April 27th, 2023Author: Matt Compton
What is a Password Manager?
What is Bitwarden?
Why Should I Host the Server Myself?
Why Vaultwarden Instead of the Official Server?
There are a lot of options for Virtual Private Servers (VPS) that have sufficient resources to run Docker apps, like Vaultwarden.
The first step before installing any new software should always be to make sure that the existing operating system and other packages are up to date. We can do that with:
Now, let’s make sure that we have some assorted tools that we’ll need later on. (Most updated Ubuntu versions should have all of these packages already, but it doesn’t hurt to check.
Next, let’s make sure we have the needed directory for third-party keyrings.
Now, we need to download the signing key used to ensure that the Docker packages are legitimate.
It’s finally time to add the URLs of available Docker packages to our system.
And now, finally, we can install Docker.
At long last, let’s check if Docker is working.
Now that we’ve gotten Docker working, we can start working on setting up Vaultwarden.
First, we need to pull the Docker image for the server.
And now, to run the server, you can simply run:
Let’s break this down!
Web Server Setup
As mentioned above, unfortunately, we shouldn’t really be connecting directly to the container. If you have a preferred web server, feel free to use that. For this example, we’ll use nginx.
First, the simple step of installing nginx.
Next, we should disable the default configuration that’s shipped with nginx on most distributions.
Now, we need to make a config file for nginx. This process will differ slightly depending on if you have a domain name or not. If you don’t, I’d recommend snagging one, even if it’s just a free one from a site like Freenom. If the price of “free” is still too much, we can work with that too.
I have a domain name!
Let’s make a config file. For example:
In this file, we’ll put the following (if a domain name is used):
To get an HTTPS certificate, we’ll need an additional tool, but first, have you set your DNS?
All you’ll need for this simple example is an A record for the public IP of your server. Exactly how you set this will depend on your domain registrar and how they handle DNS.
Next, let’s make sure our nginx config doesn’t have any issues.
And, now, assuming there weren’t any “ERROR” blocks, we can restart nginx so that the changes are applied.
We can now finally get our HTTPS up and running. To start the process, run
You’ll want to select your domain name, and then enter a valid email address as a contact. Certbot will finish up by automatically editing your configuration file to redirect all traffic to https.
Assuming that there aren’t any error messages, all you need to do to finish up is restart nginx once again.
I don't (or can't) have a domain name!
No worries. As mentioned earlier, we can still get HTTPS working. However, before you keep reading, note that HTTPS without a domain is strongly discouraged, and most browsers will continue to display scary warnings no matter how hard you try to tell them that everything is fine. You’ve been warned.
The first thing we’re going to do is create the certificate we need.
This command will ask for various details about your server before it’s done.
Now that we have the certificate files, we’ll create a snippet configuration file, which helps to keep our main file less cluttered.
Now, we’re going to make another snippet to tell nginx about some specific recommended SSL settings.
And now, insert:
Whew. Now we can finally create the actual file that configures the proxy for Vaultwarden.
And insert the following:
Now, you can test the config with
And, assuming there are no errors, you can restart nginx with:
Now that you have an instance set up, you can use it! The simple way to start storing passwords and other sensitive information is to access the web interface, which is at your specified domain name or ip. When you load it, it should look something like this:
Since you’ve just installed the server, you need to make an account using the link below the continue button. After registration, you should be able to sign in and access your web vault.
Your interface should look something like this, without all the clutter.
Once you’ve installed the extension from the webstore, click on the extension icon, which might be hiding behind the puzzle piece icon. If so, you can pin it to the toolbar with the pin icon.
Before you enter your email address, though, click on the gear in the top left of the sign-in panel.
Luckily for us, we only have to edit the first box, “server url.” This should be set to the ip address or domain name of your vaultwarden server. (Either https://some.cool.domain or https://123.456.789)
Now, your email and password should work the same as on the web panel. Once you start saving passwords in your Vaultwarden, you’ll see an icon suggesting relevant items on pages. For example, when I go to google.com:
If I click on the icon, it expands to show relevant items.
With the instructions in this guide, your digital life can become more organized, while remaining equally, -if not more- convenient. At the same time, you can be more secure in the knowledge that your accounts are no longer secured with a password based on your dog’s name, your previous address, or any other easy to remember yet equally easy to guess details.