public bool BuildForInstall() { var selfSignedSsl = false; if (!Ssl) { if (Helpers.ReadQuestion("Do you want to generate a self-signed SSL certificate?")) { Directory.CreateDirectory($"/bitwarden/ssl/self/{Domain}/"); Console.WriteLine("Generating self signed SSL certificate."); Ssl = selfSignedSsl = true; Helpers.Exec("openssl req -x509 -newkey rsa:4096 -sha256 -nodes -days 365 " + $"-keyout /bitwarden/ssl/self/{Domain}/private.key " + $"-out /bitwarden/ssl/self/{Domain}/certificate.crt " + $"-reqexts SAN -extensions SAN " + $"-config <(cat /usr/lib/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:{Domain}')) " + $"-subj \"/C=US/ST=Florida/L=Jacksonville/O=8bit Solutions LLC/OU=Bitwarden/CN={Domain}\""); } } if (LetsEncrypt) { Directory.CreateDirectory($"/bitwarden/letsencrypt/live/{Domain}/"); Helpers.Exec($"openssl dhparam -out /bitwarden/letsencrypt/live/{Domain}/dhparam.pem 2048"); } Console.WriteLine("Generating key for IdentityServer."); Directory.CreateDirectory("/bitwarden/identity/"); Helpers.Exec("openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout identity.key " + "-out identity.crt -subj \"/CN=Bitwarden IdentityServer\" -days 10950"); Helpers.Exec("openssl pkcs12 -export -out /bitwarden/identity/identity.pfx -inkey identity.key " + $"-in identity.crt -certfile identity.crt -passout pass:{IdentityCertPassword}"); Console.WriteLine(); return(selfSignedSsl); }
public void LoadConfiguration() { if (!File.Exists(ConfigPath)) { Console.WriteLine("No existing `config.yml` detected. Let's generate one."); // Looks like updating from older version. Try to create config file. var url = Helpers.GetValueFromEnvFile("global", "globalSettings__baseServiceUri__vault"); if (!Uri.TryCreate(url, UriKind.Absolute, out var uri)) { Console.WriteLine("Unable to determine existing installation url."); return; } Config.Url = url; var push = Helpers.GetValueFromEnvFile("global", "globalSettings__pushRelayBaseUri"); Config.PushNotifications = push != "REPLACE"; var composeFile = "/bitwarden/docker/docker-compose.yml"; if (File.Exists(composeFile)) { var fileLines = File.ReadAllLines(composeFile); foreach (var line in fileLines) { if (!line.StartsWith("# Parameter:")) { continue; } var paramParts = line.Split("="); if (paramParts.Length < 2) { continue; } if (paramParts[0] == "# Parameter:MssqlDataDockerVolume" && bool.TryParse(paramParts[1], out var mssqlDataDockerVolume)) { Config.DatabaseDockerVolume = mssqlDataDockerVolume; continue; } if (paramParts[0] == "# Parameter:HttpPort" && int.TryParse(paramParts[1], out var httpPort)) { Config.HttpPort = httpPort == 0 ? null : httpPort.ToString(); continue; } if (paramParts[0] == "# Parameter:HttpsPort" && int.TryParse(paramParts[1], out var httpsPort)) { Config.HttpsPort = httpsPort == 0 ? null : httpsPort.ToString(); continue; } } } var nginxFile = "/bitwarden/nginx/default.conf"; if (File.Exists(nginxFile)) { var confContent = File.ReadAllText(nginxFile); var selfSigned = confContent.Contains("/etc/ssl/self/"); Config.Ssl = confContent.Contains("ssl http2;"); Config.SslManagedLetsEncrypt = !selfSigned && confContent.Contains("/etc/letsencrypt/live/"); var diffieHellman = confContent.Contains("/dhparam.pem;"); var trusted = confContent.Contains("ssl_trusted_certificate "); if (Config.SslManagedLetsEncrypt) { Config.Ssl = true; } else if (Config.Ssl) { var sslPath = selfSigned ? $"/etc/ssl/self/{Config.Domain}" : $"/etc/ssl/{Config.Domain}"; Config.SslCertificatePath = string.Concat(sslPath, "/", "certificate.crt"); Config.SslKeyPath = string.Concat(sslPath, "/", "private.key"); if (trusted) { Config.SslCaPath = string.Concat(sslPath, "/", "ca.crt"); } if (diffieHellman) { Config.SslDiffieHellmanPath = string.Concat(sslPath, "/", "dhparam.pem"); } } } SaveConfiguration(); } var configText = File.ReadAllText(ConfigPath); var deserializer = new DeserializerBuilder() .WithNamingConvention(new UnderscoredNamingConvention()) .Build(); Config = deserializer.Deserialize <Configuration>(configText); }