Running Bitwarden in Docker - Setup step by step

Diese Seite gibt es auch in Deutsch

Bitwarden is a web-based password manager, similar to LastPass, but open source and the ability to run (host) it yourself. How Bitwarden compares to other password managers, I considered on the following page: Password Managers Secure? KeePass vs LastPass vs Bitwarden.

Docker Basics

Docker allows applications to be launched by command in a so-called container.
A container is an isolated environment independent of the operating system (OS):
When a container is first launched, Docker independently loads all the necessary sources
from the internet.
Docker can be installed on Windows, macOS or an Linux Distribution

To ensure that Bitwarden is can be reached securely from the Internet, I use a Let's Encrypt reverse proxy. At first I used Nginx as Reverse-Proxy, but later replaced it with Traefik. The reverse proxy provides an encrypted HTTPS connection and makes it possible to run multiple websites on one server.

Step by step Bitwarden and Docker including access from the internet

Hardware requirement:
  1. Almost any hardware can be used for the Docker installation: For example, a virtual server of a provider, or for home: a PC, notebook, Raspberry PI, MAC, a NAS: QNAP, Synology or any other hardware on which Windows or Linux can be installed.
Internet access requirements:
  1. The secure access from the Internet is best done via a domain with a DNS entry to the public IP addres, see Domain and its management. In the case of a rented server from a provider, the provider assigns an IP address. If you want to operate a server in your own home network, you need to set up port forwarding.
  2. For the certificate management and access to the web services I use a reverse proxy and Let's Encrypt certificates.
Container for Bitwarden:
  1. Create and customize docker-compose.yml
  2. Start container and
  3. Set up

Bitwarden docker-compose.yml

To start Bitwarden using docker compose, the Docker image can bedownloaded, created and started using a simple docker-compose.yml file. The file can be filled with any text editor as follows and then customized:

Filename: docker-compose.yml, Content:

[+]
# docker-compose.yml
version: '3'

services:
  bitwarden:
    image: vaultwarden/server
    restart: always
    expose:
       - "80"
   #For direct test access, remove "#" in the following 2 lines. Call: http://localhost:83 or http://ServerIP:83
    #ports:   
      #- "83:80" 
    volumes:
      - bw-data:/data
    environment:
      WEBSOCKET_ENABLED: 'true' # Required to use websockets
      SIGNUPS_ALLOWED: 'true'   # set to false to disable signups
      ADMIN_TOKEN: "mytoken2change"
    #Labels for ReverseProxy, see: https://www.libe.net/en-traefik
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.home.rule=Host(`bitwarden.domain.tld`)"      
      - "traefik.http.routers.home.entrypoints=web"
      - "traefik.http.routers.home.entrypoints=websecure"
      - "traefik.http.routers.home.tls.certresolver=myresolver"
      - "traefik.http.services.home.loadbalancer.server.port=80"
volumes:
  bw-data:

#Without using a reverse proxy (https://www.libe.net/en-traefik) the webproxy network is likely to be missing
#and the following lines can be removed or commented out. Alternatively, the network can be created with "docker network create webproxy".
networks:
  default:
    external:
      name: webproxy

Of course, the domain and ADMIN_TOKEN should be adjusted before starting.

For direct access via IP address or localhost - even without reverse proxy, DNS or public IP - the commented out port setting can be activated for test purposes by removing # in front of “ports:” and -"83:80" .

For Internet access via the Traefik reverse proxy, the domain must be replaced in the labels with the previously created DNS entries (in the example: bitwarden.domain.tld).

The example uses Docker volumes and not bind mounts to permanently store data.

📢 A new post will probably be linked here on 2022-10-13: Docker Volumes vs Bind Mounts allow push notifications?

Start container

The start is done from the folder of the docker-compose.yml file with the command "docker-compose up":

docker-compose up -d

After starting the container, Bitwarden logs on to the specified domain.

Create account

Of course, a user account is required for use:

An SQLite DB is used as storage for Bitwarden, this is located in the bw-data folder after startup.

Admin portal

Setup settings can be made in the admin portal. For access, the admin token set in the docker-compose.yml file and the URL "/admin" is used:

To allow me to determine who can use the password manager, I disabled signups.

Invited users can still use the password manager. If an unknown person registers, the following error is displayed:

An error has occurred.
Registration not allowed or user already exists.

SMTP settings

For sending mails I used the following settings.

I use the following setup as my mail server: Running Docker Mailserver myself | a field report

positive Bewertung({{pro_count}})
Rate Post:
{{percentage}} % positive
negative Bewertung({{con_count}})

THANK YOU for your review!

Updated: 2022-09-04 von Bernhard


Top articles in this section


Home Assistant Docker Conbee 2 and Zigbee2MQTT / deCONZ
Thanks to numerous integration options,Home Assistant is a simple platform for controlling a wide range of smart home devices. Compared to ioBroker, I found it much easier to get started with Home Assistant. While for ioBroker I was still searching for which frontend I could use for my dashboards, with Home-Assistant I had a ready-made system out of the box. Home Assistant's Lovelance dashboards can be easily clicked together in the GUI and adapted for special customizations in the code editor...

Running Docker Mailserver yourself | a field report
With the help of a suitable Docker image, it is relatively easy to run a mail server yourself. I originally used the integrated mail server of the Host Europe vServer (Plesk) and came across a very simple Docker container while looking for a replacement. The lightweight container provides a mail server without a graphical management interface, but can be managed with a few simple commands. Any email client can be used to send and receive the mails, for this POP3 or IMAP is offered for receiving...

Nextcloud Server Docker | Setup + https: Let's Encrypt [ssl]
To synchronize contacts, appointments, and photos of my NAS, I tested Nextcloud and thus turned my back on other cloud providers for my private data. Thanks to Docker, the installation is easier and more flexible than ever, allowing Nextcloud to run on almost any hardware.

Questions / Comments


By continuing to browse the site, you agree to our use of cookies. More Details