What is Vaultwarden

Vaultwarden is an alternative implementation of the Bitwarden server API, written in Rust and compatible with upstream Bitwarden clients. It is perfect for self-hosted use when using the official, resource-intensive service is not ideal.

We can install it as follows:

$: pkg install vaultwarden

Then we copy the sample configuration:

$: cp /usr/local/etc/rc.conf.d/vaultwarden.sample /usr/local/etc/rc.conf.d/vaultwarden

However, before we change our Vaultwarden configuration, we need an admin token, which we can create with the following command:

$: openssl rand -base64 48

We now copy the created token and change the configuration.

Note: If we want to use the web interface, we have to set SIGNUPSALLOWED to true. Under ADMINTOKEN we paste our copied token. Furthermore, we can change our email server configuration here.

$: nano /usr/local/etc/rc.conf.d/vaultwarden =>

ROCKET_ADDRESS=127.0.0.1
export ROCKET_ADDRESS

ROCKET_PORT=4567 # your port here
export ROCKET_PORT

# ROCKET_TLS='{certs = "/ssl/fullchain.pem", key = "/ssl/key.pem"}'
# LOG_FILE='/data/bitwarden.log'

SIGNUPS_ALLOWED='true'
export SIGNUPS_ALLOWED

DOMAIN='https://vaultwarden.domain'
export DOMAIN

ADMIN_TOKEN= # generate one with ~$ openssl rand -base64 48
export ADMIN_TOKEN

SMTP_HOST=localhost
export SMTP_HOST

SMTP_FROM=noreply@localhost
export SMTP_FROM

SMTP_PORT=25
export SMTP_PORT

SMTP_SSL=false
export SMTP_SSL

# SMTP_USERNAME=
# export SMTP_USERNAME

# SMTP_PASSWORD=
# export SMTP_PASSWORD

Now that we have changed our configuration, we can enable the Vaultwarden service and start it for the first time.

$: service vaultwarden enable
$: service vaultwarden start
$: service vaultwarden status

To be able to use the web interface, we will use Nginx as a reverse proxy. To complete this, we first create the Nginx configuration:

$: nano /usr/local/etc/nginx/vhosts/vaultwarden.conf =>

server {
	listen 80;

    server_name vaultwarden.domain;

    # Allow large attachments
    client_max_body_size 128M;

    location / {
        proxy_pass http://127.0.0.1:4567;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /notifications/hub {
        proxy_pass http://127.0.0.1:3012;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location /notifications/hub/negotiate {
       proxy_pass http://127.0.0.1:4567;
    }
}

We need another entry in our host's file:

$: nano /etc/hosts =>

127.0.0.1 vaultwarden.domain

Since it's more secure to deploy Vaultwarden over HTTPS, and we still need let's-encrypt certificates for that, we simply run the “certbot” command in our terminal and let it automatically create a certificate for our new domain.

Finally, we restart the Nginx once.

$: service nginx restart

Now we can open our freshly installed Vaultwarden service via the web browser.

Here, we can create a new user and manage our passwords securely in the future.

Discuss...

What is Navidrome?

Navidrome is an open-source web-based music collection server and streamer. It gives us the freedom to listen to our music collection from any browser or mobile device. It's like our own personal Spotify!

Furthermore, it offers the following feature:

• Manages huge music collections
• Streams virtually any audio format available
• Reads and uses all of our beautifully curated metadata
• Great support for compilations (various artists' albums) and box sets (multi-disc albums)
• Multi-user, each user has their playlists, favorites, etc.
• Very low resource consumption
• Automatically monitors your library for changes, imports new files, and reloads new metadata
• Modern and responsive web interface based on Material UI
• Compatible with all Subsonic/Madsonic/Airsonic clients
• Transcoding on the fly. It can be set per user/player. Opus encoding is supported.

How can we install it?

Installation is simple, we just need to run the following command:

$: pkg install navidrome

After the installation is through, we can then edit the corresponding configuration file.

$: nano /usr/local/etc/navidrome/config.toml

You can have a look at it. You will find a lot of configuration options. What is important is that you set the path to your music collection correctly.

If you have configured the whole thing according to your wishes, we still have to activate the RC service and then start it once.

$: servive navidrome enable
$: servive navidrome start

Nginx configuration

We use Nginx as a reverse proxy server. Likewise, we now create the following file under /usr/local/etc/nginx/vhosts:

$: nano /usr/local/etc/nginx/vhosts/navidrome.conf  ⇒

server {
    server_name navidrome.domain;

    location / {
        proxy_pass http://127.0.0.1:4533;
        proxy_http_version 1.1;
        proxy_cache_bypass $http_upgrade;

        # proxy headers
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-forwarded-port $server_port;

        # proxy timeouts
        proxy_connect_timeout 60s;
        proxy_send_timeout 60s;
        proxy_read_timeout 60s;
    }
}

In our /etc/hosts, we add the following line.

$: nano /etc/rc.conf ⇒

127.0.0.1 navidrome.domain

Then we restart the Nginx.

$: service nginx restart

We can now open Navidrome via the web browser.

Discuss...