Self-Hosting Bitwarden Password Vault with Docker

What is Bitwarden?

Bitwarden is a free/freemium open-source password management service that stores sensitive information such as website credentials in an encrypted vault. The platform offers a variety of client applications including a web interface, desktop applications, browser extensions, mobile apps, and a command-line interface. Bitwarden offers a free cloud-hosted service as well as the ability to self-host. -https://en.wikipedia.org/wiki/Bitwarden

Installing Docker

  1. Log into the Linux based device
  2. Run the following commands in the terminal
    # install prerequisites
    sudo apt install apt-transport-https ca-certificates curl software-properties-common gnupg-agent -y
    # add docker gpg key
    curl -fsSL https://download.docker.com/linux/$(awk -F'=' '/^ID=/{ print $NF }' /etc/os-release)/gpg | sudo apt-key add -
    # add docker software repository
    sudo add-apt-repository "deb [arch=$(dpkg --print-architecture)] https://download.docker.com/linux/$(awk -F'=' '/^ID=/{ print $NF }' /etc/os-release) $(lsb_release -cs) stable"
    # install docker
    sudo apt install docker-ce docker-compose containerd.io -y
    # enable and start docker service
    sudo systemctl enable docker && sudo systemctl start docker
    # add the current user to the docker group
    sudo usermod -aG docker $USER
    # reauthenticate for the new group membership to take effect
    su - $USER

Running Bitwarden Containers

NOTE: In order for Let's Encrypt to verify ownership of the DNS name, the host Docker is running from must be accessible via port 80 (http) and port 443 (https). For homelab users, this will normally involve port forwarding from the router to the certbot host, which is beyond the scope of this tutorial.

  1. Open a web browser and navigate to https://bitwarden.com/host/
  2. Enter an email address > Click the Submit button
  3. Copy the Installation ID and Key from the output for use later
  4. Continue with the following commands in a terminal window
    # create a working directory
    mkdir ~/docker/bitwarden -p
    # create a bitwarden user account
    sudo adduser bitwarden --disabled-password
    # add the bitwarden user to the docker group
    sudo usermod -aG docker bitwarden
    # create bitwarden install directory
    sudo mkdir /opt/bitwarden
    # set permissions on the install directory
    sudo chmod -R 700 /opt/bitwarden
    # set ownership of install directory to bitwarden
    sudo chown -R bitwarden:bitwarden /opt/bitwarden
    # cd into the working directory
    cd ~/docker/bitwarden
    # download the bitwarden installation script
    curl -Lso bitwarden.sh https://go.btwrdn.co/bw-sh
    # make the install script executable
    chmod 700 bitwarden.sh
    # execute the installation script
    ./bitwarden.sh install
  5. When prompted, enter a domain name for the Bitwarden installation
  6. Select if you'd like to use Let's Encrypt for SSL certificates
  7. Enter a database name to be used for the Bitwarden instance
  8. Enter the Installation ID obtained earlier
  9. Enter the Installation Key obtained earlier
  10. Select if you have an SSL certificate to use
  11. If no to the above, select if you'd like to generate a self-signed SSL certificate
  12. Continue with the following commands in a terminal window
    # edit .env file
    nano ~/docker/bitwarden/bwdata/env/global.override.env
  13. Update the SMTP host configuration to use and optionally, add admin email addresses as shown below

    globalSettings__mail__replyToEmail=no-reply@i12bretro.local
    globalSettings__mail__smtp__host=smtp.i12bretro.local
    globalSettings__mail__smtp__port=25
    globalSettings__mail__smtp__ssl=false
    globalSettings__mail__smtp__username=bitwarden@i12bretro.local
    globalSettings__mail__smtp__password=

    adminSettings__admins=i12bretro@i12bretro.local

  14. Continue with the following commands in a terminal window
    # restart bitwarden containers
    ~/docker/bitwarden/bitwarden.sh restart
  15. Open a web browser and navigate to https://DNSorIP
  16. Click the Create Account button
  17. Complete the form by entering an Email Address, Name and Master Password > Click the Create Account button
  18. Log into Bitwarden using the email address and password set earlier
  19. Welcome to Bitwarden

Documentation: https://bitwarden.com/help/install-on-premise-linux/#post-install-configuration

Source: https://bitwarden.com/help/install-on-premise-linux/