There are many different open-source password managers, one of which is Bitwarden, which integrates the systems you use for day-to-day operations. However, due to the fact that the setup of this server may not be done properly. So you can use Vaultwarden as an alternative to Bitwarden, which is easy to setup and compatible with Bitwarden customers. In this article, we are going to teach you How to Install Vaultwarden on Ubuntu 22.04. Ubuntu VPS server packages are provided on the Eldernode website, which you can check and purchase if you want.
Table of Contents
Tutorial SetupVaultwarden on Ubuntu 22.04
What is Vaultwarden?
Vaultwarden is a single-process, open-source, unofficial alternative to the Bitwarden server written in Rust. Also, it is a password management application that can be self-hosted and run on your infrastructure. As it is very light in terms of required resources, it can work with any of Bitwarden customers in your browsers and mobile services.
Vaultwarden uses support connections through Bitwarden clients and is less resourceful than the official Bitwarden service. You can use Bitwarden browser extensions and mobile applications supported by your server by running this service.
In the continuation of this article, after introducing the required prerequisites, you will be taught how to Install Vaultwarden on Ubuntu 22.04 step by step.
Prerequisites to Install Vaultwarden on Ubuntu 22.04
1) An Ubuntu 22.04 server
2) A non-root user with sudo privileges
Installing Vaultwarden on Ubuntu 22.04
At first, you should update the package lists with the following command:
sudo apt update
Then upgrade all the upgradeable packages using the following command:
sudo apt upgrade
After updating the required packages, restart your system with the help of the following command:
sudo reboot
You can remove old packages and dependencies by entering the following command:
sudo apt autoremove
Now you should remove any Docker older versions and the Docker engine. To do this, run the following command:
sudo apt remove docker docker.io containerd runc
Next, make sure your snapd version is updated:
sudo snap install core
sudo snap refresh core
You can install Docker by running the following command:
sudo snap install docker
How to Configure Vaultwarden on Ubuntu 22.04
First, you need to create a vaultwarden directory in your home directory and enter it. To do this, run the following commands:
mkdir ~/vaultwarden
cd ~/vaultwarden
Now open your favorite text editor and create a new docker-compose.yml file:
nano docker-compose.yml
Then you should add the following lines to the file:
version: '3' services: vaultwarden: image: vaultwarden/server:latest container_name: vaultwarden restart: always environment: - WEBSOCKET_ENABLED=true volumes: - ./vw-data:/data caddy: image: caddy:2 container_name: caddy restart: always ports: - 80:80 - 443:443 volumes: - ./Caddyfile:/etc/caddy/Caddyfile:ro - ./caddy-config:/config - ./caddy-data:/data environment: - DOMAIN= - EMAIL= - LOG_FILE=/data/access.log
Then you should add the domain name or subdomain to the DOMAIN value in the Caddy environment variables:
environment: - DOMAIN=https://example.com
Now you should add an email address for TLS/SSL certificate registration to the EMAIL value under Caddy’s environment variables. To do this, enter the following command:
environment: - DOMAIN=https://example.com - [email protected]
Remember to save and exit the text editor. You can do this by pressing “CTRL+X“, then “Y” and hitting “Enter“.
Now open your favorite text editor again and create and open a new Caddyfile as below:
nano Caddyfile
Then you need to add the following lines to the file:
{$DOMAIN}:443 { log { level INFO output file {$LOG_FILE} { roll_size 10MB roll_keep 10 } } # Get a cert by using the ACME HTTP-01 challenge. tls {$EMAIL} encode gzip # Headers to improve security. header { # Enable HSTS Strict-Transport-Security "max-age=31536000;" # Enable cross-site filter (XSS) X-XSS-Protection "1; mode=block" # Disallow the site to be rendered within a frame (clickjacking protection) X-Frame-Options "DENY" # Prevent search engines from indexing X-Robots-Tag "none" # Remove Caddy branding -Server } # Redirect notifications to the WebSocket. reverse_proxy /notifications/hub vaultwarden:3012 reverse_proxy vaultwarden:80 { header_up X-Real-IP {remote_host} } }
Finally, remember to save and exit the text editor.
Caddy is configured by Caddfile. This forwards HTTPS requests from port 443 to Vaultwarden, and additional headers are added to improve security.
How to Run Vaultwarden on Ubuntu 22.04
Now you should run Vaultwarden in detached mode. You can do this with the following command:
sudo docker-compose up -d
Then use the following command to check that Vaultwarden is running:
sudo docker ps STATUS Up x seconds/minutes
Note that the status should be Up.
How to Configure Additional Security on Vaultwarden
First, you need to disable registration. Because anyone who has access to your Vaultwarden instance will not be able to create an account.
Note that you can disable the registration after you have created your account. To do this, you should set the environmental variable SIGNUPS_ALLOWED to false in “docker-compose.yml”
services: vaultwarden: ... other configuration ... environment: - SIGNUPS_ALLOWED=false ... other configuration ...
One of the features of Vaultwarden is that it allows registered users to invite other new users to create an account on the server. If you are a single user, this may pose a security risk and it is better to disable it. To do this, just set the environmental variable INVITATIONS_ALLOWED to false in “docker-compose.yml“:
services: vaultwarden: ... other configuration ... environment: - INVITATIONS_ALLOWED=false ... other configuration ...
Password hints of Bitwarden are usually sent via email. Vaultwarden Password hints are available on the Password Help page and you don’t need to configure an email service. You can set the variable SHOW_PASSWORD_HINT in “docker-compose.yml” to false to disable password hints:
services: vaultwarden: ... other configuration ... environment: - SHOW_PASSWORD_HINT=false ... other configuration ...
Note: If the environment variables change, first you should apply the changes with the help of the following steps.
First, you need to stop Vaultwarden with the help of the following command:
sudo docker-compose down
Now return Vaultwarden by using the following command:
sudo docker-compose up -d
That’s it! Your new configuration has been applied.
You can use Bitwarden to access your Vaultwarden instance. All you have to do is change the server URL to a Vaultwarden instance, in which case you can use upstream Bitwarden clients.
Go to your Vaultwarden installation and log in to your account:
https://example.com
Finally, you should add your logins and passwords to your vault.
Conclusion
Vaultwarden provides a compatible API for many Bitwarden apps and browser extensions. In this article, you learned how to install Vaultwarden on Ubuntu 22.04 with Docker and docker-compose. Then we used Caddy to secure the configuration. If you have any questions, you can contact us in the Comments.