How to deploy a Bitwarden server with Docker

Looking to deploy an internal password management server? Jack Wallen shows you how to do it with Bitwarden and Docker.

Image: BeeBright / Shutterstock

Bitwarden is one of my favorite password managers. But if you are seriously concerned about security and prefer not to save your password database on a third-party server, you may want to consider deploying your own Bitwarden server.

It might sound like a serious challenge, but thanks to Docker, it’s actually pretty straightforward. I’ll show you how to do just that.

SEE: Password Breach: Why Pop Culture and Passwords Don’t Mix (Free PDF) (TechRepublic)

What you will need

The only things you will need to make this happen are a server that supports Docker and a user with sudo privileges. I will do a demo on Ubuntu Server 20.04.

Ready? Okay.

How to install Docker

If Docker isn’t installed, let’s do it now. We’ll be using Docker Compose, so there’s more to install than usual.

First, install the necessary dependencies with:

sudo apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y

Then add the Docker GPG key with:

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

Note: The above method to add a key is deprecated but still works.

Add the correct deposit:

sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

Update apt and install with the following:

sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-compose

How to create the Bitwarden user

To be sure, we’ll be running all of this with a specific user. First, we will create a directory for the user with:

sudo mkdir /opt/bitwarden

Create the user with:

sudo adduser bitwarden

Give the newly created directory the appropriate permission and ownership with:

sudo chmod -R 700 /opt/bitwarden
sudo chown -R bitwarden:bitwarden /opt/bitwarden

Add the user bitwarden to the docker group with:

sudo usermod -aG docker bitwarden

Switch to the bitwarden user with:

su bitwarden
cd

How to download the installation script and deploy Bitwarden

Download the handy installation script with:

curl -Lso bitwarden.sh https://go.btwrdn.co/bw-sh && chmod 700 bitwarden.sh

Before running the installation script, make sure that no web server is already running (because Bitwarden will run on port 80 and it will not start if this port is already in use) . Kill Apache with:

sudo systemctl stop apache2

If this is a Red Hat-based machine, this command would be:

sudo systemctl stop httpd

If you are using NGINX, stop it with the command:

sudo systemctl stop nginx

Run the installer with:

./bitwarden.sh install

You will be asked for an FQDN. If you don’t plan to access Bitwarden from outside your local network, you can always use an IP address for this.

It will take some time for all containers to be extracted and deployed.

Next, we need to configure the SMTP server that Bitwarden will use. Once the deployment is complete, open the configuration file with:

nano ~/bwdata/env/global.override.env

In that file, find and configure the following sections, using an available SMTP server (I used the one from Google):

globalSettings__mail__smtp__host=REPLACE
globalSettings__mail__smtp__port=REPLACE
globalSettings__mail__smtp__ssl=REPLACE
globalSettings__mail__smtp__username=REPLACE
globalSettings__mail__smtp__password=REPLACE
adminSettings__admins= ADMIN_EMAIL

Make sure to replace each instance of REPLACE with your SMTP server settings and ADMIN_EMAIL with an email address for the administrator user. Save and close the file.

Finally, start the Bitwarden server with:

./bitwarden.sh start

How to access your Bitwarden server

Open a web browser and point it to https: // SERVER (where SERVER is the IP address or domain of the machine hosting your Bitwarden server). You should be presented with the Bitwarden web UI (Figure A).

Figure A

bitwardenservera.jpg

Bitwarden’s web user interface is an easy-to-use password manager.

Click Create Account to create your Bitwarden account. Once you’ve created it, log in with the credentials and you can start using your Bitwarden server to host your passwords… which will all stay on your own hardware.

Also look