...
 
Commits (13)
[0.1.0]
* Initial version
[0.1.3]
* update to upstream 1.9.0
[0.1.4]
* update to upstream 1.9.1
......@@ -5,12 +5,18 @@
"description": "file://DESCRIPTION.md",
"changelog": "file://CHANGELOG",
"tagline": "Rust implementation of the Bitwarden API",
"version": "0.1.1",
"version": "0.1.4",
"healthCheckPath": "/healthcheck",
"httpPort": 80,
"addons": {
"localstorage": {},
"ldap": {},
"localstorage": {},
"scheduler": {
"ldap_sync": {
"schedule": "*/5 * * * *",
"command": "/app/code/ldap_sync.sh"
}
},
"sendmail": {}
},
"manifestVersion": 1,
......@@ -20,5 +26,6 @@
"tags": [
"password"
],
"mediaLinks": [ ]
"minBoxVersion": "4.1.4",
"mediaLinks": [ "https://raw.githubusercontent.com/bitwarden/brand/master/screenshots/web-vault-macbook.png" ]
}
FROM "bitwardenrs/server:1.9.1" as bitwarden
FROM cloudron/base:1.0.0@sha256:147a648a068a2e746644746bbfb42eb7a50d682437cead3c67c933c546357617
ENV ROCKET_ENV "staging"
......@@ -8,9 +10,7 @@ ENV CONFIG_FILE=/app/data/config.json
ENV SIGNUPS_ALLOWED=false
ENV INVITATIONS_ALLOWED=true
ENV DISABLE_ADMIN_TOKEN=true
ENV WEBSOCKET_ENABLED=false
# set to false, will need some apache config first
ENV WEBSOCKET_ENABLED=true
RUN mkdir -p /app/data
VOLUME /app/data
......@@ -21,16 +21,20 @@ EXPOSE 3012
RUN rm /etc/apache2/sites-enabled/*
RUN sed -e 's,^ErrorLog.*,ErrorLog "|/bin/cat",' -i /etc/apache2/apache2.conf
RUN a2disconf other-vhosts-access-log
ADD apache.conf /etc/apache2/sites-enabled/bitwarden.conf
RUN a2enmod ldap authnz_ldap proxy proxy_http rewrite
COPY apache.conf /etc/apache2/sites-enabled/bitwarden.conf
RUN a2enmod ldap authnz_ldap proxy proxy_http proxy_wstunnel rewrite
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
COPY --from=mprasil/bitwarden:1.8.0 /web-vault /app/code/web-vault
COPY --from=mprasil/bitwarden:1.8.0 /bitwarden_rs /app/code/
COPY --from=mprasil/bitwarden:1.8.0 /Rocket.toml /app/code/
COPY --from=bitwarden /web-vault /app/code/web-vault
COPY --from=bitwarden /bitwarden_rs /app/code/
COPY --from=bitwarden /Rocket.toml /app/code/
# Copy ldap sync utility
COPY --from=vividboarder/bitwarden_rs_ldap:v0.1.0 /usr/local/cargo/bin/bitwarden_rs_ldap /app/code/
WORKDIR /app/code
ADD start.sh /app/code/start.sh
COPY start.sh /app/code/start.sh
COPY ldap_sync.sh /app/code/ldap_sync.sh
COPY ldap_config.template.toml /app/code/ldap_config.template.toml
CMD [ "/app/code/start.sh" ]
......@@ -4,11 +4,14 @@
ErrorLog "/dev/stderr"
CustomLog "/dev/stdout" combined
<Location />
# rewrite websocket connections to its own endpoint
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://127.0.0.1:3012/$1 [P,L]
ProxyPreserveHost On
ProxyErrorOverride Off
ProxyPass http://127.0.0.1:3000/
</Location>
ProxyPass / http://127.0.0.1:3000/
<Location /admin>
AllowOverride None
......
bitwarden_url = "http://##BITWARDEN_HOSTNAME:3000"
bitwarden_admin_token = "##ADMIN_TOKEN"
ldap_host = "##LDAP_SERVER"
ldap_port = ##LDAP_PORT
ldap_bind_dn = "##LDAP_BIND_DN"
ldap_bind_password = "##LDAP_BIND_PASSWORD"
ldap_search_base_dn = "##LDAP_USERS_BASE_DN"
ldap_search_filter = "(&(objectClass=*)(uid=*))"
ldap_sync_loop = false
#! /bin/bash
set -e
export ADMIN_TOKEN=$(cat /app/data/admin_token)
# Generate ldap sync config from template
sed -e "s/##LDAP_SERVER/${LDAP_SERVER}/"\
-e "s/##LDAP_PORT/${LDAP_PORT}/"\
-e "s/##LDAP_USERS_BASE_DN/${LDAP_USERS_BASE_DN}/"\
-e "s/##LDAP_BIND_DN/${LDAP_BIND_DN}/"\
-e "s/##LDAP_BIND_PASSWORD/${LDAP_BIND_PASSWORD}/"\
-e "s/##BITWARDEN_HOSTNAME/${CLOUDRON_APP_HOSTNAME}/"\
-e "s/##ADMIN_TOKEN/${ADMIN_TOKEN}/"\
/app/code/ldap_config.template.toml > /run/ldap_config.toml
export CONFIG_PATH=/run/ldap_config.toml
exec /app/code/bitwarden_rs_ldap
......@@ -11,6 +11,13 @@ export SMTP_SSL=true
export SMTP_USERNAME=$MAIL_SMTP_USERNAME
export SMTP_PASSWORD=$MAIL_SMTP_PASSWORD
# Generate admin token if it doesn't exist
if [[ ! -f /app/data/admin_token ]]; then
pwgen -1 48 -s > /app/data/admin_token
fi
export ADMIN_TOKEN=$(cat /app/data/admin_token)
echo "=> Admin token: ${ADMIN_TOKEN}"
echo "=> Starting apache"
APACHE_CONFDIR="" source /etc/apache2/envvars
rm -f "${APACHE_PID_FILE}"
......