Software·3 min lezen

Vaultwarden: Self-hosted Password Manager

Install Vaultwarden (Bitwarden self-hosted) on your VPS. Manage passwords, secure notes and 2FA privately with official Bitwarden clients.

Vaultwarden is an unofficial but compatible implementation of the Bitwarden server, written in Rust. It uses the same API as Bitwarden, so it works with all official clients (browser extension, mobile app, desktop, CLI). Ultra-lightweight: runs with less than 50 MB RAM.

Prerequisites

Docker installed
A domain with SSL (Vaultwarden requires HTTPS)
Nginx as reverse proxy

Installation with Docker

bash

mkdir -p /opt/vaultwarden/data

docker run -d \
  --name vaultwarden \
  --restart always \
  -v /opt/vaultwarden/data:/data \
  -e DOMAIN="https://vault.yourdomain.com" \
  -e SIGNUPS_ALLOWED=true \
  -e ADMIN_TOKEN=$(openssl rand -base64 48) \
  -p 127.0.0.1:8080:80 \
  vaultwarden/server:latest

The token generated with openssl rand is shown only once. Save it: you'll need it to access /admin. You can also set it manually in the environment variable.

With docker-compose (recommended)

yaml

# /opt/vaultwarden/docker-compose.yml
services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: always
    volumes:
      - ./data:/data
    environment:
      DOMAIN: "https://vault.yourdomain.com"
      SIGNUPS_ALLOWED: "false"       # disable after creating your account
      ADMIN_TOKEN: "secure_token"    # generate with: openssl rand -base64 48
      SMTP_HOST: "smtp.gmail.com"    # optional for invitation emails
      SMTP_PORT: "587"
      SMTP_FROM: "vault@yourdomain.com"
    ports:
      - "127.0.0.1:8080:80"

bash

cd /opt/vaultwarden
docker compose up -d

Nginx reverse proxy with SSL

bash

certbot certonly --nginx -d vault.yourdomain.com

nginx

server {
    listen 443 ssl;
    server_name vault.yourdomain.com;

    ssl_certificate /etc/letsencrypt/live/vault.yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/vault.yourdomain.com/privkey.pem;

    # Security headers
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;

    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # WebSocket for real-time notifications
    location /notifications/hub {
        proxy_pass http://127.0.0.1:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

server {
    listen 80;
    server_name vault.yourdomain.com;
    return 301 https://$host$request_uri;
}

bash

nginx -t && systemctl reload nginx

First access and configuration

Go to https://vault.yourdomain.com
Create the first account (admin)
Go to https://vault.yourdomain.com/admin with your ADMIN_TOKEN
Disable registrations: set SIGNUPS_ALLOWED=false in docker-compose or from admin panel

Bitwarden clients

Vaultwarden is compatible with all official Bitwarden clients. On login, change the "Server URL" to your domain:

Browser extension: Chrome, Firefox, Safari, Edge
Mobile app: iOS and Android
Desktop app: Windows, Mac, Linux
CLI: bw config server https://vault.yourdomain.com

Backup

bash

# Data is in /opt/vaultwarden/data/
# Backup the database
cp /opt/vaultwarden/data/db.sqlite3 /root/vaultwarden-backup-$(date +%Y%m%d).sqlite3

# Complete backup
tar -czf /root/vaultwarden-$(date +%Y%m%d).tar.gz /opt/vaultwarden/data/

Add to cron for automatic backups:

bash

echo "0 3 * * * tar -czf /root/backups/vaultwarden-\$(date +\%Y\%m\%d).tar.gz /opt/vaultwarden/data/ 2>/dev/null" | crontab -

Package Installation

How to install, update and remove software on your Linux server

2 min lezen

Software

Web Server: Nginx

Installation and basic configuration of Nginx on your server

2 min lezen

Software

Web Server: Apache

Installation and basic configuration of Apache on your server

2 min lezen

Terug naar Documentatie

DeluxHost, opgericht in 2023, biedt hoogwaardige hostingoplossingen voor diverse digitale behoeften. Wij bieden gedeelde hosting, VPS en dedicated servers met geavanceerde beveiliging en wereldwijde datacenters.

Alle systemen operationeel

Animaties inschakelen