How to deploy the Bitwarden self-hosted server with Docker


Jack Wallen walks you through the process of deploying a Bitwarden vault server with the help of Docker containers.

Image: STOATPHOTO/Adobe Stock

Bitwarden is one of the best open-source password managers on the market. I might even go so far as to say it’s the best password manager period. One of the many reasons why this is so is because of the tool’s flexibility, and a perfect illustration of that is the ability to deploy your very own Bitwarden server using Docker.

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

Why would you want to deploy your own Bitwarden server? You might have incredibly sensitive information that you only entrust to your internal teams. If that’s the case, why worry that data will be stored on a third-party host?

What you’ll need to deploy a Bitwarden server

I’ll be demonstrating on an instance of Ubuntu Server 22.04, but you can deploy the Bitwarden vault server on any platform that supports Docker.

How to install Docker

The first thing we’ll do is install the latest release of Docker. First, add the GPG key with the command:

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

Next, add the repository:

echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Install the necessary dependencies with the command:

sudo apt-get install apt-transport-https ca-certificates curl gnupg lsb-release -y

Finally, we can install the latest version of the Docker engine:

sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io -y

Make sure your user is a member of the docker group with the command:

sudo usermod -aG docker $USER

Log out and log back in for the changes to take effect.

How to deploy the Bitwarden server

Before we install, let’s create a new user with the command:

sudo add user bitwarden

Next, create a new directory with;

sudo mkdir /opt/bitwarden

Set the permissions and ownership of the new directory with:

sudo chmod -R 700 /opt/bitwarden
sudo chown -R bitwarden:bitwarden /opt/bitwarden

Thankfully, the developers of Bitwarden have created a handy installation script, which you can download with the command:

curl -Lso bitwarden.sh https://go.btwrdn.co/bw-sh && chmod 700 bitwarden.sh

Once the file has been downloaded, launch it with:

./bitwarden.sh install

Answer the required questions — such as domain and SSL details — and the script will then start pulling down the required Docker images. During the installation, you’ll be asked for your installation ID and key. You can access those keys from the Bitwarden host page, where you’ll be asked to enter an email address.

When that command completes, start the server with:

./bitwarden start

When the start command completes, you should be able to open a browser and point it to https://SERVER, where SERVER is the IP address or domain of the hosting server. You should see the login prompt (Figure A), where you can create a new account.

Figure A

The Bitwarden server login prompt.

Before you create your account, you’ll need to first configure SMTP.

How to configure SMTP for Bitwarden

Before you attempt to create a new account on the server, you’ll need to configure SMTP settings, otherwise, you cannot confirm your new account. To do this, open the environment variables file with the command:

nano ~/bwdata/env/global.override.env

In that file, look for (and configure) the following lines:

  • globalSettings__mail__replyToEmail= - the reply-to address
  • globalSettings__mail__smtp__host= - your SMTP host
  • globalSettings__mail__smtp__port= - your SMTP port
  • globalSettings__mail__smtp__ssl= - true is for SSL false is for TLS
  • globalSettings__mail__smtp__username= - username for the SMTP host
  • globalSettings__mail__smtp__password= - password for SMTP host

Save and close the file. Once you’ve made changes, issue the command:

./bitwarden.sh rebuild

Once everything has been rebuilt, head back to the login page, create your account and you’re good to go.

Congratulations, you’ve just deployed your very own Bitwarden server. You can now store all that team security information without hosting it on a third-party platform.

Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.



Source link