Bitwarden Server is a self-hosted password management solution that allows users to securely store, manage, and share credentials. Itβs an excellent choice for organizations and individuals who prioritize data ownership, customization, and control over sensitive information. In this guide, we'll cover the complete lifecycle of deploying, configuring, and managing Bitwarden Server, including installation, reverse proxy setup, logging, backups, updates, and leveraging its unique features.
Installing Bitwarden Server
π¦ Docker/Docker Compose Setup
The recommended way to deploy Bitwarden Server is through Docker Compose, which simplifies container management. Hereβs how to create and deploy a docker-compose.yml
file:
- Create a Project Directory:
mkdir -p ~/bitwarden && cd ~/bitwarden
- Generate
docker-compose.yml
:
Use the following configuration to define the Bitwarden Server setup:
version: '3'
services:
bitwarden:
image: bitwardenrs/server:latest
container_name: bitwarden
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- ./data:/data
environment:
ADMIN_TOKEN: "<your-admin-token>"
SIGNUPS_ALLOWED: "false"
- Deploy Containers:
Run the following commands to launch Bitwarden Server:
docker-compose up -d
- Verify Deployment:
Check the container status to ensure it is running:
docker ps
π Manual Installation
For those who prefer not to use Docker, you can manually install Bitwarden Server on a Linux system:
- Install Dependencies:
sudo apt update
sudo apt install -y curl sqlite3
- Download Bitwarden Binary:
curl -L -o bitwarden https://github.com/dani-garcia/vaultwarden/releases/latest/download/vaultwarden-x86_64-unknown-linux-gnu
chmod +x bitwarden
sudo mv bitwarden /usr/local/bin/
- Run the Server:
mkdir -p ~/bitwarden/data
vaultwarden --data-dir ~/bitwarden/data
- Access the Application:
Navigate to http://<your-server-ip>:80
to access the Bitwarden Server.
Configuring Nginx as a Reverse Proxy
π Nginx Configuration
To make Bitwarden accessible via a custom domain, configure Nginx as a reverse proxy:
- Install Nginx:
sudo apt install -y nginx
- Create a Server Block:
Save the following configuration in /etc/nginx/sites-available/bitwarden
:
server {
listen 80;
server_name your-domain.com;
location / {
proxy_pass http://127.0.0.1:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
- Enable the Configuration:
sudo ln -s /etc/nginx/sites-available/bitwarden /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
π SSL/TLS Setup
Use Letβs Encrypt to secure access to your server with HTTPS:
- Install Certbot:
sudo apt install -y certbot python3-certbot-nginx
- Obtain a Certificate:
sudo certbot --nginx -d your-domain.com
- Automate Renewal:
Add a cron job for automatic certificate renewal:
echo "0 3 * * * certbot renew --quiet" | sudo tee -a /etc/crontab
π οΈ Testing and Reloading Nginx
- Test Configuration:
sudo nginx -t
- Reload Nginx:
sudo systemctl reload nginx
Logging and Debugging Bitwarden Server
ποΈ Enabling Debug Logs
Enable debug logging to trace issues more effectively by setting the log level in the environment variables:
environment:
RUST_LOG: "debug"
Restart the container to apply changes:
docker-compose down && docker-compose up -d
π Viewing Logs
- For Docker Containers:
docker logs -f bitwarden
- For Manual Installations:
tail -f ~/bitwarden/data/bitwarden.log
π οΈ Troubleshooting Common Issues
Check for common issues such as incorrect environment variables or firewall restrictions in the logs:
grep -i "error" ~/bitwarden/data/bitwarden.log
π€ Exporting Logs
Send logs to an external system for analysis:
docker logs bitwarden | nc <elk-stack-ip> 514
Backup and Restore
ποΈ File-Based Backups
Backup your Bitwarden data directory:
tar -cvzf bitwarden-backup.tar.gz ~/bitwarden/data
π Database Backups
Export the SQLite database:
sqlite3 ~/bitwarden/data/db.sqlite3 ".backup bitwarden-db-backup.sqlite3"
π Automated Backup Scripts
Create a daily backup script:
echo "tar -czf ~/backups/bitwarden-\$(date +\%F).tar.gz ~/bitwarden/data" > ~/backup.sh
chmod +x ~/backup.sh
echo "0 2 * * * ~/backup.sh" | crontab -
Updating and Upgrading Bitwarden Server
β¬οΈ Updating Docker Images
- Pull the Latest Docker Image:
docker-compose pull
docker-compose up -d
π οΈ Manual Updates
For manual installations, replace the binary with the latest release:
curl -L -o bitwarden https://github.com/dani-garcia/vaultwarden/releases/latest/download/vaultwarden-x86_64-unknown-linux-gnu
chmod +x bitwarden
π Checking for Updates
Check the latest version on the official GitHub releases page.
Leveraging Bitwarden Serverβs Unique Features
π§ Enabling APIs
Enable API endpoints by setting the following environment variables:
environment:
ENABLE_API: "true"
API_KEY: "<your-api-key>"
Access the API with tools like curl
:
curl -H "Authorization: Bearer <your-api-key>" https://your-domain.com/api
π Advanced Configurations
Enable advanced features like user management or email notifications:
environment:
SMTP_HOST: "smtp.mailserver.com"
SMTP_PORT: "587"
SMTP_USERNAME: "[email protected]"
SMTP_PASSWORD: "your-email-password"
Wrapping Up
In this guide, weβve covered the end-to-end setup of Bitwarden Server, including installation, reverse proxy configuration, logging, backups, and updates. By following these steps, you can enjoy a secure, self-hosted password manager tailored to your specific needs. Get started today and take full control of your credentials with Bitwarden Server!