Post

Install Vaultwarden in Docker

Posted
Preview Image
By Liam Thomas-Chollier
5 min read

Installing Vaultwarden with Docker

Vaultwarden, formerly known as Bitwarden_RS, is an open-source server application that serves as an alternative to the Bitwarden password manager. It allows you to self-host your password manager, giving you more control over your data. Docker is a tool that simplifies the process of creating, deploying, and managing applications using containers.

Prerequisites

  • Docker installed on your system. If Docker is not installed, please refer to my installation tutorial for installation instructions.

Create a Docker Compose File

1
2

mkdir vaultwarden
cd vaultwarden

Create a docker-compose.yml file using your preferred text editor:

1

nano docker-compose.yml

Paste the following content into the docker-compose.yml file:

1
2
3
4
5
6
7
8
9
10
11

name: vaultwarden
services:
    server:
        container_name: vaultwarden
        environment:
            - ADMIN_TOKEN=some_random_token_as_per_above_explanation
        volumes:
            - /vw-data/:/data/
        ports:
            - 80:80
        image: vaultwarden/server:latest

Explanation:

The provided Docker Compose configuration sets up a Vaultwarden server using Docker. Let’s break down each part of the configuration:

  • name: vaultwarden: Specifies the name of the Docker Compose project.

  • services: Defines the services to be created.

    • server: Specifies a service named server.

      • container_name: vaultwarden: Sets the name of the container to vaultwarden.

      • environment: Specifies environment variables for the container. In this case, it sets an admin token with the value some_random_token_as_per_above_explanation.

      • volumes: Mounts the host directory /vw-data/ to the container’s /data/ directory for persistent data storage.

      • ports: Exposes port 80 on the host and forwards it to port 80 on the container.

      • image: vaultwarden/server:latest: Specifies the Docker image to use for the service, in this case, vaultwarden/server:latest.

This configuration effectively sets up a Vaultwarden server with the specified settings. Ensure that you replace some_random_token_as_per_above_explanation with an actual admin token for securing your installation. Also, make sure to have the necessary directories (/vw-data/ in this case) created on your host system for data persistence.

Start the Vaultwarden Container

To start the Vaultwarden container, run the following command in the terminal:

1

docker compose up -d

Access Vaultwarden

Once the container is up and running, you can access Vaultwarden by navigating to http://localhost in your web browser. If you’re running Docker on a remote server, replace localhost with the server’s IP address or domain name.

Complete the Installation

Follow the on-screen instructions to complete the initial setup of Vaultwarden. You’ll need to create an admin account and set up your encryption key.

Accessing the Admin Page

To access the admin page of Vaultwarden, you need to follow these steps:

  1. Navigate to the URL where your Vaultwarden instance is hosted.

    • Local Installation:
      • If you’re running Vaultwarden locally, you can access the admin page by navigating to http://localhost/admin in your web browser.
    • Remote Installation:
      • If you’re running Vaultwarden on a remote server, replace localhost with the IP address or domain name of your server. The URL should be in the format http://your_server_ip/admin or http://your_domain/admin.

  2. You will be prompted to log in to the admin page. Use the admin token specified in your Docker Compose file to authenticate.

    • Locate the ADMIN_TOKEN environment variable in your docker-compose.yml file, and use the corresponding token value.

      1
2

      environment:
  - ADMIN_TOKEN=some_random_token_as_per_above_explanation

  3. Once logged in, you’ll have access to the admin dashboard at /admin. From here, you can perform various administrative tasks, including:

    • User management: Create, modify, and delete user accounts.
    • Security settings: Configure security options such as two-factor authentication and password requirements.
    • Other administrative tasks: Configure organization settings, manage collections, and view server logs.

This admin page provides a centralized interface for managing and configuring your Vaultwarden instance according to your preferences and security requirements.

HTTPS

For enhanced security, it’s highly recommended to use HTTPS (HTTP Secure) for encrypting communication between clients and your Vaultwarden server. For this I use a reverse proxy and Let’s Encrypt, I’ll do a tutorial later to show you how to do it.

Connect with a client

Downloading and Connecting with a Bitwarden Client:

Once your Vaultwarden instance is up and running, you can connect to it using a Bitwarden client application. Bitwarden offers various client applications for different platforms, including web browsers, desktops, and mobile devices.

Web Browser:

  1. Open your preferred web browser (Google Chrome, Mozilla Firefox, Safari, etc.).
  2. Navigate to the Bitwarden website: Visit https://bitwarden.com/ and click on “Get Started” or “Download” to access the client download page.
  3. Download the Bitwarden browser extension: Choose the extension compatible with your web browser and install it.
  4. Launch the Bitwarden extension: Once installed, you’ll typically find the Bitwarden icon in your browser’s toolbar. Click on it to launch the extension.
  5. Connect to your Vaultwarden instance:
    • Click on the extension icon.
    • If it’s your first time using Bitwarden, you’ll be prompted to create an account or sign in.
    • Enter the URL of your Vaultwarden instance (e.g., http://localhost or https://your_domain) and log in using your credentials.
  6. Access your vault: Once connected, you’ll have access to your vault where you can view, add, edit, and delete your stored items such as passwords, secure notes, and credit card information.

Desktop and Mobile Applications:

  1. Visit the respective app store:
    • For desktops, visit the Microsoft Store, Mac App Store, or Linux repositories.
    • For mobile devices, visit the Google Play Store (Android) or Apple App Store (iOS).
  2. Search for the Bitwarden application: Look for “Bitwarden Password Manager” and download the application.
  3. Install and launch the application: Once downloaded, install the application on your device and launch it.
  4. Connect to your Vaultwarden instance:
    • Upon launching the application, you’ll be prompted to sign in or create a new account.
    • Enter the URL of your Vaultwarden instance (e.g., http://localhost or https://your_domain) and log in using your credentials.
  5. Access your vault: After logging in, you’ll have access to your vault where you can manage your passwords and other sensitive information.

Note:

  • Ensure that your Vaultwarden instance is accessible from the network where your client device is located.
  • For security reasons, it’s recommended to use HTTPS with a valid SSL certificate for encrypting data transmission between the client and server.
  • Consider using a strong master password and enabling two-factor authentication (2FA) for an extra layer of security.
  • Regularly update your Bitwarden client applications to benefit from the latest security features and bug fixes.

By following these steps, you can download and connect to your Vaultwarden instance using a Bitwarden client application, enabling you to securely manage your passwords and sensitive information across different devices.

homelab, docker
homelab docker docker-compose self-hosted
This post is licensed under CC BY 4.0 by the author.