Advance

How to Install Vaultwarden on Ubuntu 22.04

How to Install Vaultwarden on Ubuntu 22.04

There are many different open-source password managers, one of which is Bitwarden, which integrates the systems you use for day-to-day operations. However, due to the fact that the setup of this server may not be done properly. So you can use Vaultwarden as an alternative to Bitwarden, which is easy to setup and compatible with Bitwarden customers. In this article, we are going to teach you How to Install Vaultwarden on Ubuntu 22.04. Ubuntu VPS server packages are provided on the Eldernode website, which you can check and purchase if you want.

Tutorial SetupVaultwarden on Ubuntu 22.04

Recommended Article: Tutorial Install and use SonarQube on Ubuntu 20.04

What is Vaultwarden?

Vaultwarden is a single-process, open-source, unofficial alternative to the Bitwarden server written in Rust. Also, it is a password management application that can be self-hosted and run on your infrastructure. As it is very light in terms of required resources, it can work with any of Bitwarden customers in your browsers and mobile services.

Vaultwarden uses support connections through Bitwarden clients and is less resourceful than the official Bitwarden service. You can use Bitwarden browser extensions and mobile applications supported by your server by running this service.

In the continuation of this article, after introducing the required prerequisites, you will be taught how to Install Vaultwarden on Ubuntu 22.04 step by step.

Prerequisites to Install Vaultwarden on Ubuntu 22.04

1) An Ubuntu 22.04 server

2) A non-root user with sudo privileges

Installing Vaultwarden on Ubuntu 22.04

At first, you should update the package lists with the following command:

sudo apt update

Then upgrade all the upgradeable packages using the following command:

sudo apt upgrade

After updating the required packages, restart your system with the help of the following command:

sudo reboot

You can remove old packages and dependencies by entering the following command:

sudo apt autoremove

Now you should remove any Docker older versions and the Docker engine. To do this, run the following command:

sudo apt remove docker docker.io containerd runc

Next, make sure your snapd version is updated:

sudo snap install core
sudo snap refresh core

You can install Docker by running the following command:

sudo snap install docker

How to Configure Vaultwarden on Ubuntu 22.04

First, you need to create a vaultwarden directory in your home directory and enter it. To do this, run the following commands:

mkdir ~/vaultwarden  
cd ~/vaultwarden

Now open your favorite text editor and create a new docker-compose.yml file:

nano docker-compose.yml

Then you should add the following lines to the file:

version: '3'    services:    vaultwarden:      image: vaultwarden/server:latest      container_name: vaultwarden      restart: always      environment:        - WEBSOCKET_ENABLED=true      volumes:        - ./vw-data:/data      caddy:      image: caddy:2      container_name: caddy      restart: always      ports:        - 80:80        - 443:443      volumes:        - ./Caddyfile:/etc/caddy/Caddyfile:ro        - ./caddy-config:/config        - ./caddy-data:/data      environment:        - DOMAIN=        - EMAIL=        - LOG_FILE=/data/access.log

Then you should add the domain name or subdomain to the DOMAIN value in the Caddy environment variables:

environment:    - DOMAIN=https://example.com

Now you should add an email address for TLS/SSL certificate registration to the EMAIL value under Caddy’s environment variables. To do this, enter the following command:

environment:  - DOMAIN=https://example.com  - [email protected]

Remember to save and exit the text editor. You can do this by pressing “CTRL+X“, then “Y” and hitting “Enter“.

Now open your favorite text editor again and create and open a new Caddyfile as below:

nano Caddyfile

Then you need to add the following lines to the file:

{$DOMAIN}:443 {    log {      level INFO      output file {$LOG_FILE} {        roll_size 10MB        roll_keep 10      }    }      # Get a cert by using the ACME HTTP-01 challenge.    tls {$EMAIL}      encode gzip      # Headers to improve security.    header {    # Enable HSTS    Strict-Transport-Security "max-age=31536000;"      # Enable cross-site filter (XSS)    X-XSS-Protection "1; mode=block"      # Disallow the site to be rendered within a frame (clickjacking protection)    X-Frame-Options "DENY"      # Prevent search engines from indexing    X-Robots-Tag "none"      # Remove Caddy branding    -Server    }      # Redirect notifications to the WebSocket.    reverse_proxy /notifications/hub vaultwarden:3012      reverse_proxy vaultwarden:80 {         header_up X-Real-IP {remote_host}    }  }

Finally, remember to save and exit the text editor.

Caddy is configured by Caddfile. This forwards HTTPS requests from port 443 to Vaultwarden, and additional headers are added to improve security.

Recommended Article: Tutorial installing MySQL on Ubuntu 20

How to Run Vaultwarden on Ubuntu 22.04

Now you should run Vaultwarden in detached mode. You can do this with the following command:

sudo docker-compose up -d

Then use the following command to check that Vaultwarden is running:

sudo docker ps  STATUS  Up x seconds/minutes

Note that the status should be Up.

How to Configure Additional Security on Vaultwarden

First, you need to disable registration. Because anyone who has access to your Vaultwarden instance will not be able to create an account.

Note that you can disable the registration after you have created your account. To do this, you should set the environmental variable SIGNUPS_ALLOWED to false in “docker-compose.yml

services:  vaultwarden:  ... other configuration ...  environment:  - SIGNUPS_ALLOWED=false  ... other configuration ...

One of the features of Vaultwarden is that it allows registered users to invite other new users to create an account on the server. If you are a single user, this may pose a security risk and it is better to disable it. To do this, just set the environmental variable INVITATIONS_ALLOWED to false in “docker-compose.yml“:

services:  vaultwarden:  ... other configuration ...  environment:  - INVITATIONS_ALLOWED=false  ... other configuration ...

Password hints of Bitwarden are usually sent via email. Vaultwarden Password hints are available on the Password Help page and you don’t need to configure an email service. You can set the variable SHOW_PASSWORD_HINT in “docker-compose.yml” to false to disable password hints:

services:  vaultwarden:  ... other configuration ...  environment:  - SHOW_PASSWORD_HINT=false  ... other configuration ...

Note: If the environment variables change, first you should apply the changes with the help of the following steps.

First, you need to stop Vaultwarden with the help of the following command:

sudo docker-compose down

Now return Vaultwarden by using the following command:

sudo docker-compose up -d

That’s it! Your new configuration has been applied.

You can use Bitwarden to access your Vaultwarden instance. All you have to do is change the server URL to a Vaultwarden instance, in which case you can use upstream Bitwarden clients.

Go to your Vaultwarden installation and log in to your account:

https://example.com

Finally, you should add your logins and passwords to your vault.

Recommended Article: Initial server set up on Ubuntu 20.04 LTS

Conclusion

Vaultwarden provides a compatible API for many Bitwarden apps and browser extensions. In this article, you learned how to install Vaultwarden on Ubuntu 22.04 with Docker and docker-compose. Then we used Caddy to secure the configuration. If you have any questions, you can contact us in the Comments.

View More Posts
Tom Veitch
Eldernode Writer
We Are Waiting for your valuable comments and you can be sure that it will be answered in the shortest possible time.

Leave a Reply

Your email address will not be published. Required fields are marked *

We are by your side every step of the way

Think about developing your online business; We will protect it compassionately

We are by your side every step of the way

+8595670151

7 days a week, 24 hours a day