From df153f2a593683198ddb28158a20036be007a6c2 Mon Sep 17 00:00:00 2001 From: fred_the_tech_writer <69817454+fschillingeriv@users.noreply.github.com> Date: Mon, 28 Jun 2021 14:43:32 -0400 Subject: [PATCH] Central Config (#652) * initial draft * env var rebuild note * automatic update faq * browser extension --- _articles/faqs/hosting-faqs.md | 2 +- _articles/faqs/org-faqs.md | 9 ++ .../hosting/change-client-environment.md | 2 +- _articles/hosting/configure-clients.md | 82 +++++++++++++++++++ _articles/hosting/environment-variables.md | 4 +- 5 files changed, 95 insertions(+), 4 deletions(-) create mode 100644 _articles/hosting/configure-clients.md diff --git a/_articles/faqs/hosting-faqs.md b/_articles/faqs/hosting-faqs.md index b7ca06d2..71058425 100644 --- a/_articles/faqs/hosting-faqs.md +++ b/_articles/faqs/hosting-faqs.md @@ -6,7 +6,7 @@ featured: true popular: true hidden: false tags: [] -order: 11 +order: 12 --- This article contains Frequently Asked Questions (FAQs) regarding **Self-hosting**. diff --git a/_articles/faqs/org-faqs.md b/_articles/faqs/org-faqs.md index 1422757b..876d8a00 100644 --- a/_articles/faqs/org-faqs.md +++ b/_articles/faqs/org-faqs.md @@ -43,6 +43,15 @@ Paid Organizations (Families, Teams, or Enterprise) automatically include premiu **A:** If you're self-hosting, [configure the environment variable]({% link _articles/hosting/environment-variables.md %}) `globalSettings__disableUserRegistration=` to `true` to prevent users from signing up for an account via the Registration page. Once configured, Organization Admins or Owners must invite users to signup for an account on the self-hosted instance. +### Q: My users don't have permission to update desktop apps on their workstations. Can I turn off automatic updates for Bitwarden? + +**A:** Yes! Add the environment variable `ELECTRON_NO_UPDATER=1` to your desktop app template to prevent automatic update procedures from trying and failing on your end-user workstations. [Learn how to set environment variables for desktop apps.](https://www.twilio.com/blog/2017/01/how-to-set-environment-variables.html){:target="\_blank"} + +{% callout warning %} +Like with any software, running old versions may present a security risk. +{% endcallout %} + + ## Sharing with an Organization ### Q: How do I "unshare" an item from my Organization? diff --git a/_articles/hosting/change-client-environment.md b/_articles/hosting/change-client-environment.md index 3a74649d..709979df 100644 --- a/_articles/hosting/change-client-environment.md +++ b/_articles/hosting/change-client-environment.md @@ -5,7 +5,7 @@ categories: [hosting] featured: false popular: false tags: [hosting, environment] -order: 10 +order: 11 --- By default, Bitwarden client applications (Browser Extensions, Mobile Apps, etc.) will connect to Bitwarden-hosted servers. Client applications can be configured to connect to your self-hosted Bitwarden instance. diff --git a/_articles/hosting/configure-clients.md b/_articles/hosting/configure-clients.md new file mode 100644 index 00000000..eb76ac0c --- /dev/null +++ b/_articles/hosting/configure-clients.md @@ -0,0 +1,82 @@ +--- +layout: article +title: Configure Clients Centrally +categories: [hosting] +featured: true +popular: false +tags: [] +order: 10 +--- + +When operating a self-hosted Bitwarden server in a business setting, administrators may want to centrally configure client application settings (particularly, Server URL) before deploying to users with an endpoint management platform. + +The process for doing so will be different for each client application: + + +
+
+{% capture mobile_info %} + +#### Mobile + +Most Mobile Device Management (MDM) or Enterprise Mobility Management (EMM) solutions allow administrators to pre-configure applications before deployment in a standard fashion. To pre-configure Bitwarden Mobile apps to use your self-hosted Server URL, construct the following Application Configuration: + +|Configuration Key|Value Type|Configuration Value| +|-----------------|----------|-------------------| +|`baseEnvironmentUrl`|string|Your self-hosted Server URL, for example `https://my.bitwarden.server.com`.| + +{% endcapture %} +{{ mobile_info | markdownify}} +
+
+{% capture desktop_info %} + +#### Desktop + +To centrally configure the Desktop app for deployment, first complete the following steps on a single workstation: + +1. Install the Desktop app. If you're using Windows, silent install Bitwarden using `installer.exe /S` (see [NSIS documentation](https://nsis.sourceforge.io/Docs/Chapter4.html#silent){:target="\_blank"}). +2. Navigate to the Desktop app's locally stored settings. This directory is different depending on your OS (e.g. `%AppData%\Bitwarden` on Windows, `~/Library/Application Support/Bitwarden` on macOS). [Find your directory.]({{site.baseurl/article/data-storage/}}) +3. In the directory, open the `data.json` file. +4. Edit `data.json` to configure the Desktop app as desired. In particular, create the following object to configure the app with your self-hosted Server URL: + + ``` + "environmentUrls": { + "base": "https://my.bitwarden.server.com", + "api": null, + "identity": null, + "webVault": null, + "icons": null, + "notifications": null, + "events": null, + "enterprise": null + } + ``` +5. Once configured the way you want it, use your endpoint management solution of choice (like [Jamf](https://www.jamf.com/){:target="\_blank"}) to deploy the pre-configured Desktop app as a template. + +{% endcapture %} +{{ desktop_info | markdownify}} +
+
+{% capture browser_extension %} + +#### Browser Extensions + +While it is possible to deploy Bitwarden Browser Extensions using an endpoint management solution like [Jamf](https://www.jamf.com/){:target="\_blank"}, it is currently **not possible** to alter the configuration in this way. + +Instruct your end-users to follow [these steps]({{site.baseurl}}/article/change-client-environment/#browser-extensions-desktop-apps-and-mobile-apps) to connect a Browser Extension to your self-hosted server. + +{% endcapture %} +{{ browser_extension | markdownify}} +
+
diff --git a/_articles/hosting/environment-variables.md b/_articles/hosting/environment-variables.md index 6b8ee93e..fe7c4234 100644 --- a/_articles/hosting/environment-variables.md +++ b/_articles/hosting/environment-variables.md @@ -8,9 +8,9 @@ tags: [hosting, docker, install, deploy] order: 05 --- -Some features of Bitwarden are not configured by the `bitwarden.sh` installer. Configure these settings by editing the environment file, located at `./bwdata/env/global.override.env`. +Some features of Bitwarden are not configured by the `bitwarden.sh` installer. Configure these settings by editing the environment file, located at `./bwdata/env/global.override.env`. `global.override.env` comes pre-baked with configurable variables (see [Included Variables](#included-variables)), however there are additional variables which can be manually added (see [Optional Variables](#optional-variables)). -`global.override.env` comes pre-baked with configurable variables (see [Included Variables](#included-variables)), however there are additional variables which can be manually added (see [Optional Variables](#optional-variables)). +**Whenever you make changes to** `global.override.env`**, perform a** `./bitwarden.sh rebuild` **to apply your changes.** {% callout info %} This article will not define every environment variable, instead focusing on those used or configured by most installations.