Table of Contents
This tutorial walks you through the process of installing the Bitwarden password manager on your Ubuntu 20.04 home server. I describe all steps required to prepare your home server before installing Bitwarden, how to configure Bitwarden with a free domain name from CloudDNS, and finally how to setup an Apache reverse proxy to point your free domain to your Bitwarden instance.
Prepare Ubuntu
In a first step, upgrade all previously installed software on your server
sudo apt update
sudo apt upgrade
If you haven’t yet, install Apache if you want to access Bitwarden from outside of your local network.
sudo apt install apache2 curl
Next, we need to install docker. Before installing docker though, we need install a few dependencies first.
sudo apt install apt-transport-https ca-certificates gnupg-agent software-properties-common
Add GPG key for the official docker repository to your system and add the docker repository
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"
Install docker
sudo apt update
sudo apt install docker-ce
sudo apt install docker-compose
Add user to docker group
sudo usermod -aG docker $USER
Install Bitwarden
First, request a hosting instance ID & Key from https://bitwarden.com/host
Then simply download the Bitwarden install script to your server, make it executable and execute it:
curl -Lso bitwarden.sh https://go.btwrdn.co/bw-sh
sudo chmod 700 bitwarden.sh
sudo bash bitwarden.sh install
Provide requested information – I generally like to use an Apache reverse proxy to handle the SSL certificate part, so just set up Bitwarden without encryption and let Apache deal with the certificate.
(!) Enter the domain name for your Bitwarden instance (ex. bitwarden.example.com): <ENTER YOUR DOMAIN>
(!) Enter the database name for your Bitwarden instance (ex. vault): <LEAVE EMPTY>
1.44.1: Pulling from bitwarden/setup
Digest: sha256:d06b051e84345232f673bb2a2a9a374fe3ae41b20ac5d8842d3cb0e32e170281
Status: Image is up to date for bitwarden/setup:1.44.1
docker.io/bitwarden/setup:1.44.1
(!) Enter your installation id (get at https://bitwarden.com/host): <YOUR ID>
(!) Enter your installation key: <YOUR KEY>
(!) Do you have a SSL certificate to use? (y/n): n
(!) Do you want to generate a self-signed SSL certificate? (y/n): y
If you don’t have a domain name yet (and want to access your Bitwarden instance over the internet) get a free domain name from ClouDNS. I will publish another tutorial soon that will show you how to set up dynamic DNS using ClouDNS which is required if your IP address changes on a daily basis (otherwise the URL will start pointing to the wrong public IP address). Check this space for updates.
Configure Bitwarden
Open the Bitwarden configuration file, e.g. using nano
# We will point to this port using our Apache reverse proxy
http_port: 8080
# Remove the https_port
https_port:
# Set SSL to false
ssl: false
# Specify the correct SSL certificates that you will use with your Apache reverse proxy
ssl_certificate_path: /etc/letsencrypt/live/<YOUR SITE>.dnsabr.com/cert.pem
ssl_key_path: /etc/letsencrypt/live/<YOUR SITE>.dnsabr.com/privkey.pem
If you don’t already have a wildcard SSL certificate from Letsencrpyt, follow this guide to set one up!
Update the Bitwarden Docker files and run Bitwarden using
sudo bash bitwarden.sh update
Check if Bitwarden docker image is running
roman@tutserv:~$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
33d44408e466 bitwarden/nginx:1.44.1 "/entrypoint.sh" About a minute ago Up About a minute (healthy) 80/tcp, 8443/tcp, 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp bitwarden-nginx
a22136c4c35b bitwarden/admin:1.44.1 "/entrypoint.sh" About a minute ago Up About a minute (healthy) 5000/tcp bitwarden-admin
d7843222d672 bitwarden/sso:1.44.1 "/entrypoint.sh" About a minute ago Up About a minute (healthy) 5000/tcp bitwarden-sso
a4acf3bc8306 bitwarden/web:2.24.2 "/entrypoint.sh" About a minute ago Up About a minute (healthy) bitwarden-web
877e63e69cc1 bitwarden/attachments:1.44.1 "/entrypoint.sh" About a minute ago Up About a minute (healthy) bitwarden-attachments
dec2a5a4a4f8 bitwarden/identity:1.44.1 "/entrypoint.sh" About a minute ago Up About a minute (healthy) 5000/tcp bitwarden-identity
74c4d1e8a3c6 bitwarden/notifications:1.44.1 "/entrypoint.sh" About a minute ago Up About a minute (healthy) 5000/tcp bitwarden-notifications
5ca0bb69adcc bitwarden/mssql:1.44.1 "/entrypoint.sh" About a minute ago Up About a minute (healthy) bitwarden-mssql
15217bd83f74 bitwarden/icons:1.44.1 "/entrypoint.sh" About a minute ago Up About a minute (healthy) 5000/tcp bitwarden-icons
f0d0c0a8528f bitwarden/events:1.44.1 "/entrypoint.sh" About a minute ago Up About a minute (healthy) 5000/tcp bitwarden-events
0c09374e71f7 bitwarden/api:1.44.1 "/entrypoint.sh" About a minute ago Up About a minute (healthy) 5000/tcp bitwarden-api
Set up Apache reverse proxy
Edit the Apache2 ssl configuration file and add a virtual host entry similar to the one below
<VirtualHost *:443>
ServerName <YOUR SITE>.dnsabr.com
SSLEngine On
SSLProxyEngine On
SSLProxyVerify none
ProxyVia On
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ProxyPreserveHost on
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
<Proxy *>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Proxy>
SSLCertificateFile /etc/letsencrypt/live/<YOUR SITE>.dnsabr.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/<YOUR SITE>.dnsabr.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/<YOUR SITE>.dnsabr.com/chain.pem
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log example
</VirtualHost>
Reload Apache2
sudo service apache2 restart
And just that simply did you install Bitwarden on Ubuntu! You should now be able to access your Bitwarden instance on <YOUR SITE>.dnsabr.com
Enjoy!
I am getting default apache page only post following the guidelines
I’m stuck as well. I’ve ran through this 4 or 5 times now. I have a website so I set up a subdomain on my website and it comes with an SSL certificate.
Once I get all the way to the end, I can access Bitwarden locally but the “Create account” button doesn’t do anything.
I’m also not able to access my vault from outside my network even though my webhost cPanel confirms the subdomain is linked to my public IP address.
I’ve also tried to forward port 8080 from my public IP to my local Bitwarden. It’s still not working outside my network.
Just followed your video with the instructions , one thing that is different in video and the instructions is that to keep the vault name empty. If left empty as in instructions , bitwarden does not show up . If followed like in the video using value “vault” it works fine.
i run nginx manager running on a different VM that handles all ssl and certifications – after completing your tutorial i can access the instance of bitwarden running locally but am unable to login. the page is stuck on the login page and when i enter my account email and password the page freezes then spits out an handling error.
even with nginx forwarding to the page i also have an issue with the certification on the site being untrusted.
if i avoid using nginx and access the bitwarden with local ip address i still have an issue with the certification on the site being untrusted.
So I have set everthing up like you showed in the video but I only can acess Bitwarden over http
Is there an Nginx version for this? I have Bitwarden running locally on the server, but I cannot access it remotely and I have Nginx hosting 3 web services and not Apache.
So I followed your guide. I have done it a few times now, screwing up and starting over. I also followed the official guide in the bitwarden documentation. Bitwarden seems to be running but I can not access it. I am running PFSense with HA Proxy and ACME for https ssl offload and web access. I know all that is working because I have Nextcloud and a RD gateway server sitting behind that and fully accessible form my local LAN and the WAN. All of that is pointed at the localhost IP. I don’t quite understand why you use apache if docker has Nginx. Is my issue the multiple proxies? I can’t even access bitwarden local with the localhost:80/ 8080 nor localhost:443. What am I doing wrong. The one thing that I ran into before I could get bitwarden container up and running was change key-connector= true, it was false in my install. This is a hobby so I am definitely out of my depth but I understand the mechanics of it.
Thanks
Nick
Merry Christmas and Happy New Year
Okay I can access the apache server from my LAN and as the WAN. Problem is I am just seeing the default Apache2 Ubuntu default page.
Hi Nick!
You don’t have to use Apache. I’ve just already had 5 apps using Apache as reverse procxy, so it made sense to use it also for Bitwarden. I’m afraid I’m not familiar with HA Proxy but I guess you could use it to route traffic from the web to your Bitwarden instance as well?
However, the first step would be to make sure that you can connect to Bitwarden using:8080. If that fails than you have likely a firewall issue that does not allow you to connect (I would guess).
Best,
Roman
i have exactly the same issue – i dont use apache, i didnt install it during the setup process. i use nginx proxy manager in another vm to route to my services however i cannot access bitwarden on either my local ip or domain.