaLinks": [ ]
"minBoxVersion": "4.1.4",
"mediaLinks": [ "https://raw.githubusercontent.com/bitwarden/brand/master/screenshots/web-vault-macbook.png" ]
}
# FROM "bitwardenrs/server:1.9.1" as bitwarden
FROM "vividboarder/bitwarden_rs:mail-auth-over-insecure" as bitwarden
FROM "vividboarder/bitwarden_rs_ldap:alpine" as bitwarden_ldap
FROM cloudron/base:1.0.0@sha256:147a648a068a2e746644746bbfb42eb7a50d682437cead3c67c933c546357617
ENV ROCKET_ENV "staging"
......@@ -8,9 +12,7 @@ ENV CONFIG_FILE=/app/data/config.json
ENV SIGNUPS_ALLOWED=false
ENV INVITATIONS_ALLOWED=true
ENV DISABLE_ADMIN_TOKEN=true
ENV WEBSOCKET_ENABLED=false
# set to false, will need some apache config first
ENV WEBSOCKET_ENABLED=true
RUN mkdir -p /app/data
VOLUME /app/data
......@@ -21,16 +23,25 @@ EXPOSE 3012
RUN rm /etc/apache2/sites-enabled/*
RUN sed -e 's,^ErrorLog.*,ErrorLog "|/bin/cat",' -i /etc/apache2/apache2.conf
RUN a2disconf other-vhosts-access-log
ADD apache.conf /etc/apache2/sites-enabled/bitwarden.conf
RUN a2enmod ldap authnz_ldap proxy proxy_http rewrite
COPY apache.conf /etc/apache2/sites-enabled/bitwarden.conf
RUN a2enmod ldap authnz_ldap proxy proxy_http proxy_wstunnel rewrite
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
COPY --from=mprasil/bitwarden:1.8.0 /web-vault /app/code/web-vault
COPY --from=mprasil/bitwarden:1.8.0 /bitwarden_rs /app/code/
COPY --from=mprasil/bitwarden:1.8.0 /Rocket.toml /app/code/
COPY --from=bitwarden /web-vault /app/code/web-vault
COPY --from=bitwarden /bitwarden_rs /app/code/
COPY --from=bitwarden /Rocket.toml /app/code/
# Copy ldap sync utility
COPY --from=bitwarden_ldap /usr/local/bin/bitwarden_rs_ldap /app/code/
ENV RUST_BACKTRACE=1
# configure supervisor
ADD supervisor/ /etc/supervisor/conf.d/
RUN sed -e 's,^logfile=.*$,logfile=/run/supervisord.log,' -i /etc/supervisor/supervisord.conf
WORKDIR /app/code
ADD start.sh /app/code/start.sh
COPY start.sh /app/code/start.sh
COPY ldap_sync.sh /app/code/ldap_sync.sh
COPY ldap_config.template.toml /app/code/ldap_config.template.toml
CMD [ "/app/code/start.sh" ]
# Unpack vault assets
FROM alpine:3.10 as vault
RUN apk add --no-cache --upgrade \
curl \
tar
RUN mkdir /web-vault
WORKDIR /web-vault
# SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
ENV VAULT_VERSION "v2.11.0"
ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
RUN curl -L $URL | tar xz
RUN ls
# Build server binary
FROM rust:1.36 as build
RUN apt-get update && apt-get install -y \
--no-install-recommends \
curl \
tar \
libmariadb-dev \
&& rm -rf /var/lib/apt/lists/*
ENV BW_VERSION "master"
ENV URL "https://github.com/dani-garcia/bitwarden_rs/archive/${BW_VERSION}.tar.gz"
RUN curl -L $URL | tar xz
RUN mv /bitwarden_rs-$BW_VERSION /src
WORKDIR /src
RUN cargo build --features mysql --release
# Get ldap sync binary
FROM "vividboarder/bitwarden_rs_ldap:alpine" as bitwarden_ldap
FROM cloudron/base:1.0.0@sha256:147a648a068a2e746644746bbfb42eb7a50d682437cead3c67c933c546357617
ENV ROCKET_ENV "staging"
ENV ROCKET_PORT=3000
ENV ROCKET_WORKERS=10
ENV DATA_FOLDER=/app/data
ENV CONFIG_FILE=/app/data/config.json
ENV SIGNUPS_ALLOWED=false
ENV INVITATIONS_ALLOWED=true
ENV WEBSOCKET_ENABLED=true
RUN mkdir -p /app/data
VOLUME /app/data
EXPOSE 80
EXPOSE 3012
# configure apache
RUN rm /etc/apache2/sites-enabled/*
RUN sed -e 's,^ErrorLog.*,ErrorLog "|/bin/cat",' -i /etc/apache2/apache2.conf
RUN a2disconf other-vhosts-access-log
COPY apache.conf /etc/apache2/sites-enabled/bitwarden.conf
RUN a2enmod ldap authnz_ldap proxy proxy_http proxy_wstunnel rewrite
# Copies Bitwarden files from build images
COPY --from=vault /web-vault /app/code/web-vault
COPY --from=build /src/target/release/bitwarden_rs /app/code/
COPY --from=build /src/Rocket.toml /app/code/
COPY --from=bitwarden_ldap /usr/local/bin/bitwarden_rs_ldap /app/code/
ENV RUST_BACKTRACE=1
WORKDIR /app/code
COPY start.sh /app/code/start.sh
COPY ldap_sync.sh /app/code/ldap_sync.sh
COPY ldap_config.template.toml /app/code/ldap_config.template.toml
CMD [ "/app/code/start.sh" ]
......@@ -4,11 +4,14 @@
ErrorLog "/dev/stderr"
CustomLog "/dev/stdout" combined
<Location />
# rewrite websocket connections to its own endpoint
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://127.0.0.1:3012/$1 [P,L]
ProxyPreserveHost On
ProxyErrorOverride Off
ProxyPass http://127.0.0.1:3000/
</Location>
ProxyPass / http://127.0.0.1:3000/
<Location /admin>
AllowOverride None
......@@ -18,9 +21,9 @@
AuthType Basic
AuthBasicProvider ldap
AuthName "Use your Cloudron admin account to login"
AuthLDAPURL ${LDAP_URL}/${LDAP_USERS_BASE_DN}?username?sub?(memberof=cn=admins,${LDAP_GROUPS_BASE_DN})
AuthLDAPBindDN "${LDAP_BIND_DN}"
AuthLDAPBindPassword "{LDAP_BIND_PASSWORD}"
AuthLDAPURL ${CLOUDRON_LDAP_URL}/${CLOUDRON_LDAP_USERS_BASE_DN}?username?sub?(memberof=cn=admins,${CLOUDRON_LDAP_GROUPS_BASE_DN})
AuthLDAPBindDN "${CLOUDRON_LDAP_BIND_DN}"
AuthLDAPBindPassword "{CLOUDRON_LDAP_BIND_PASSWORD}"
Require valid-user
Satisfy any
......
bitwarden_url = "http://##BITWARDEN_HOSTNAME:3000"
bitwarden_admin_token = "##ADMIN_TOKEN"
ldap_host = "##LDAP_SERVER"
ldap_port = ##LDAP_PORT
ldap_bind_dn = "##LDAP_BIND_DN"
ldap_bind_password = "##LDAP_BIND_PASSWORD"
ldap_search_base_dn = "##LDAP_USERS_BASE_DN"
ldap_search_filter = "(&(objectClass=*)(uid=*))"
ldap_sync_loop = false
#! /bin/bash
set -e
export ADMIN_TOKEN=$(cat /app/data/admin_token)
# Generate ldap sync config from template
sed -e "s/##LDAP_SERVER/${LDAP_SERVER}/"\
-e "s/##LDAP_PORT/${LDAP_PORT}/"\
-e "s/##LDAP_USERS_BASE_DN/${LDAP_USERS_BASE_DN}/"\
-e "s/##LDAP_BIND_DN/${LDAP_BIND_DN}/"\
-e "s/##LDAP_BIND_PASSWORD/${LDAP_BIND_PASSWORD}/"\
-e "s/##BITWARDEN_HOSTNAME/${CLOUDRON_APP_HOSTNAME}/"\
-e "s/##ADMIN_TOKEN/${ADMIN_TOKEN}/"\
/app/code/ldap_config.template.toml > /run/ldap_config.toml
export CONFIG_PATH=/run/ldap_config.toml
exec /app/code/bitwarden_rs_ldap
......@@ -2,19 +2,36 @@
set -eu
export DOMAIN=$APP_ORIGIN
export SMTP_HOST=$MAIL_SMTP_SERVER
export SMTP_FROM=$MAIL_FROM
echo "=> Exporting env vars expected by Bitwarden"
export DOMAIN=$CLOUDRON_APP_ORIGIN
export SMTP_HOST=$CLOUDRON_MAIL_SMTP_SERVER
export SMTP_FROM=$CLOUDRON_MAIL_FROM
export SMTP_FROM_NAME=Bitwarden
export SMTP_PORT=$MAIL_SMTPS_PORT
export SMTP_SSL=true
export SMTP_USERNAME=$MAIL_SMTP_USERNAME
export SMTP_PASSWORD=$MAIL_SMTP_PASSWORD
export SMTP_PORT=$CLOUDRON_MAIL_SMTP_PORT
export SMTP_SSL=false
export SMTP_EXPLICIT_TLS=false
export SMTP_USERNAME=$CLOUDRON_MAIL_SMTP_USERNAME
export SMTP_PASSWORD=$CLOUDRON_MAIL_SMTP_PASSWORD
export SMTP_AUTH_MECHANISM="Plain"
export LOG_LEVEL=debug
echo "=> Starting apache"
APACHE_CONFDIR="" source /etc/apache2/envvars
rm -f "${APACHE_PID_FILE}"
/usr/sbin/apache2 -DFOREGROUND &
# Generate admin token if it doesn't exist
if [[ ! -f /app/data/admin_token ]]; then
pwgen -1 48 -s > /app/data/admin_token
fi
export ADMIN_TOKEN=$(cat /app/data/admin_token)
echo "=> Admin token: ${ADMIN_TOKEN}"
echo "=> Starting bitwarden_rs"
exec /app/code/bitwarden_rs
echo "=> Generate LDAP config"
# Generate ldap sync config from template
sed -e "s/##LDAP_SERVER/${CLOUDRON_LDAP_SERVER}/"\
-e "s/##LDAP_PORT/${CLOUDRON_LDAP_PORT}/"\
-e "s/##LDAP_USERS_BASE_DN/${CLOUDRON_LDAP_USERS_BASE_DN}/"\
-e "s/##LDAP_BIND_DN/${CLOUDRON_LDAP_BIND_DN}/"\
-e "s/##LDAP_BIND_PASSWORD/${CLOUDRON_LDAP_BIND_PASSWORD}/"\
-e "s/##BITWARDEN_HOSTNAME/${CLOUDRON_APP_HOSTNAME}/"\
-e "s/##ADMIN_TOKEN/${ADMIN_TOKEN}/"\
/app/code/ldap_config.template.toml > /run/ldap_config.toml
echo "=> Starting supervisord"
exec /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon -i Bitwarden
[program:apache2]
autorestart=true
autostart=true
command=/usr/bin/pidproxy /run/apache2/apache2.pid /bin/bash -c "source /etc/apache2/envvars && /usr/sbin/apache2 -DFOREGROUND"
environment=APACHE_CONFDIR=""
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
stopasgroup=true
killasgroup=true
[program:core]
directory=/app/code/
command=/app/code/bitwarden_rs
user=root
autostart=true
autorestart=true
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0