How to deploy a Bitwarden server with Docker
Looking to deploy an internal password management server? Jack Wallen shows you how to do it with Bitwarden and Docker.
Bitwarden is one of my favorite password managers. But if you are seriously concerned about security and prefer not to save your password database on a third-party server, you may want to consider deploying your own Bitwarden server.
It might sound like a serious challenge, but thanks to Docker, it’s actually pretty straightforward. I’ll show you how to do just that.
SEE: Password Breach: Why Pop Culture and Passwords Don’t Mix (Free PDF) (TechRepublic)
What you will need
The only things you will need to make this happen are a server that supports Docker and a user with sudo privileges. I will do a demo on Ubuntu Server 20.04.
How to install Docker
If Docker isn’t installed, let’s do it now. We’ll be using Docker Compose, so there’s more to install than usual.
First, install the necessary dependencies with:
sudo apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y
Then add the Docker GPG key with:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
Note: The above method to add a key is deprecated but still works.
Add the correct deposit:
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
Update apt and install with the following:
sudo apt update sudo apt install docker-ce docker-ce-cli containerd.io docker-compose
How to create the Bitwarden user
To be sure, we’ll be running all of this with a specific user. First, we will create a directory for the user with:
sudo mkdir /opt/bitwarden
Create the user with:
sudo adduser bitwarden
Give the newly created directory the appropriate permission and ownership with:
sudo chmod -R 700 /opt/bitwarden sudo chown -R bitwarden:bitwarden /opt/bitwarden
Add the user bitwarden to the docker group with:
sudo usermod -aG docker bitwarden
Switch to the bitwarden user with:
su bitwarden cd
How to download the installation script and deploy Bitwarden
Download the handy installation script with:
curl -Lso bitwarden.sh https://go.btwrdn.co/bw-sh && chmod 700 bitwarden.sh
Before running the installation script, make sure that no web server is already running (because Bitwarden will run on port 80 and it will not start if this port is already in use) . Kill Apache with:
sudo systemctl stop apache2
If this is a Red Hat-based machine, this command would be:
sudo systemctl stop httpd
If you are using NGINX, stop it with the command:
sudo systemctl stop nginx
Run the installer with:
You will be asked for an FQDN. If you don’t plan to access Bitwarden from outside your local network, you can always use an IP address for this.
It will take some time for all containers to be extracted and deployed.
Next, we need to configure the SMTP server that Bitwarden will use. Once the deployment is complete, open the configuration file with:
In that file, find and configure the following sections, using an available SMTP server (I used the one from Google):
globalSettings__mail__smtp__host=REPLACE globalSettings__mail__smtp__port=REPLACE globalSettings__mail__smtp__ssl=REPLACE globalSettings__mail__smtp__username=REPLACE globalSettings__mail__smtp__password=REPLACE adminSettings__admins= ADMIN_EMAIL
Make sure to replace each instance of REPLACE with your SMTP server settings and ADMIN_EMAIL with an email address for the administrator user. Save and close the file.
Finally, start the Bitwarden server with:
How to access your Bitwarden server
Open a web browser and point it to https: // SERVER (where SERVER is the IP address or domain of the machine hosting your Bitwarden server). You should be presented with the Bitwarden web UI (Figure A).
Click Create Account to create your Bitwarden account. Once you’ve created it, log in with the credentials and you can start using your Bitwarden server to host your passwordsâ¦ which will all stay on your own hardware.