Cloud servers from $4 per/mo - Grab the Deal! Let’s start ->
Community
Sign In
Sign In

Installing Bitwarden in Docker

Installing Bitwarden in Docker
Hostman Team
Technical writer
Docker
30.08.2024
Reading time: 6 min
Share

Bitwarden is a free, open-source password manager that stores sensitive information in an encrypted vault. It is written in C# using .NET Core and ASP.NET Core, and its database is based on the T-SQL/SQL Server.

Bitwarden is a cloud service accessible through various client applications, making it cross-platform: web, desktop (Windows, macOS, Linux), mobile apps, browser extensions (Chrome, Firefox, Safari, Edge, Opera, Vivaldi, Brave, Tor), or through the command line interface.

One key motivation for using Bitwarden is avoiding third-party password managers where sensitive data is stored on external servers. Instead, you can deploy Bitwarden on your secure server.

Bitwarden is based on a group of containers, each containing a separate functional component of the manager, such as the database or web server.

Therefore, installing and running Bitwarden requires a containerization system, which is Docker.

Here's a brief list of Bitwarden's features:

  • Open-source

  • Built on the 256-bit AES encryption standard to protect user data

  • Supports two-factor authentication

  • Password auditing and verification system

  • Biometric authentication support

  • Ability to host the server locally

  • Cross-platform client applications on all popular platforms

Prerequisites

This tutorial uses commands for UNIX-like operating systems, specifically Debian/Ubuntu, as they are often used for deploying server applications.

Before installing and configuring Bitwarden, ensure that all necessary system packages are installed and updated:

sudo apt update
sudo apt upgrade

If your cloud server is new, it's recommended to install some basic tools:

sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common

Next, ensure that you have Docker and Docker Compose for managing Bitwarden containers. You can install them on Ubuntu/Debian using this guide.

Step 1. Install Docker and Its Components

First, add Docker's GPG key, which is used for signing packages:

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

Then, add the Docker repository to obtain the latest version:

sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

Update the system again:

sudo apt update

Finally, install Docker and Docker Compose:

sudo apt install docker-ce docker-ce-cli containerd.io docker-compose

Step 2. Secure Your Bitwarden Setup

To enhance security, create a dedicated user with limited permissions.

Create a directory for Bitwarden:

sudo mkdir /opt/bitwarden

Create the Bitwarden user:

sudo adduser bitwarden

Assign directory ownership to the Bitwarden user:

sudo chmod -R 700 /opt/bitwarden
sudo chown -R bitwarden:bitwarden /opt/bitwarden

Allow the Bitwarden user to run Docker commands:

sudo usermod -aG docker bitwarden

After setting permissions, switch to the Bitwarden user:

su bitwarden

Navigate to the installation directory:

cd /opt/bitwarden

Step 3. Install Bitwarden in Docker and Start the Server

Even if you're not familiar with Docker, Bitwarden's developers have provided an installation script that automates the process. Download it:

curl -Lso bitwarden.sh https://go.btwrdn.co/bw-sh && chmod 700 bitwarden.sh

Now run it:

./bitwarden.sh install

The script will prompt you for various configuration details, such as:

  • Domain name for Bitwarden

  • Database name

  • Whether to use Let's Encrypt for a free SSL certificate

Additionally, you will need to enter an installation ID and key, which you can generate on Bitwarden's official site.

Step 4. Set Up a Mail SMTP Server

Although optional, setting up an SMTP server is recommended for administrator login functionality.

If you are an experienced Docker user, you might want to consider the fairly simple mail server, docker-mailserver, which is well-suited for most Bitwarden tasks.

In the simplest scenario (which slightly contradicts the logic of deploying a local server for security purposes), you can use public mail servers, such as Gmail.

In that case, you should specify the following email parameters:

[email protected]
globalSettings__mail__smtp__host=smtp.gmail.com
globalSettings__mail__smtp__username=your_email
globalSettings__mail__smtp__password=your_password
globalSettings__mail__smtp__ssl=true
globalSettings__mail__smtp__port=587
globalSettings__mail__smtp__useDefaultCredentials=false
globalSettings__disableUserRegistration=true

Once these parameters are set, Bitwarden notifications will be sent to your Gmail.

However, make sure to enable the "allow less secure apps" option in your Gmail account. Otherwise, Google's email service might block messages from your password manager.

If you use a different mail service, find out its settings (specifically, the SMTP server host address) and specify them similarly in the global.override.env file.

That said, there is a chance that the SMTP configurations you provide may not work correctly, preventing messages from reaching your email server, whether it's yours or a third-party one.

Therefore, it might be wise to use an online SMTP checker to verify and fine-tune the correct settings in case any issues arise.

Step 5. Start the Server and Verify Operation

Start the server using the same script:

./bitwarden.sh start

Access the server via a web browser using its IP or domain name. To access the admin panel, append /admin to the server address.

The page will ask you to enter an email address—the same one whose details you added to the global.override.env file.

The mail server will send a link to this address for passwordless access to the admin panel.

From there, you can use any Bitwarden client applications that are available. For example, you can download the desktop client, enter your server's address, log in to Bitwarden, and use the manager to securely store your confidential data.

Stopping and Removing the Server

Sometimes, various issues may accumulate on the server side, requiring you to reinstall the manager.

To do this, first, completely remove Bitwarden using the same script:

./bitwarden.sh stop

Then, simply delete the manager's directory:

rm -r ~/bwdata

And perform a reinstallation if necessary:

./bitwarden.sh install

Conclusion

Installing Bitwarden is straightforward, with developers automating most of the deployment process. After the installation, you can secure your sensitive data with this robust password manager, leveraging DNS, SSL, and SMTP as needed.

You can find many useful tips on using Bitwarden for practical tasks in the official documentation.

Docker
30.08.2024
Reading time: 6 min
Share

Do you have questions,
comments, or concerns?

Our professionals are available to assist you at any moment,
whether you need help or are just unsure of where to start
Email us
Hostman's Support