TwitterGitHubBuy Me a BookContact

Bitwarden On-Premise

BITWARDEN - Deploy to Ubuntu Server

🔗 Official Docs - Install and Deploy - Linux (always check for updated process)

Network and Domain

  • Point your DNS records domain to your Linux host machine, if you want to reach it from the public network.

  • Open these ports so Bitwarden can be accessed from inside the network (in this case).

    • 80 (http) , 11443 (https)

  • On the Linux machine:

sudo ufw allow 80
sudo ufw allow 11443
sudo ufw status

Install Docker and Docker Compose

🔗 Docs - Install Docker Engine on Ubuntu

  • Install dependencies and setup repository

# uninstall older Docker versions:
sudo apt-get remove docker docker-engine docker.io containerd runc

sudo apt update
sudo apt install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common lsb-release
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

  • Install Docker Engine and Compose

sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-compose-plugin

# Try docker:
sudo docker compose version
sudo docker version
sudo docker run hello-world

# Configure Docker to start on boot
sudo systemctl enable docker.service
sudo systemctl enable containerd.service

Create Bitwarden Local User and directory

sudo adduser bitwarden
sudo passwd bitwarden
sudo groupadd docker
sudo usermod -aG docker bitwarden
sudo mkdir /opt/bitwarden
sudo chmod -R 700 /opt/bitwarden
sudo chown -R bitwarden:bitwarden /opt/bitwarden

Install Bitwarden

  • Use the shell script for installation with the bitwarden user in the /opt/bitwarden directory

su - bitwarden
cd /opt/bitwarden
curl -Lso /opt/bitwarden/bitwarden.sh "https://func.bitwarden.com/api/dl/?app=self-host&platform=linux" && chmod 700 /opt/bitwarden/bitwarden.sh
./bitwarden.sh install
# Enter the domain name for your Bitwarden instance (ex. bitwarden.example.com):
	bitwarden.yourdomain.com

# Do you want to use Let's Encrypt to generate a free SSL certificate? (y/n):
	n
### Choose Y to generate trusted Let's Encrypt SSL certificate (ports 80 and 443 have to be open for certbot)

# Enter the database name for your Bitwarden instance (ex. vault):
	vault

# Enter your installation id (get at https://bitwarden.com/host):
# Enter your installation key:

# Do you have a SSL certificate to use? (y/n):
	n
# Do you want to generate a self-signed SSL certificate? (y/n):
	y
# ^^^ This option is only recommended for testing.

🔗 Hosting FAQs

Installation ids keys are used when installing Bitwarden on-premises in order to:

  • Register your installation and contain email so that we can contact you for important security updates.

  • Authenticate to push relay servers for push notifications to Bitwarden client applications.

  • Validate licensing of paid features.

Retrieve an installation id and key from https://bitwarden.com/host.

You should not share your installation id or installation key across multiple Bitwarden installations. They should be treated as secrets.

# If you need to make additional configuration changes, you can modify the settings in `./bwdata/config.yml` and then run:
`./bitwarden.sh rebuild` or `./bitwarden.sh update`

nano ./bwdata/env/global.override.env
# adminSettings__admins=yourmail@gmail.com

# nano ./bwdata/config.yml

# Next steps, run:
./bitwarden.sh start

# Bitwarden is up and running!
# ===================================================
# visit https://bitwarden.yourdomain.com
# to update, run
./bitwarden.sh updateself
./bitwarden.sh update

Automatic Update

  • Create a cronjob to run the updates automatically

su - bitwarden
nano /opt/bitwarden/bwdata/scripts/updatebw.sh

  • Add the 3 lines to the script:

#!/bin/bash
/opt/bitwarden/bitwarden.sh updateself
/opt/bitwarden/bitwarden.sh update

  • Make the script executable:

chmod +x updatebw.sh
crontab -e
# Add lines to update and start Bitwarden at boot:
@reboot /opt/bitwarden/bwdata/scripts/updatebw.sh >/dev/null 2>&1
@reboot /opt/bitwarden/bitwarden.sh start

# or for Example: on every Sunday at 2:00 
0 2 * * 0 /opt/bitwarden/bwdata/scripts/updatebw.sh >/dev/null 2>&1

  • Change https port

nano /opt/bitwarden/bwdata/config.yml
# Set https_port variable to 11443
	https_port: 11443
# Save and exit.
# Update
./bitwarden.sh update

Manual Bitwarden Update

su - bitwarden
cd /opt/bitwarden
curl -Lso /opt/bitwarden/bitwarden.sh "https://func.bitwarden.com/api/dl/?app=self-host&platform=linux" && chmod 700 /opt/bitwarden/bitwarden.sh
/opt/bitwarden/bitwarden.sh updateself
/opt/bitwarden/bitwarden.sh update

# or run the script created before
/opt/bitwarden/bwdata/scripts/updatebw.sh

Start and Stop Bitwarden

su - bitwarden
/opt/bitwarden/bitwarden.sh stop
/opt/bitwarden/bitwarden.sh start

Offline Starting

  • Since bitwarden.sh requires internet connection to work, Bitwarden can be started offline using the docker container already present on the host.

su - bitwarden

# Start
docker-compose -f /opt/bitwarden/bwdata/docker/docker-compose.yml up -d

# Stop
docker-compose -f /opt/bitwarden/bwdata/docker/docker-compose.yml down
PreviousMisc LabsNextOpenWrt & WiFi Exploitation

Last updated