Running bitwarden_rs on Synology using docker-compose

On the last posts, I wrote about installing, activating live sync and backup bitwarden_rs on Synology NAS using docker container. After playing around with docker on Synology (I’m a newbie on docker myself ), I found out that docker compose is also available on Synology. So we will be running bitwarden_rs on Synology using docker-compose, and write the settings in one file. Every container created per docker-compose are shown on docker GUI in Synology DSM.

Let’s get started rebuilding our bitwarden_rs container using docker compose.

Before we start, I assume you have activated SSH service and able to access Synology per SSH.

You can grab my docker compose config file from Github, make some changes, upload to Synology and run docker-compose. But let’s go step-by-step.

YAML file

Docker compose is configured using a YAML file. I uploaded my YAML file to Github. If you downloaded it, please check following settings:

  • container_name: make sure to set the same container name as existing container, so that the current container will be replaced by the one from docker compose
  • volumes: change according to your local path
  • ports: change according to your old settings
  • environment: I removed some of the bitwarden settings from the environment since they are also set in the config.json file.

In the YAML file I configured directly the backup container, so the bitwarden_rs and backup container will be run at the same time. I also activated the bitwarden logging and persisted the logs in a file. This will be used by a fail2ban service to secure the login page from brute force. I’ll write about it next time.

Docker Compose

After adjusting the YAML file, upload it to the bitwarden folder. Mine is /volume2/docker/bitwardenrs. After uploading YAML file, let’s connect per SSH to your Synology.

Once you’re logged in per SSH, let’s switch to root user

and then swtich to the bitwarden folder (mine is /volume2/docker/bitwardenrs)

and start the docker compose

-f filename is needed if your YAML file is not named docker-compose.yaml.
-d to run the docker in detached mode.
up is to start the container(s) in the YAML file. Docker compose will download the image and start it.
To shutdown the container, just run the docker-compose command with down subcommand. See also the CLI documentation on docker-compose.

To stop and fetch new image, just run following as root

3 thoughts on “Running bitwarden_rs on Synology using docker-compose”

  1. I’ve followed your tuts which are really helpful. The last thing I’m worried about now is security.

    Do you have an idea how we would be able to do an ip ban on like 5 failed login attempts?

    1. to ban IP after failed logins, I setup logrotate and fail2ban container also. If a user is banned because of failed attempt in bitwarden, the IP is also blocked for other service in Synology.

      1. Can you share how you got fail2ban working on your Synology? I see the ban, but it does not block even though the IP tables shows the DROP. Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *