The implementation of Bitwarden self-hosted on a Raspberry Pi is now called Vaultwarden. The instructions in this document have been updated accordingly
Reference: https://www.wundertech.net/how-to-self-host-bitwarden-on-a-raspberry-pi/ (Pay attention to the updates caused by the name change to vaultwarden)
1. Installed Docker and Portainer according to these instructions: https://www.wundertech.net/portainer-raspberry-pi-install-how-to-install-docker-and-portainer/
2. Installed nginx proxy manager according to these instructions: https://www.wundertech.net/nginx-proxy-manager-raspberry-pi-install-instructions/
a. Step 11 says to wait for the status of nginx_app_1 to change to healthy, but it didn't. Instead, the log file had repeated entries of "can't take lock to run migrations migration table is already locked." The solution was to go into nginx_db_1 and delete all the rows from the migrations_table
i. In portainer, stopped nginx_app_1
ii. In a cmd window on host:
1) docker exec -ti nginx_db_1 mysql -h 172.18.0.2 -P 3306 -u npm -p npm
2) DELETE FROM migrations_table;
iii. Restarted nginx_app_1
b. After that, the log showed repeated entries of not being able to create the table "auth" because it already existed. The solution was to delete the existing auth table (and similarly, the user table).
i. In portainer, stopped nginx_app_1
ii. In a cmd window on host:
1) docker exec -ti nginx_db_1 mysql -h 172.18.0.2 -P 3306 -u npm -p npm
2) DROP TABLE auth;
3) DROP TABLE user;
iii. Restarted nginx_app_1
c. After that, the state of the nginx_app_1 container changed to healthy.
3. Followed the rest of the instructions in the reference.
Reference: https://github.com/ttionya/vaultwarden-backup
The reference program allows me to implement automatic backups of the vaultwarden database to a directory on Google Drive every hour. The format of the backup file name is backup.%Y%m%d. This has the effect of creating one file per day in the directory, but having 24 downloadable versions of it for at least 30 days.
In anticipation of a problem with cron when using docker on a Raspberry Pi 3B+ (See the relevant closed issue on the Reference website), installed the most recent version of libseccomp2
a. wget http://http.us.debian.org/debian/pool/main/libs/libseccomp/libseccomp2_2.5.1-1_armhf.deb
b. sudo dpkg -i libseccomp2_2.5.1-1_armhf.deb
Followed the instructions for using Google Drive as the backup target
a. sudo docker pull ttionya/vaultwarden-backup
b. sudo docker run --rm -it --mount type=volume,source=vaultwarden-rclone-data,target=/config/ ttionya/vaultwarden-backup:latest rclone config
c. sudo docker run --rm -it --mount type=volume,source=vaultwarden-rclone-data,target=/config/ ttionya/vaultwarden-backup:latest rclone config show
d. As noted in the reference, the command for starting the (vaultwarden_backup) backup container required changing "--volumes-from=vaultwarden" to "--volumes-from=Bitwarden" for the above installation instructions. The environment variables RCLONE_REMOTE_NAME, ZIP_PASSWORD, and TIMEZONE were set accordingly. The other environment variables maintained their default values.
e. HISTORY LESSON HERE: What was not noted in the reference was that the scripts pointed to /bitwarden/data as the Bitwarden data directory, which differs from the above installation instructions. This (I hope) only required a change to the includes.sh file in the bitwardenrs_backup container. Using Portainer.io, an Exec Console was opened in the (bitwardenrs_backup) container and the /app/includes.sh file was edited to change DATA_DIR="/bitwarden/data" to DATA_DIR="/data" . This is only good until a restart of the container. For the long term solution, I asked the author of the backup program to make DATA_DIR an environment variable, which they did starting in version 1.6.0. So, the full command would be of the form:
docker run -d --restart=always --name vaultwarden_backup --volumes-from=Bitwarden --mount type=volume,source=vaultwarden-rclone-data,target=/config/ -e RCLONE_REMOTE_NAME="XX" -e DATA_DIR="/data" -e ZIP_PASSWORD="XX" -e TIMEZONE="XX" ttionya/vaultwarden-backup:latest
On the Raspberry Pi,
a. Stop vaultwarden (sudo docker stop vaultwarden)
b. Downloaded a file (i.e. backup.yyyymmdd.zip) from the Google Drive into the home directory of user pi.
c. Unzipped the file
d. Renamed db.yyyymmdd.sqlite3 to db.sqlite3, config.yyyymmdd.json to config.json, etc.
e. Copied the renamed files to /var/lib/docker/volumes/Bitwarden/_data (overwriting files with same names)
f. Restarted vaultwarden (sudo docker start vaultwarden)
Updating the vaultwarden docker container when updated image is available (using Portainer.io)
Stop the container
Recreate the container, making sure to pull the latest image
Start the container