With a self-hosted password manager, you get all the data under your control! In this tutorial, we will set up the free open-source password manager server Bitwarden. Bitwarden offers a free available On-Premise solution of their password manager backend server.
Where to deploy?
Bitwarden can be deployed on a Linux server or easily on DigitalOcean with a 1-click Solution, that already has Bitwarden installed.
If you want to try out DigitalOcean for free use this referral link to get 100$ free credits for 60-Days.
Note this official Bitwarden Server solution needs at least 2GB of memory. There is also a third-party implementation of the Bitwarden API written in Rust. You can find this project on GitHub under this link as well. In this tutorial I will walk you through the setup of both solutions, it’s up to you which one you want to choose.
The official Bitwarden On-Premise Server
This is a step-by-step walkthrough, I’ve used to install and deploy my Bitwarden Server, further instructions can be found on the offcial Documentation Website.
- Configure your Domain
You will need a DNS Record that points to the public IP address of your Server. Create a new DNS A Record.
- Install Docker and Docker-Compose
To install Docker and Docker compose on your server, check out the official Docker Installation Guide. The same for the official Docker Compose Installation Guide.
- Steps to Prepare the Server
- Add a new user to the system
useradd bitwarden -m -s /bin/bash -c "Administrative Bitwarden User"
- Set a password
- Add the user to the docker group
usermod -aG docker bitwarden
- (optional) Copy the root users ssh key to the bitwarden user
cp .ssh/authorized_keys /home/bitwarden/.ssh/authorized_keys
- Create a new project folder and set the correct permissions
chmod -R 700 /opt/bitwarden
chown -R bitwarden:bitwarden
- Switch to the bitwarden user and the project folder
- Add a new user to the system
- Download and run the Installation Script
curl -Lso bitwarden.sh https://go.btwrdn.co/bw-sh && chmod 700 bitwarden.sh
- Follow the instructions in the Installation Script
- Set Up a mail server
Edit the file
./bwdata/env/global.override.envand change at minimum the following values:
- Restart the Server
- Create a User Account
Open the Bitwarden Server with the public Domain name and register a new User
- (optional) Synchronize Clients and Browser Extensions
The Third-Party Implementation in Rust
You can find the third-party implementation of the Bitwaren API on GitHub. It can be easily deployed via a single Docker command. It just uses one container which is very easy to startup. You will find more details on their GitHub Page. You can also deploy this via Portainer and secure it with Nginx Proxy Manager.
Note: The following steps require a running Installation with Portainer and Nginx Proxy Manager! If you don’t know how to install Portainer and the Nginx Proxy Manager, check out my two tutorials about it:
Nginx Proxy Manager Installation – Portainer Tutorial
- Create a new Docker Volume (when using Portainer)
2. Deploy the Container with the following Docker Command. Make sure you replace your network with the docker network where Nginx Proxy Manager is deployed.
docker run -d --name bitwarden -v /bw-data/:/data/ --network frontend vaultwarden/server:latest
3. Expose the Application with a Reverse Proxy like NGINX Proxy Manager
On Nginx Proxy Manager create a new Proxy Host with a domain name that targets the bitwarden container you have deployed in Docker.