search

jakeswenson / BitBetter

Modify bit warden to provide my own licensing for self hosting
511 stars 115 forks source link

compatibility with Bitwarden offline setup #174

Open tfboy opened 1 year ago

tfboy commented 1 year ago

Hi, I was just wondering if there are any plans to make this work with fully offline installations of Bitwarden? I have tried, but as the docker containers are installed manually when configuring as an offline install, it's not possible to build the images when running the build.sh script:

build.sh  README.md  src  update-bitwarden.sh
Unable to find image 'mcr.microsoft.com/dotnet/sdk:6.0' locally
6.0: Pulling from dotnet/sdk
0bc8ff246cb8: Pull complete
5c7a0ff61f6b: Pull complete
0a33056c1d9b: Pull complete
72cae2b4ebed: Pull complete
96830a80fe4a: Pull complete
1143b2a14b65: Pull complete
b5e3c0596624: Pull complete
19a10a9b1d43: Pull complete
Digest: sha256:229eee05c4a54649f9c0c86c8265ffeb87ce160a330a671a86d51ede66359e2b
Status: Downloaded newer image for mcr.microsoft.com/dotnet/sdk:6.0
+ dotnet restore
  Determining projects to restore...
  Restored /bitBetter/bitBetter.csproj (in 1.04 sec).
+ dotnet publish
MSBuild version 17.3.2+561848881 for .NET
  Determining projects to restore...
  All projects are up-to-date for restore.
  bitBetter -> /bitBetter/bin/Debug/netcoreapp6.0/bitBetter.dll
  bitBetter -> /bitBetter/bin/Debug/netcoreapp6.0/publish/
DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
            Install the buildx component to build images with BuildKit:
            https://docs.docker.com/go/buildx/

Sending build context to Docker daemon  1.618MB
Step 1/6 : ARG BITWARDEN_TAG
Step 2/6 : FROM ${BITWARDEN_TAG}
invalid reference format
DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
            Install the buildx component to build images with BuildKit:
            https://docs.docker.com/go/buildx/

Sending build context to Docker daemon  1.618MB
Step 1/6 : ARG BITWARDEN_TAG
Step 2/6 : FROM ${BITWARDEN_TAG}
invalid reference format
Error response from daemon: No such image: bitbetter/api:latest
Error response from daemon: No such image: bitbetter/identity:latest
Error parsing reference: "bitbetter/api:" is not a valid repository/tag: invalid reference format
Error parsing reference: "bitbetter/identity:" is not a valid repository/tag: invalid reference format
jjmmfi commented 1 year ago

Push notifications to Mobile app require online access to push.bitwarden.com You might want SMTP as well.

tfboy commented 1 year ago

Push notifications to Mobile app require online access to push.bitwarden.com You might want SMTP as well.

Sorry, to clarify, this is an offline in the sense that it's firewalled from the Internet. But SMTP is available and working (internally). Good point about push notifications, but this isn't required in this case. Could be disabled.

vijaymodha commented 1 year ago

This seems to break because the url used in build.sh to determine $BW_VERSION no longer works:

$ curl -vvv https://go.btwrdn.co/bw-sh-versions
* processing: https://go.btwrdn.co/bw-sh-versions
* Could not resolve host: go.btwrdn.co
* Closing connection
curl: (6) Could not resolve host: go.btwrdn.co

To workaround: hardcode the value to the Bitwarden installed version. For my install, it's "2023.10.2".

Here's a patch for build.sh for Bitwarden v2023.10.2:

# git diff
diff --git a/build.sh b/build.sh
index 4371c0c..7349e3e 100755
--- a/build.sh
+++ b/build.sh
@@ -3,6 +3,7 @@
 DIR=`dirname "$0"`
 DIR=`exec 2>/dev/null;(cd -- "$DIR") && cd -- "$DIR"|| cd "$DIR"; unset PWD; /usr/bin/pwd || /bin/pwd || pwd`
 BW_VERSION=$(curl -sL https://go.btwrdn.co/bw-sh-versions | grep '^ *"'coreVersion'":' | awk -F\: '{ print $2 }' | sed -e 's/,$//' -e 's/^"//' -e 's/"$//')
+BW_VERSION="2023.10.2"
 echo "Building BitBetter for BitWarden version $BW_VERSION"
tfboy commented 1 year ago

Actually, I wonder if this could make installations simpler. Initially, I had a normal self-hosted installation but I then wanted to sandbox it and remove internet connectivity. But my containers were always unhealthy. I reached out fo their support team and they said it won't work and I need to do the proper offline install.

However, part of the offline install requires you creating your identity server for signing the certificates (something you don't do with a normal install as I believe it checks against the online servers which is why there's the modified bitbetter containers impersonating the identity servers).

As you have your own local identity servers, can you not use these instead of the modified bitbetter ones to sign the licence? If this worked, then it would remove the need for these modified servers and simplify the process.

I'm playing around seeing if I can get it to work.

tfboy commented 9 months ago

Just to add, I've had a look and cannot get it working with the off-line install. I did put a post up in the Discussions section.

If we could get the "offline" version to work, I think it could be a lot simpler and wouldn't require changing / using any modified containers, just using the identity.pfx certificate generated on install.