There are a lot of great password managers, but they all lack two important features: they are not open source and you can't self host them, to achieve complete privacy and control over your data. Solve this by creating your own server running Bitwarden, an open source password manager.
- One Server running Ubuntu 18.04 (16.04 should work as well, but I have not tested it), I recommend hosting it on Hetzner.
- A domain
Setting up your domain
You will need one DNS records pointing to your server, in this tutorial I will be using yourdomain.com
Optional: Setting up your webserver
If you want to use your server for more than Bitwarden, you'll have to set up a reverse proxy with nginx + SSL, else you can skip this part.
Choose two free ports, for example 8018 and 8019. Then do Part One and Two of my Nginx tutorial series and come back here (use the first port in the nginx config, you'll need the second one when setting up Bitwarden).
Get a registration key
Bitwarden wants you to register your installation, so that you can buy a 10$/m premium subscription (which unlocks 2FA and groups among others, Bitwarden is already great without it), and so that they can inform you of important security updates.
Get one at bitwarden.com/host/ and come back here.
Bitwarden requires Docker and Docker Compose to run.
Docker requires some prior set up, run these commands in order to install it:
What's happening here is that we first add Docker to our APT resources and then install it.
Docker Compose is a little less complicated to install, first find the current version number and use it in the commands below:
Finally, we can install Bitwarden. You will be asked a few prompts during the installation, depending on wether you've set up nginx as mentioned above, you'll need to answer differently.
Run these commands:
You'll be asked these prompts:
- Your installation id and key (enter them)
- SSL questions, choose yes to all of the prompts if you're setting it up without an nginx configuration. If you did the optional step, choose no to all of them, as you've already set up SSL in the nginx reverse proxy.
If you set up the nginx reverse proxy like above you'll have to complete one more step: Open ./bwdata/config.yml with vim or nano and change the port numbers to the ones you specified in the nginx config (I used 8018 and 8019). For example:
You'll probably want to set up an SMTP server to send yourself emails in ./bwdata/env/global.override.env. Change these settings to your SMTP server (for example Mailgun). You can also set up the Yubico API if you're using it for 2FA.
After you made these changes, you must rebuild Bitwarden and can then start it:
Further Reading: For more customisation options you can check their official docs.