# Bitwarden On-Premise ## BITWARDEN - Deploy to Ubuntu Server > 🔗 [Official Docs - Install and Deploy - Linux](https://bitwarden.com/help/install-on-premise-linux/) (always check for updated process) ### Network and Domain * Point your DNS records domain to your Linux host machine, if you want to reach it from the public network. * Open these ports so Bitwarden can be accessed from inside the network (in this case). * `80` (http) , `11443` (https) * On the Linux machine: ```bash sudo ufw allow 80 sudo ufw allow 11443 sudo ufw status ``` ### Install Docker and Docker Compose 🔗 [Docs - Install Docker Engine on Ubuntu](https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository) * Install dependencies and setup repository ```bash # uninstall older Docker versions: sudo apt-get remove docker docker-engine docker.io containerd runc sudo apt update sudo apt install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common lsb-release ``` ```bash sudo mkdir -p /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null ``` * Install Docker Engine and Compose ```bash sudo apt update sudo apt install docker-ce docker-ce-cli containerd.io docker-compose-plugin # Try docker: sudo docker compose version sudo docker version sudo docker run hello-world # Configure Docker to start on boot sudo systemctl enable docker.service sudo systemctl enable containerd.service ``` ### Create Bitwarden Local User and directory ```bash sudo adduser bitwarden sudo passwd bitwarden sudo groupadd docker sudo usermod -aG docker bitwarden sudo mkdir /opt/bitwarden sudo chmod -R 700 /opt/bitwarden sudo chown -R bitwarden:bitwarden /opt/bitwarden ``` ### Install Bitwarden * Use the shell script for installation with the `bitwarden` user in the `/opt/bitwarden` directory ```bash su - bitwarden cd /opt/bitwarden curl -Lso /opt/bitwarden/bitwarden.sh "https://func.bitwarden.com/api/dl/?app=self-host&platform=linux" && chmod 700 /opt/bitwarden/bitwarden.sh ./bitwarden.sh install # Enter the domain name for your Bitwarden instance (ex. bitwarden.example.com): bitwarden.yourdomain.com # Do you want to use Let's Encrypt to generate a free SSL certificate? (y/n): n ### Choose Y to generate trusted Let's Encrypt SSL certificate (ports 80 and 443 have to be open for certbot) # Enter the database name for your Bitwarden instance (ex. vault): vault # Enter your installation id (get at https://bitwarden.com/host): # Enter your installation key: # Do you have a SSL certificate to use? (y/n): n # Do you want to generate a self-signed SSL certificate? (y/n): y # ^^^ This option is only recommended for testing. ``` * Retrieve an **installation id** using a valid email at [https://bitwarden.com/host](https://bitwarden.com/host/). > 🔗 [Hosting FAQs](https://bitwarden.com/help/hosting-faqs/#general) > > Installation ids keys are used when installing Bitwarden on-premises in order to: > > * Register your installation and contain email so that we can contact you for important security updates. > * Authenticate to push relay servers for push notifications to Bitwarden client applications. > * Validate licensing of paid features. > > Retrieve an installation id and key from [https://bitwarden.com/host](https://bitwarden.com/host/). > > **You should not share your installation id or installation key across multiple Bitwarden installations.** They should be treated as secrets. ```bash # If you need to make additional configuration changes, you can modify the settings in `./bwdata/config.yml` and then run: `./bitwarden.sh rebuild` or `./bitwarden.sh update` nano ./bwdata/env/global.override.env # adminSettings__admins=yourmail@gmail.com # nano ./bwdata/config.yml # Next steps, run: ./bitwarden.sh start # Bitwarden is up and running! # =================================================== # visit https://bitwarden.yourdomain.com # to update, run ./bitwarden.sh updateself ./bitwarden.sh update ``` ### Automatic Update * Create a cronjob to run the updates automatically ```bash su - bitwarden nano /opt/bitwarden/bwdata/scripts/updatebw.sh ``` * Add the 3 lines to the script: ```bash #!/bin/bash /opt/bitwarden/bitwarden.sh updateself /opt/bitwarden/bitwarden.sh update ``` * Make the script executable: ```bash chmod +x updatebw.sh crontab -e # Add lines to update and start Bitwarden at boot: @reboot /opt/bitwarden/bwdata/scripts/updatebw.sh >/dev/null 2>&1 @reboot /opt/bitwarden/bitwarden.sh start # or for Example: on every Sunday at 2:00 0 2 * * 0 /opt/bitwarden/bwdata/scripts/updatebw.sh >/dev/null 2>&1 ``` * Change https port ```bash nano /opt/bitwarden/bwdata/config.yml # Set https_port variable to 11443 https_port: 11443 # Save and exit. # Update ./bitwarden.sh update ``` ### Manual Bitwarden Update ```bash su - bitwarden cd /opt/bitwarden curl -Lso /opt/bitwarden/bitwarden.sh "https://func.bitwarden.com/api/dl/?app=self-host&platform=linux" && chmod 700 /opt/bitwarden/bitwarden.sh /opt/bitwarden/bitwarden.sh updateself /opt/bitwarden/bitwarden.sh update # or run the script created before /opt/bitwarden/bwdata/scripts/updatebw.sh ``` ## Start and Stop Bitwarden ```bash su - bitwarden /opt/bitwarden/bitwarden.sh stop /opt/bitwarden/bitwarden.sh start ``` ### Offline Starting * Since `bitwarden.sh` requires internet connection to work, Bitwarden can be started offline using the docker container already present on the host. ```bash su - bitwarden # Start docker-compose -f /opt/bitwarden/bwdata/docker/docker-compose.yml up -d # Stop docker-compose -f /opt/bitwarden/bwdata/docker/docker-compose.yml down ``` *** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://blog.syselement.com/home/home-lab/misc/bitwarden-onpremise.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.