mirror of
https://github.com/bitwarden/help
synced 2025-12-06 00:03:30 +00:00
update help docs
This commit is contained in:
Kyle Spearrin
@@ -119,38 +119,50 @@ We've made installing Bitwarden very simple. Depending on your environment (non-
|
||||
|
||||
3. Complete the prompts in the installer.
|
||||
|
||||
**SSL Certificate**
|
||||
|
||||
- Bitwarden can generate and maintain renewal of a trusted SSL certificate for your domain for completely free provided by [Let's Encrypt](https://letsencrypt.org){:target="_blank"} and [Certbot](https://certbot.eff.org){:target="_blank"}. Certificate renewal checks occur each time bitwarden is restarted.
|
||||
|
||||
- If you already have your own SSL certificate you can place the following files in the `./bwdata/ssl/your.domain.com` directory:
|
||||
- certificate.crt (required). If not done so already, you may need to bundle your primary certificate with any intermediate certificates provided by the CA or else you will receive SSL trust errors. ex. `cat domain.crt ca.crt >> certificate.crt`. [See here](https://www.google.com/search?q=nginx+ssl+bundle+certificate+and+ca){:target="_blank"} for more information.
|
||||
- private.key (required)
|
||||
- ca.crt (optional, if trusted)
|
||||
- dhparam.pem (optional, if using Diffie Hellman ephemeral parameters). You can create your own `dhparam.pem` by using OpenSSL with `openssl dhparam -out ./dhparam.pem 2048`.
|
||||
|
||||
- If you are only testing and do not have an SSL certificate, a self-signed certificate will be generated for your installation.
|
||||
|
||||
**Installation Id/Key**
|
||||
|
||||
Each Bitwarden installation requires a unique installation id and installation key. The installation id and key is used to:
|
||||
|
||||
1. Register your installation and contact email so that we can contact you in case of important security updates
|
||||
2. Validate licensing of paid features
|
||||
3. Authenticate to push relay servers for push notifications (see below)
|
||||
1. Register your installation and contact email so that we can contact you in case of important security updates.
|
||||
2. Validate licensing of paid features.
|
||||
3. Authenticate to push relay servers for push notifications to Bitwarden client applications.
|
||||
|
||||
You should not share your installation id or installation key across multiple Bitwarden installations. They should be treated as secrets.
|
||||
|
||||
You can obtain an installation id and key from [https://bitwarden.com/host](https://bitwarden.com/host){:target="_blank"}.
|
||||
|
||||
**Push Notifications**
|
||||
**SSL Certificate**
|
||||
|
||||
If you would like to take advantage of having push notifications automatically keep your Bitwarden client applications synced in real time you can choose to use the bitwarden push notification relay service. This relay service is provided by external Bitwarden servers. You should ensure that your machine can communicate with the `https://push.bitwarden.com` endpoint. Your Bitwarden installation will POST **non-sensitive data** (reference ids) to the push relay service which will then notify the Bitwarden client applications to "phone home" back to **your installation** for an update.
|
||||
- Bitwarden can generate and maintain renewal of a trusted SSL certificate for your domain for completely free provided by [Let's Encrypt](https://letsencrypt.org){:target="_blank"} and [Certbot](https://certbot.eff.org){:target="_blank"}. Certificate renewal checks occur each time Bitwarden is restarted. Use of the automated Let's Encrypt certificate requires ports 80 and 443 to be available. Alternatively, you can manage your own Let's Encrypt certificate outside of the Bitwarden setup script and provide it using the "bring your own SSL certificate" method as described below.
|
||||
|
||||
The use of the push notification relay service is optional. If you do not use this service you will need to keep your client applications in sync manually.
|
||||
- If you already have your own SSL certificate you can place the necessary files in the `./bwdata/ssl/your.domain.com` directory. File paths for certificate assets are configurable from the `./bwdata/config.yml` file if you wish to change the default paths generated by the installer.
|
||||
- certificate.crt (required). If not done so already, you may need to bundle your primary certificate with any intermediate certificates provided by the CA or else you will receive SSL trust errors. ex. `cat domain.crt ca.crt >> certificate.crt`. [See here](https://www.google.com/search?q=nginx+ssl+bundle+certificate+and+ca){:target="_blank"} for more information.
|
||||
- private.key (required)
|
||||
- ca.crt (optional, if trusted)
|
||||
- dhparam.pem (optional, if using Diffie Hellman ephemeral parameters). You can create your own `dhparam.pem` by using OpenSSL with `openssl dhparam -out ./dhparam.pem 2048`.
|
||||
|
||||
- If you are only testing and do not have an SSL certificate, a self-signed certificate can be generated for your installation. Self-signed certificates will not be trusted by Bitwarden client applications so you will need to install this certificate to the trusted store of each device you plan to use Bitwarden with.
|
||||
|
||||
- If you choose not to configure Bitwarden with a SSL certificate you must front your installation with a proxy that serves the Bitwarden installation over SSL. HTTPS is required to use Bitwarden. If you try to use Bitwarden without the HTTPS protocol you will get errors.
|
||||
|
||||
## Post-install Environment Configuration
|
||||
|
||||
**Installation Config File**
|
||||
|
||||
The Bitwarden setup script uses settings from `./bwdata/config.yml` to generate the necessary assets for the installation to operate. More advanced installation scenarios (ex. installations behind a proxy with alternate ports) may need to make further configuration adjustments that were not provided during the standard installation prompts. Additionally, if you need to alter the initial installation settings (ex. changing the domain name used for Bitwarden) these can be made from `./bwdata/config.yml`.
|
||||
|
||||
After changing settings in `./bwdata/config.yml`, you can apply them by running:
|
||||
|
||||
{% icon fa-linux %} {% icon fa-apple %} Bash
|
||||
|
||||
./bitwarden.sh rebuild
|
||||
|
||||
{% icon fa-windows %} PowerShell
|
||||
|
||||
.\bitwarden.ps1 -rebuild
|
||||
|
||||
**Environment Variables**
|
||||
|
||||
Some features such as a SMTP mail server settings, YubiKey OTP API credentials, etc. are not configured by the installer. You can find the environment file for these settings (and all others) in the following location: `./bwdata/env/global.override.env`. Edit this file and REPLACE the placeholders values for them.
|
||||
|
||||
Example:
|
||||
@@ -212,14 +224,15 @@ PowerShell users will run the commands with a prefixed `-` (switch). For example
|
||||
|
||||
{% table %}
|
||||
|
||||
| Command | Description |
|
||||
|------------|-----------------------------------------|
|
||||
| install | Start the installer. |
|
||||
| start | Start all containers. |
|
||||
| restart | Restart all containers (same as start). |
|
||||
| stop | Stop all containers. |
|
||||
| updatedb | Update/initialize the database. |
|
||||
| update | Update all containers and the database. |
|
||||
| updateself | Update this main script. |
|
||||
| Command | Description |
|
||||
|------------|----------------------------------------------------------|
|
||||
| install | Start the installer. |
|
||||
| start | Start all containers. |
|
||||
| restart | Restart all containers (same as start). |
|
||||
| stop | Stop all containers. |
|
||||
| updatedb | Update/initialize the database. |
|
||||
| update | Update all containers and the database. |
|
||||
| updateself | Update this main script. |
|
||||
| rebuild | Rebuild generated installation assets from `config.yml`. |
|
||||
|
||||
{% endtable %}
|
||||
|
||||
@@ -26,9 +26,9 @@ This article **does not** apply to the following Bitwarden applications, which p
|
||||
|
||||
The following fields from items in your vault are indexed and are searchable:
|
||||
|
||||
- `shortId` - First 8 characters of the item's id.
|
||||
- `shortid` - First 8 characters of the item's id.
|
||||
- `name`
|
||||
- `subTitle` - Login username, card last four, and identity name.
|
||||
- `subtitle` - Login username, card brand + last four, and identity name.
|
||||
- `notes`
|
||||
- `fields` - Name and value. Only "text" type field values are included.
|
||||
- `attachments` - File name
|
||||
@@ -45,13 +45,13 @@ The asterisk character (`*`) provides the ability to perform wildcard searches i
|
||||
- `*bit*war*den*`
|
||||
|
||||
{% note %}
|
||||
The following fields automatically include trailing wildcard searches while performing normal search queries:
|
||||
The following fields automatically include leading and trailing wildcards while performing normal search queries:
|
||||
|
||||
- `name`
|
||||
- `subTitle`
|
||||
- `subtitle`
|
||||
- `login.uris`
|
||||
|
||||
It is not necessary to provide trailing wildcards if you are searching these fields.
|
||||
It is not necessary to provide wildcards if you are searching for information in these fields.
|
||||
{% endnote %}
|
||||
|
||||
## Advanced Searches
|
||||
|
||||
Reference in New Issue
Block a user