Bitwarden On-Premise

PreviousMisc Labs NextOpenWrt & WiFi Exploitation

Last updated 18 days ago

Was this helpful?

Bitwarden On-Premise

BITWARDEN - Deploy to Ubuntu Server

🔗 (always check for updated process)

Network and Domain

Point your DNS records domain to your Linux host machine, if you want to reach it from the public network.
Open these ports so Bitwarden can be accessed from inside the network (in this case).
- 80 (http) , 11443 (https)
On the Linux machine:

sudo ufw allow 80
sudo ufw allow 11443
sudo ufw status

Install Docker and Docker Compose

🔗

Install dependencies and setup repository

# uninstall older Docker versions:
sudo apt-get remove docker docker-engine docker.io containerd runc

sudo apt update
sudo apt install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common lsb-release

sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Install Docker Engine and Compose

sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-compose-plugin

# Try docker:
sudo docker compose version
sudo docker version
sudo docker run hello-world

# Configure Docker to start on boot
sudo systemctl enable docker.service
sudo systemctl enable containerd.service

Create Bitwarden Local User and directory

sudo adduser bitwarden
sudo passwd bitwarden
sudo groupadd docker
sudo usermod -aG docker bitwarden
sudo mkdir /opt/bitwarden
sudo chmod -R 700 /opt/bitwarden
sudo chown -R bitwarden:bitwarden /opt/bitwarden

Install Bitwarden

Use the shell script for installation with the bitwarden user in the /opt/bitwarden directory

su - bitwarden
cd /opt/bitwarden
curl -Lso /opt/bitwarden/bitwarden.sh "https://func.bitwarden.com/api/dl/?app=self-host&platform=linux" && chmod 700 /opt/bitwarden/bitwarden.sh
./bitwarden.sh install
# Enter the domain name for your Bitwarden instance (ex. bitwarden.example.com):
	bitwarden.yourdomain.com

# Do you want to use Let's Encrypt to generate a free SSL certificate? (y/n):
	n
### Choose Y to generate trusted Let's Encrypt SSL certificate (ports 80 and 443 have to be open for certbot)

# Enter the database name for your Bitwarden instance (ex. vault):
	vault

# Enter your installation id (get at https://bitwarden.com/host):
# Enter your installation key:

# Do you have a SSL certificate to use? (y/n):
	n
# Do you want to generate a self-signed SSL certificate? (y/n):
	y
# ^^^ This option is only recommended for testing.

Installation ids keys are used when installing Bitwarden on-premises in order to:
Register your installation and contain email so that we can contact you for important security updates.
Authenticate to push relay servers for push notifications to Bitwarden client applications.
Validate licensing of paid features.
You should not share your installation id or installation key across multiple Bitwarden installations. They should be treated as secrets.

# If you need to make additional configuration changes, you can modify the settings in `./bwdata/config.yml` and then run:
`./bitwarden.sh rebuild` or `./bitwarden.sh update`

nano ./bwdata/env/global.override.env
# adminSettings__admins=yourmail@gmail.com

# nano ./bwdata/config.yml

# Next steps, run:
./bitwarden.sh start

# Bitwarden is up and running!
# ===================================================
# visit https://bitwarden.yourdomain.com
# to update, run
./bitwarden.sh updateself
./bitwarden.sh update

Automatic Update

Create a cronjob to run the updates automatically

su - bitwarden
nano /opt/bitwarden/bwdata/scripts/updatebw.sh

Add the 3 lines to the script:

#!/bin/bash
/opt/bitwarden/bitwarden.sh updateself
/opt/bitwarden/bitwarden.sh update

Make the script executable:

chmod +x updatebw.sh
crontab -e
# Add lines to update and start Bitwarden at boot:
@reboot /opt/bitwarden/bwdata/scripts/updatebw.sh >/dev/null 2>&1
@reboot /opt/bitwarden/bitwarden.sh start

# or for Example: on every Sunday at 2:00 
0 2 * * 0 /opt/bitwarden/bwdata/scripts/updatebw.sh >/dev/null 2>&1

Change https port

nano /opt/bitwarden/bwdata/config.yml
# Set https_port variable to 11443
	https_port: 11443
# Save and exit.
# Update
./bitwarden.sh update

Manual Bitwarden Update

su - bitwarden
cd /opt/bitwarden
curl -Lso /opt/bitwarden/bitwarden.sh "https://func.bitwarden.com/api/dl/?app=self-host&platform=linux" && chmod 700 /opt/bitwarden/bitwarden.sh
/opt/bitwarden/bitwarden.sh updateself
/opt/bitwarden/bitwarden.sh update

# or run the script created before
/opt/bitwarden/bwdata/scripts/updatebw.sh

Start and Stop Bitwarden

su - bitwarden
/opt/bitwarden/bitwarden.sh stop
/opt/bitwarden/bitwarden.sh start

Offline Starting

Since bitwarden.sh requires internet connection to work, Bitwarden can be started offline using the docker container already present on the host.

su - bitwarden

# Start
docker-compose -f /opt/bitwarden/bwdata/docker/docker-compose.yml up -d

# Stop
docker-compose -f /opt/bitwarden/bwdata/docker/docker-compose.yml down

PreviousMisc Labs NextOpenWrt & WiFi Exploitation

Last updated 18 days ago

Was this helpful?

BITWARDEN - Deploy to Ubuntu Server

🔗 (always check for updated process)

Network and Domain

Point your DNS records domain to your Linux host machine, if you want to reach it from the public network.
Open these ports so Bitwarden can be accessed from inside the network (in this case).
- 80 (http) , 11443 (https)
On the Linux machine:

sudo ufw allow 80
sudo ufw allow 11443
sudo ufw status

Install Docker and Docker Compose

🔗

Install dependencies and setup repository

# uninstall older Docker versions:
sudo apt-get remove docker docker-engine docker.io containerd runc

sudo apt update
sudo apt install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common lsb-release

sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Install Docker Engine and Compose

sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-compose-plugin

# Try docker:
sudo docker compose version
sudo docker version
sudo docker run hello-world

# Configure Docker to start on boot
sudo systemctl enable docker.service
sudo systemctl enable containerd.service

Create Bitwarden Local User and directory

sudo adduser bitwarden
sudo passwd bitwarden
sudo groupadd docker
sudo usermod -aG docker bitwarden
sudo mkdir /opt/bitwarden
sudo chmod -R 700 /opt/bitwarden
sudo chown -R bitwarden:bitwarden /opt/bitwarden

Install Bitwarden

Use the shell script for installation with the bitwarden user in the /opt/bitwarden directory

su - bitwarden
cd /opt/bitwarden
curl -Lso /opt/bitwarden/bitwarden.sh "https://func.bitwarden.com/api/dl/?app=self-host&platform=linux" && chmod 700 /opt/bitwarden/bitwarden.sh
./bitwarden.sh install
# Enter the domain name for your Bitwarden instance (ex. bitwarden.example.com):
	bitwarden.yourdomain.com

# Do you want to use Let's Encrypt to generate a free SSL certificate? (y/n):
	n
### Choose Y to generate trusted Let's Encrypt SSL certificate (ports 80 and 443 have to be open for certbot)

# Enter the database name for your Bitwarden instance (ex. vault):
	vault

# Enter your installation id (get at https://bitwarden.com/host):
# Enter your installation key:

# Do you have a SSL certificate to use? (y/n):
	n
# Do you want to generate a self-signed SSL certificate? (y/n):
	y
# ^^^ This option is only recommended for testing.

Retrieve an installation id using a valid email at .

🔗
Installation ids keys are used when installing Bitwarden on-premises in order to:
Register your installation and contain email so that we can contact you for important security updates.
Authenticate to push relay servers for push notifications to Bitwarden client applications.
Validate licensing of paid features.
Retrieve an installation id and key from .
You should not share your installation id or installation key across multiple Bitwarden installations. They should be treated as secrets.

# If you need to make additional configuration changes, you can modify the settings in `./bwdata/config.yml` and then run:
`./bitwarden.sh rebuild` or `./bitwarden.sh update`

nano ./bwdata/env/global.override.env
# adminSettings__admins=yourmail@gmail.com

# nano ./bwdata/config.yml

# Next steps, run:
./bitwarden.sh start

# Bitwarden is up and running!
# ===================================================
# visit https://bitwarden.yourdomain.com
# to update, run
./bitwarden.sh updateself
./bitwarden.sh update

Automatic Update

Create a cronjob to run the updates automatically

su - bitwarden
nano /opt/bitwarden/bwdata/scripts/updatebw.sh

Add the 3 lines to the script:

#!/bin/bash
/opt/bitwarden/bitwarden.sh updateself
/opt/bitwarden/bitwarden.sh update

Make the script executable:

chmod +x updatebw.sh
crontab -e
# Add lines to update and start Bitwarden at boot:
@reboot /opt/bitwarden/bwdata/scripts/updatebw.sh >/dev/null 2>&1
@reboot /opt/bitwarden/bitwarden.sh start

# or for Example: on every Sunday at 2:00 
0 2 * * 0 /opt/bitwarden/bwdata/scripts/updatebw.sh >/dev/null 2>&1

Change https port

nano /opt/bitwarden/bwdata/config.yml
# Set https_port variable to 11443
	https_port: 11443
# Save and exit.
# Update
./bitwarden.sh update

Manual Bitwarden Update

su - bitwarden
cd /opt/bitwarden
curl -Lso /opt/bitwarden/bitwarden.sh "https://func.bitwarden.com/api/dl/?app=self-host&platform=linux" && chmod 700 /opt/bitwarden/bitwarden.sh
/opt/bitwarden/bitwarden.sh updateself
/opt/bitwarden/bitwarden.sh update

# or run the script created before
/opt/bitwarden/bwdata/scripts/updatebw.sh

Start and Stop Bitwarden

su - bitwarden
/opt/bitwarden/bitwarden.sh stop
/opt/bitwarden/bitwarden.sh start

Offline Starting

Since bitwarden.sh requires internet connection to work, Bitwarden can be started offline using the docker container already present on the host.

su - bitwarden

# Start
docker-compose -f /opt/bitwarden/bwdata/docker/docker-compose.yml up -d

# Stop
docker-compose -f /opt/bitwarden/bwdata/docker/docker-compose.yml down