mirror of
https://github.com/jakeswenson/BitBetter.git
synced 2023-10-10 13:36:57 +02:00
Updated Docs
I've taken the steps written out by @online-stuff and consolidated/organized them into the README. This closes #13. In a future update it might be worth adding a docs/ directory and breaking the readme into several docs that link to one another.
This commit is contained in:
parent
664b75ac81
commit
1182108026
91
README.md
91
README.md
@ -1,48 +1,99 @@
|
|||||||
# BitBetter
|
# BitBetter
|
||||||
|
|
||||||
This project is a tool to modify bitwardens core dll to allow me to self license.
|
BitBetter is is a tool to modify bitwardens core dll to allow you to generate your own individual and organisation licenses. Please see the FAQ below for details on why this software was created.
|
||||||
Beware this does janky IL magic to rewrite the bitwarden core dll and install my self signed certificate.
|
|
||||||
|
|
||||||
Yes, there still are quite a few things that need to be fixed. Updates and Organization Buiness Name is hardcoded to Bitbetter, are the first to things to fix.. Better handling of the User-GUID comes to mind too.
|
_Beware! BitBetter does janky IL magic to rewrite the bitwarden core dll and install a self signed certificate. Use at your own risk!_
|
||||||
|
|
||||||
Credit to https://github.com/h44z/BitBetter and https://github.com/jakeswenson/BitBetter
|
Credit to https://github.com/h44z/BitBetter and https://github.com/jakeswenson/BitBetter
|
||||||
|
|
||||||
## Building
|
# Table of Contents
|
||||||
|
1. [Getting Started](#gettingstarted)
|
||||||
|
+ [Pre-requisites](#prereq)
|
||||||
|
+ [Setting up BitBetter](#setup)
|
||||||
|
+ [Building BitBetter](#building)
|
||||||
|
+ [Generating Signed Licenses](#generating)
|
||||||
|
2. [FAQ](#faq)
|
||||||
|
3. [Footnotes](#footnotes)
|
||||||
|
|
||||||
To build your own `bitwarden/api` image run
|
# Getting Started <a name=#gettingstarted></a>
|
||||||
|
The following instructions are for unix-based systems (Linux, BSD, macOS), it is possible to use a Windows systems assuming you are able to enable and install [WSL](https://docs.microsoft.com/en-us/windows/wsl/install-win10).
|
||||||
|
|
||||||
|
## Pre-requisites <a name=#prereq></a>
|
||||||
|
Aside from docker, which you also need for Bitwarden, BitBetter requires the following:
|
||||||
|
|
||||||
|
* openssl (probably already installed on most Linux or WSL systems)
|
||||||
|
* dotnet-sdk-2.1 (install instructions can be found [here](https://dotnet.microsoft.com/download/linux-package-manager/rhel/sdk-2.1.604))
|
||||||
|
|
||||||
|
## Setting up BitBetter <a name=#setup></a>
|
||||||
|
With your pre-requisites installed, begin the installation of BitBetter by downloading it through Github or using the git command:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
git clone https://github.com/online-stuff/BitBetter.git
|
||||||
|
```
|
||||||
|
|
||||||
|
First, we need to add the correct version of Newtonsoft.Json to the license generator and the BitBetter docker directories.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
cd BitBetter/src/licenseGen/
|
||||||
|
dotnet add package Newtonsoft.Json --version 11.0.0
|
||||||
|
|
||||||
|
cd ../bitBetter
|
||||||
|
dotnet add package Newtonsoft.Json --version 11.0.0
|
||||||
|
```
|
||||||
|
|
||||||
|
Next, we need to generate the self-signed certificate we will use to sign any licenses we generate.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.cert -days 36500 -outform DER -passout pass:test
|
||||||
|
openssl x509 -inform DER -in cert.cert -out cert.pem
|
||||||
|
openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem -passin pass:test -passout pass:test
|
||||||
|
```
|
||||||
|
|
||||||
|
Note that the password here must be `test`.<sup>[1](#f1)</sup>
|
||||||
|
|
||||||
|
## Building BitBetter <a name=#building></a>
|
||||||
|
|
||||||
|
Now that you've generated your own own self-signed certificate, you can run the main `BitBetter/build.sh` script to generate a modified version of the `bitwarden/api` docker image.
|
||||||
|
|
||||||
|
From the BitBetter directory, simply run:
|
||||||
```bash
|
```bash
|
||||||
./build.sh
|
./build.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
replace anywhere `bitwarden/api` is used with `bitbetter/api` and give it a go. no promises
|
This will create a modified version of the official `bitwarden/api` called `bitbetter/api`. You may now simply edit your bitwarden docker-compose.yml to utilize the modified image.
|
||||||
|
|
||||||
## Issuing your own licenses
|
Edit your `/path/to/bwdata/docker/docker-compose.yml`.
|
||||||
|
|
||||||
The repo is setup to replace the licesning signing cert in bitwarden.core with your own personal self signed cert (`cert.pfx`)
|
> Replace `image: bitwarden/api:x.xx.x`<br>with `image: bitbetter/api`
|
||||||
If you want to be able to sign your own licenses obviously you'll have to replace it with your own self signed cert.
|
|
||||||
|
|
||||||
|
You'll also want to edit the `/path/to/bwdata/scripts/run.sh` file. In the `function restart()` block, comment out the call to `dockerComposePull`.
|
||||||
|
|
||||||
### Signing licesnses
|
> Replace `dockerComposePull`<br>with `#dockerComposePull`
|
||||||
|
|
||||||
There is a tool included to generate a license (see `src/liceseGen/`)
|
You can now start or restart Bitwarden as normal and the modified api will be used. <b>It is now ready to accept self-issued licenses.</b>
|
||||||
|
|
||||||
generate a PFX above using a password of `test` and then build the tool using:
|
## Generating Signed Licenses <a name=#generating></a>
|
||||||
|
|
||||||
|
There is a tool included in the directory `src/licenseGen/` that will generate new individual and organization licenses. These licenses will be accepted by the modified Bitwarden because they will be signed by the certificate you generated in earlier steps.
|
||||||
|
|
||||||
|
First, from the `BitBetter/src/licenseGen` directory, build the license generator.<sup>[2](#f2)</sup>
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
./src/licenseGen/build.sh
|
./build.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
This tool build ontop of the bitbetter/api container image so make sure you've built that above using the root `./build.sh` script.
|
Now, from the `BitBetter/src/licenseGen` directory, you can run the tool to generate licenses.
|
||||||
|
|
||||||
After that you can run the tool using:
|
You'll need to get a user's <b>GUID</b> in order to generate an <b>invididual license</b> and the server's <b>install ID</b> to generate an <b>Organization license</b>. These can be retrieved most easily through the Bitwarden [Admin Portal](https://help.bitwarden.com/article/admin-portal/).
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
cd ~/BitBetter/src/licenseGen
|
|
||||||
./run.sh ~/BitBetter/.keys/cert.pfx user "Name" "EMail" "User-GUID"
|
./run.sh ~/BitBetter/.keys/cert.pfx user "Name" "EMail" "User-GUID"
|
||||||
./run.sh ~/BitBetter/.keys/cert.pfx org "Name" "EMail" "Install-ID used to install the server"
|
./run.sh ~/BitBetter/.keys/cert.pfx org "Name" "EMail" "Install-ID used to install the server"
|
||||||
```
|
```
|
||||||
|
|
||||||
# Questions (you might have?)
|
<b>The license generator will spit out a JSON-formatted license which can then be used within the Bitwarden web front-end to license your user or org!</b>
|
||||||
|
|
||||||
|
# FAQ: Questions (you might have?) <a name=#faq></a>
|
||||||
|
|
||||||
I'll work on updates in the next couple weeks, right now, I just wanted something to start with.
|
I'll work on updates in the next couple weeks, right now, I just wanted something to start with.
|
||||||
|
|
||||||
@ -59,3 +110,9 @@ Thanks, good idea. And I did. Currently they're not focused on solving this issu
|
|||||||
To be clear i'm totally happy to give them my money. Offer a perpetual server license, and i'd pay for it. Let me license the server, period. Allow an orginzation to have Premium for all users.. 500 seats, let the 500 users in the orginzation have the Premium features too.
|
To be clear i'm totally happy to give them my money. Offer a perpetual server license, and i'd pay for it. Let me license the server, period. Allow an orginzation to have Premium for all users.. 500 seats, let the 500 users in the orginzation have the Premium features too.
|
||||||
|
|
||||||
I'm still in the testing/evaluating phase. If I am hosting the server/data, let me license the server, period. How many licenses does one user need to have...
|
I'm still in the testing/evaluating phase. If I am hosting the server/data, let me license the server, period. How many licenses does one user need to have...
|
||||||
|
|
||||||
|
# Footnotes <a name=#footnotes></a>
|
||||||
|
|
||||||
|
<a name="#f1"><sup>1</sup></a> If you wish to change this you'll need to change the value that `src/licenseGen/Program.cs` uses for it's `GenerateUserLicense` and `GenerateOrgLicense` calls, but this is really unnecessary as this certificate does not represent any type of security issue.
|
||||||
|
|
||||||
|
<a name="#f2"><sup>2</sup></a>This tool build ontop of the `bitbetter/api` container image so make sure you've built that above using the root `./build.sh` script.
|
@ -1,95 +0,0 @@
|
|||||||
These are the commands I used (and a few of my notes) for a minimal Debian Stretch install..
|
|
||||||
Software Selection - "SSH server" and 'standard system utilities" only
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
sudo apt-get update
|
|
||||||
sudo apt-get install vim vim-doc vim-scripts wget curl git
|
|
||||||
sudo apt-get dist-upgrade
|
|
||||||
sudo reboot
|
|
||||||
|
|
||||||
---The next few lines I setup my server authentication and other misc profile settings you can skip until sudo apt-get
|
|
||||||
|
|
||||||
ssh-keygen
|
|
||||||
|
|
||||||
echo "ssh-rsa AA...1Q== " >> .ssh/authorized_keys
|
|
||||||
|
|
||||||
echo ":set mouse=" >> .vimrc
|
|
||||||
echo "set nocompatible" >> .vimrc
|
|
||||||
|
|
||||||
vi .bashrc
|
|
||||||
|
|
||||||
sudo visudo ---- tom ALL=(ALL) NOPASSWD:ALL
|
|
||||||
|
|
||||||
sudo vi /etc/ssh/sshd_config - Enable 'PermitRootLogin prohibit-password' and 'PasswordAuthentication no'
|
|
||||||
|
|
||||||
sudo apt-get update
|
|
||||||
sudo apt install apt-transport-https ca-certificates curl gnupg2 software-properties-common
|
|
||||||
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
|
|
||||||
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
|
|
||||||
sudo apt update
|
|
||||||
apt-cache policy docker-ce
|
|
||||||
sudo apt install docker-ce
|
|
||||||
sudo systemctl status docker
|
|
||||||
sudo usermod -aG docker ${USER}
|
|
||||||
exit
|
|
||||||
|
|
||||||
id -nG
|
|
||||||
docker version
|
|
||||||
docker info
|
|
||||||
docker run hello-world
|
|
||||||
|
|
||||||
sudo curl -L --fail https://github.com/docker/compose/releases/download/1.23.1/run.sh -o /usr/local/bin/docker-compose
|
|
||||||
sudo chmod +x /usr/local/bin/docker-compose
|
|
||||||
|
|
||||||
wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.asc.gpg
|
|
||||||
sudo mv microsoft.asc.gpg /etc/apt/trusted.gpg.d/
|
|
||||||
wget -q https://packages.microsoft.com/config/debian/9/prod.list
|
|
||||||
sudo mv prod.list /etc/apt/sources.list.d/microsoft-prod.list
|
|
||||||
sudo chown root:root /etc/apt/trusted.gpg.d/microsoft.asc.gpg
|
|
||||||
sudo chown root:root /etc/apt/sources.list.d/microsoft-prod.list
|
|
||||||
|
|
||||||
curl -s -o bitwarden.sh https://raw.githubusercontent.com/bitwarden/core/master/scripts/bitwarden.sh && sudo chmod u+x bitwarden.sh
|
|
||||||
./bitwarden.sh install
|
|
||||||
|
|
||||||
sudo apt-get update
|
|
||||||
sudo apt-get install dotnet-sdk-2.1
|
|
||||||
|
|
||||||
git clone https://github.com/online-stuff/BitBetter.git
|
|
||||||
|
|
||||||
cd BitBetter/src/licenseGen/
|
|
||||||
dotnet add package Newtonsoft.Json --version 11.0.0
|
|
||||||
|
|
||||||
cd ~/BitBetter/src/bitBetter
|
|
||||||
dotnet add package Newtonsoft.Json --version 11.0.0
|
|
||||||
|
|
||||||
cd ~/BitBetter/.keys
|
|
||||||
rm *
|
|
||||||
|
|
||||||
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.cert -days 36500 -outform DER -passout pass:test
|
|
||||||
openssl x509 -inform DER -in cert.cert -out cert.pem
|
|
||||||
openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem -passin pass:test -passout pass:test
|
|
||||||
|
|
||||||
|
|
||||||
cd ~/BitBetter
|
|
||||||
./build.sh
|
|
||||||
|
|
||||||
cd src/licenseGen/
|
|
||||||
./build.sh
|
|
||||||
|
|
||||||
cd ~
|
|
||||||
|
|
||||||
vi ~/bwdata/docker/docker-compose.yml - Change image: bitwarden/api:1.26.0 to image: bitbetter/api
|
|
||||||
vi ~/bwdata/env/global.override.env - Enter mail__smtp relay settings
|
|
||||||
vi ~/bwdata/scripts/run.sh - function restart() { dockerComposePull to #dockerComposePull
|
|
||||||
|
|
||||||
./bitwarden start
|
|
||||||
|
|
||||||
----Server should be up and running.. Create a user account
|
|
||||||
|
|
||||||
cd ~/BitBetter/src/licenseGen/
|
|
||||||
./build.sh
|
|
||||||
./run.sh ~/BitBetter/.keys/cert.pfx user "Name" "EMail" "User-GUID"
|
|
||||||
Get User-GUID from the admin portal of the BitWarden server
|
|
||||||
|
|
||||||
./run.sh ~/BitBetter/.keys/cert.pfx org "Name" "EMail" "Install-ID used to install the server from bitwarden.com/host"
|
|
Loading…
Reference in New Issue
Block a user