diff --git a/_articles/hosting/install-on-premise.md b/_articles/hosting/install-on-premise.md index 7882b28e..5415988b 100644 --- a/_articles/hosting/install-on-premise.md +++ b/_articles/hosting/install-on-premise.md @@ -237,13 +237,12 @@ Manual installations lose the ability to automatically update certain dependenci 2. Create a new directory named `bwdata` and extract the `docker-stub.zip` archive to it. The directory structure provided matches what the `./docker/docker-compose.yml` file's mapped volumes expect, however, you are free to change the location of these mappings on the host machine if desired. 3. Get your `installation__id` and `installation__key` from [https://bitwarden.com/host](https://bitwarden.com/host){:target="_blank"} and provide them to the application's environment variables at `./env/global.override.env`. 4. Update the `baseServiceUri__*` and `attachment__baseUrl` application environment variables for your hostname at `./env/global.override.env`. -5. Generate a `.pfx` certificate file for the identity container and place it in the mapped volume at `./identity/identity.pfx`. +5. Generate a `.pfx` certificate file for the identity container and place it in the mapped volume directory at `./identity/identity.pfx`. Example: openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout identity.key \ -out identity.crt -subj "/CN=Bitwarden IdentityServer" -days 10950 - # mkdir ./identity openssl pkcs12 -export -out ./identity/identity.pfx -inkey identity.key \ -in identity.crt -certfile identity.crt -passout pass:IDENTITY_CERT_PASSWORD @@ -254,7 +253,7 @@ Manual installations lose the ability to automatically update certain dependenci Example self-signed certificate: - # mkdir -p ./ssl/bitwarden.company.com + # mkdir ./ssl/bitwarden.company.com openssl req -x509 -newkey rsa:4096 -sha256 -nodes -days 365 \ -keyout ./ssl/bitwarden.company.com/private.key \ -out ./ssl/bitwarden.company.com/certificate.crt \ @@ -266,14 +265,14 @@ Manual installations lose the ability to automatically update certain dependenci 8. Generate your own random password strings for the `sqlServer__connectionString` `RANDOM_DATABASE_PASSWORD`, `internalIdentityKey` `RANDOM_IDENTITY_KEY`, and `duo__aKey` `RANDOM_DUO_AKEY` and update the variables at `./env/global.override.env`. Also be sure to apply the same `RANDOM_DATABASE_PASSWORD` at `./env/mssql.override.env` 9. Update the `app-id.json` file at `./web/app-id.json` to include your hostname's URL (ex. `https://bitwarden.company.com`). 10. Configure your SMTP mail server and any other desired application settings at `./env/global.override.env`. -11. Map the desired user and group id for the Bitwarden containers to run under by creating a `uid.env` file at `./env/uid.env`. +11. Map the desired user and group id for the Bitwarden containers to run under at `./env/uid.env`. Example: LOCAL_UID=1000 LOCAL_GID=1000 - Otherwise, remove the `uid.env` mappings from `./docker/docker-compose.yml` and the containers will run as `nobody`. + Otherwise, the containers will run as `nobody`. 12. Start your Bitwarden installation and access it at your configured hostname: docker-compose -f ./docker/docker-compose.yml up -d