Torna alla DocumentazioneVaultwarden is an unofficial but compatible implementation of the Bitwarden server, written in Rust. It uses the same API as Bitwarden, so it works with all official clients (browser extension, mobile app, desktop, CLI). Ultra-lightweight: runs with less than 50 MB RAM.
Prerequisites
- Docker installed
- A domain with SSL (Vaultwarden requires HTTPS)
- Nginx as reverse proxy
Installation with Docker
mkdir -p /opt/vaultwarden/data
docker run -d \
--name vaultwarden \
--restart always \
-v /opt/vaultwarden/data:/data \
-e DOMAIN="https://vault.yourdomain.com" \
-e SIGNUPS_ALLOWED=true \
-e ADMIN_TOKEN=$(openssl rand -base64 48) \
-p 127.0.0.1:8080:80 \
vaultwarden/server:latest
The token generated with openssl rand is shown only once. Save it: you'll need it to access /admin. You can also set it manually in the environment variable.
With docker-compose (recommended)
# /opt/vaultwarden/docker-compose.yml
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: always
volumes:
- ./data:/data
environment:
DOMAIN: "https://vault.yourdomain.com"
SIGNUPS_ALLOWED: "false" # disable after creating your account
ADMIN_TOKEN: "secure_token" # generate with: openssl rand -base64 48
SMTP_HOST: "smtp.gmail.com" # optional for invitation emails
SMTP_PORT: "587"
SMTP_FROM: "vault@yourdomain.com"
ports:
- "127.0.0.1:8080:80"
cd /opt/vaultwarden
docker compose up -d
Nginx reverse proxy with SSL
certbot certonly --nginx -d vault.yourdomain.com
server {
listen 443 ssl;
server_name vault.yourdomain.com;
ssl_certificate /etc/letsencrypt/live/vault.yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/vault.yourdomain.com/privkey.pem;
# Security headers
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# WebSocket for real-time notifications
location /notifications/hub {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
listen 80;
server_name vault.yourdomain.com;
return 301 https://$host$request_uri;
}
nginx -t && systemctl reload nginx
First access and configuration
- Go to https://vault.yourdomain.com
- Create the first account (admin)
- Go to https://vault.yourdomain.com/admin with your ADMIN_TOKEN
- Disable registrations: set SIGNUPS_ALLOWED=false in docker-compose or from admin panel
Bitwarden clients
Vaultwarden is compatible with all official Bitwarden clients. On login, change the "Server URL" to your domain:
- Browser extension: Chrome, Firefox, Safari, Edge
- Mobile app: iOS and Android
- Desktop app: Windows, Mac, Linux
- CLI: bw config server https://vault.yourdomain.com
Backup
# Data is in /opt/vaultwarden/data/
# Backup the database
cp /opt/vaultwarden/data/db.sqlite3 /root/vaultwarden-backup-$(date +%Y%m%d).sqlite3
# Complete backup
tar -czf /root/vaultwarden-$(date +%Y%m%d).tar.gz /opt/vaultwarden/data/
Add to cron for automatic backups:
echo "0 3 * * * tar -czf /root/backups/vaultwarden-\$(date +\%Y\%m\%d).tar.gz /opt/vaultwarden/data/ 2>/dev/null" | crontab -
Articoli correlati
Package Installation
How to install, update and remove software on your Linux server
Web Server: Nginx
Installation and basic configuration of Nginx on your server
Web Server: Apache
Installation and basic configuration of Apache on your server
DeluxHost, fondata nel 2023, offre soluzioni di hosting di alta qualità per diverse esigenze digitali. Forniamo hosting condiviso, VPS e server dedicati con sicurezza avanzata e datacenter globali.
