In this post I will focus on running a self-hosted alternative to some comercial solutions out there, like 1Password for example. Nowdays when privacy is at its peek having your personal accounts, passwords, credit cards, etc, in some "cloud" could be an issue for some.

So let's see if BitWarden can be a solution for you. You can self-host it or run your account from BW "cloud" as well.

Let's start.

1st thing - install Docker via Package center or if your NAS doesn't support it, install it manually by downloading the package from Syno site. After that, you can use the Manual install button in Package Center to install Docker. Keep in mind that this is not 100% supported and some features of docker will still not function. If your NAS is from the '+' lineup, then you are good to go.

This tutorial will focus on a custom bitwardenrs/server image that I use as well. Its update and maintained all the time so there is no need to worry. Support for it can be reached on their Matrix chat channel if needed.

After you have installed Docker open it up and you will land on a similar screen:

Docker image pull from hub.docker.com

Switch over to the Registry tab and use the search field to type in bitwarden. After a few seconds you should get a list similar to this one.

As you can see bitwardenrs/server is the top result for me, if thats not the case with you just find it manually. Select it and hit the download button. A pop up window will show up asking you what version you want. Select latest and click ok.

Now wait for the image to download and DSM will notify you when its ready via a system notification.

As soon as thats done, switch over to the Image tab inside Docker. You should see bitwarden image in the list:

This is an old image. Since then this image has been deprecated. Use the one from the begging

Now that the image has download click on it and pres the Launch button on the top.

This action will start the Container creation wizard. So remember, image creates a container and you can create multiple containers from a single image if you need to. The 1st step in this wizard looks like this:

Container creation wizard

Give container a name, enable resource limit (optional, but I like to use it to control how much ram and cpu priority container needs) and then click the Advanced Settings button (not Next). As its shown on the image I gave BW container only 50MB of RAM as maximum (its not gonna use that much anyway) just to be on the safe side. docker has a great benefit that it can limit resources so that a buggy image/container will not take all of your NAS resources in case there is a memory leak or some nasty bug in the image itself.

Opening Advanced settings window will show up multiple tabs that need to be configured (not all and not for every container):

All custom docker settings that can be set using the UI

Auto-restart feature is nice to have ON in case you need to reboot your nas or Docker for that matter and want all your containers booting automaticlly. Ofc this is an optional setting but still. Regarding shortcut on the desktop, personally I don't use it. Desktop in this context is DSM desktop not your computer desktop. I use Heimdall for all my docker URL needs so this options is OFF (again, you can use it if you choose to do so).

Moving to the 2nd tab, Volume. Now this is the most important thing that needs to be done when working with containers. Read up on those so that I don't start messing this tutorial too much, but in short it means this. If you start working with your container, all information, configuration, data etc, are sandboxed inside the container. This means that after you restart your continer (reboot, NAS update, Docker update, docker image update) it will reset itself to initial settings. As a result all your work will be reset and gone.

That means that in case of BW, all your imported data, long random passwords that you have defined are gone! Now that you have understood the importance of this lets configure an outside volume that will keep your data safe from this scenario.

Container volume mapping

The Volume tab is used to map files or folder from within the container outside to your local shared folder(s) on your NAS. As a result even if something happens to the container your data will be safe and all you have to do is recreate the container and attach it to the same volume to get access to your data. Thats the whole beauty of Docker. Moving your data around regardless of whats hosting your container.

In the image above I have mapped left side (your NAS folder structure) to the right side (container mount path). The principal is the same. Left side is your local NAS destination where you want containers folder data stored.

In case of this BitWarden image all data is stored in /data folder as indicated by instructions on the image web page. So to recap, I have mapped docker/bitwarden local path (bitwarden is a subfolder of /docker folder that you will get after you install Docker. Ofc you don't have to use that destination if you don't want to) to /data folder that BW image is using. This as a result, will mean that all my data will actually be in docker/bitwarden folder on my nas and not sandboxed in the container itself.

You can (and prefered to do so) backup those folders as they are essential unlike the rest of the container thats expendable.

Moving over to 3rd tab - Network. Here you can select networks that you want your continainer to use. You can make new networks for specific subnets or you can use the default one, bridge. In the spirit of this tutorial just use bridge. This will mean that all containers using this network will be essentially in a NAT configuration with your NAS. Meaning you will access those apps and services using your local NAS IP address and a custom port defined on the following tab, Port Settings.

Container port mappings

Same as with volumes, ports are configured the same way. Left side local host ports (on your NAS), right side container ports. DO NOT change the container side numbers, or you will have problems running the container in the 1st place. It can be reconfigured but you will have to do it on the image level, so not important for now. Another reason why this is not needed is because you can use almost any port for Local port value that you want.

So change auto value to a port of your choosing. General rule would be to use some non system/default port like 1024 or above. Keep in mind that if you want to access your Docker containers with a custom domain name on an https/443 port, this is not the place to do it (separate tutorial for that). Atm you want to stick with a custom number (it can be the same as the container one) to get things going.

My example would be 1024 and 1025 for the pair.

Next tab, Links, is not needed for this container to run. So moving to the last one, Environment.

Even thought for this particular container even this tab is not needed, there will be a huge number of images that use this section.

Container environment variables

Most variables are case sensitive so be aware of that. In this example the image has already a number of variables set for us and there is no need to configure any additional. Keep your eye on the image page that you are about to use for any -e switche as thats the env variable that needs to be configured, added or changed to your needs.

UPDATE:

If you do not want to keep signups open to the public (lets say you are running this site on the internet) then be sure to use this variable to keep sigunps closed after your initial creation!

SIGNUPS_ALLOWED=false

This variable is added in the ui the way that SIGNUPS_ALLOWED is typed in "variable" column and false in the "value". Do not use the = sign.

Now that we have went throught all the advanced settings, click Apply and you will close this window. Back in the main window, click Next, review the Summary, and click Apply.

Container creation summary

If you have left the check box next to Run this container after the wizard is finished checked, your container will now be created and started. To verify that all is running well, move to the Container tab in Docker main window to find BW container up and running.

BitWarden running via Docker UI

Thats it! All thats left now is to go to your NAS IP address followed by the port number that you have defined to access the user interface.

An example of the URL would be: http://10.100.10.12:80 or whatever port you have defined as a local port for container port 80 (80 would be usually registered as in use).

Now that you have your new BW selfhosted instance running, enjoy it and prepare to make it accessible via the internet using a valid SSL certificate, a custom domain name and revers proxy.