Self Host your own password manager (Bitwarden) (Ubuntu 18.04 - nginx reverse proxy)

There are a lot of great password managers, but they all lack two important features: they are not open source and you can't self host them, to achieve complete privacy and control over your data. Solve this by creating your own server running Bitwarden, an open source password manager.

Prerequisites

Setting up your domain

You will need one DNS records pointing to your server, in this tutorial I will be using yourdomain.com

Optional: Setting up your webserver

If you want to use your server for more than Bitwarden, you'll have to set up a reverse proxy with nginx + SSL, else you can skip this part.

Choose two free ports, for example 8018 and 8019. Then do Part One and Two of my Nginx tutorial series and come back here (use the first port in the nginx config, you'll need the second one when setting up Bitwarden).

Get a registration key

Bitwarden wants you to register your installation, so that you can buy a 10$/m premium subscription (which unlocks 2FA and groups among others, Bitwarden is already great without it), and so that they can inform you of important security updates.

Get one at bitwarden.com/host/ and come back here.

Installing dependencies

Bitwarden requires Docker and Docker Compose to run.

Docker requires some prior set up, run these commands in order to install it:

sudo apt update
sudo apt install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable"
sudo apt update
sudo apt install docker-ce
Installing Docker

What's happening here is that we first add Docker to our APT resources and then install it.

Docker Compose is a little less complicated to install, first find the current version number and use it in the commands below:

sudo curl -L https://github.com/docker/compose/releases/download/<the_current_version_number_of_docker_compose>/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
Installing Docker Compose

Installing Bitwarden

Finally, we can install Bitwarden. You will be asked a few prompts during the installation, depending on wether you've set up nginx as mentioned above, you'll need to answer differently.

Run these commands:

curl -Lso bitwarden.sh https://go.btwrdn.co/bw-sh \
    && chmod +x bitwarden.sh
./bitwarden.sh install
Installing Bitwarden

You'll be asked these prompts:

  • Your installation id and key (enter them)
  • SSL questions, choose yes to all of the prompts if you're setting it up without an nginx configuration. If you did the optional step, choose no to all of them, as you've already set up SSL in the nginx reverse proxy.

If you set up the nginx reverse proxy like above you'll have to complete one more step: Open ./bwdata/config.yml with vim or nano and change the port numbers to the ones you specified in the nginx config (I used 8018 and 8019). For example:

...
# Docker compose file port mapping for HTTP. Leave empty to remove the port mapping.
# Learn more: https://docs.docker.com/compose/compose-file/#ports
http_port: 8018
#
# Docker compose file port mapping for HTTPS. Leave empty to remove the port mapping.
# Learn more: https://docs.docker.com/compose/compose-file/#ports
# This port will not be used in our configuration.
https_port: 8019
...
Changing the port numbers

You'll probably want to set up an SMTP server to send yourself emails in ./bwdata/env/global.override.env. Change these settings to your SMTP server (for example Mailgun). You can also set up the Yubico API if you're using it for 2FA.

globalSettings__yubico__clientId=294620155
globalSettings__yubico__key=owdez88RdxVZuGbZ4fv
globalSettings__mail__smtp__host=<SMTP_HOST>
globalSettings__mail__smtp__port=587
globalSettings__mail__smtp__ssl=false
globalSettings__mail__smtp__username=<SMTP_USER>
globalSettings__mail__smtp__password=<SMTP_PASS>
Set up your SMTP server

After you made these changes, you must rebuild Bitwarden and can then start it:

./bitwarden.sh rebuild
./bitwarden.sh start
Starting Bitwarden

Further Reading: For more customisation options you can check their official docs.

Show Comments