Bitwarden is a very popular password manager. It has the benefits of having E2E encryption and being open source allowing anyone to Self-host.
It's worth giving this one a think before getting started. I have included a little chart outlining some of the pros and cons of Self-hosting.
If you don't have too much Linux/Docker knowledge, I would personally recommend using the official Bitwarden instance at vault.bitwarden.com due to having the availability, reliability, security and it's generally stress-free.
|Price||Energy or VPS cost||Free/Paid|
|Availability||Varies||Microsoft Azure (Pretty High)|
|Own your data||✅||❌|
If your confident, lets get started!
We will be using bitwarden_rs, this in an unofficial bitwarden compatable server, but is very lightweight compared to the official server.
- Install docker and setup Reverse Proxy
- Make the directories for the volumes
cd - Go to the home dir
sudo mkdir bitwarden
sudo mkdir data
- Create docker-compose.yaml file
sudo nano docker-compose.yaml
Use the following template:
version: '3' services: bitwarden: image: bitwardenrs/server restart: always volumes: - bitwarden_data:/data networks: default: ipv4_address: 10.10.10.6 environment: WEBSOCKET_ENABLED: 'true' # Required to use websockets SIGNUPS_ALLOWED: 'true' # set to false to disable signups volumes: bitwarden_data: driver_opts: type: none device: /home/USER/bitwarden/data o: bind networks: default: external: name: dockernet
USER = Linux username
- Start the docker container
sudo docker-compose up -d
- Configure the Reverse Proxy
Bitwarden operates on port 80 by default.
- Visit the WebUI and create a user for yourself.
Now your bitwarden docker is fully set up, we shall get some automatic backups sorted to protect your data. There are multiple different backup techniques you can use. We will be using volumerize to run encrypted, incremental backups which can be scheduled to run nightly.
- Docker run
sudo docker run -d \ --name volumerize \ -v BACKUPCACHE:/volumerize-cache \ -v BACKUPDIR:/source:ro \ -e "VOLUMERIZE_SOURCE=/source" \ -e "VOLUMERIZE_TARGET=s3://S3URL" \ -e "AWS_ACCESS_KEY_ID=ACCESS-ID" \ -e "AWS_SECRET_ACCESS_KEY=KEY-ID" \ -e "PASSPHRASE=ENCRYPTIONPW" \ -e "VOLUMERIZE_JOBBER_TIME=0 0 3 * * *" \ blacklabelops/volumerize
Replace the following:
BACKUPCACHE = Cache location - eg /home/USER/backupcache
BACKUPDIR = Directory to backup - eg /home/USER/bitwarden
S3URL = S3 URL - eg s3-us-west-2.amazonaws.com/BUCKETID
ACCESS-ID = S3 Access ID
KEY-ID = S3 Key
ENCRYPTIONPW = This is the password the backup will be encrypted with
This will run an incremental backup at 3AM every day.
- Run a full backup
sudo docker exec volumerize backupFull
- To restore
sudo docker run --rm \ -v RESTOREDIR:/source \ -e "VOLUMERIZE_SOURCE=/source" \ -e "VOLUMERIZE_TARGET=s3://S3URL" \ -e "AWS_ACCESS_KEY_ID=ACCESS-ID" \ -e "AWS_SECRET_ACCESS_KEY=KEY-ID" \ -e "PASSPHRASE=ENCRYPTIONPW" \ blacklabelops/volumerize restore
All done :)