Bitwarden is an open-source password manager. Using Bitwarden_rs, it is possible to create a self-hosted server, using little resources, enabling you to use all its features.
Bitwarden makes it possible to share and sync usernames and passwords across all devices and webbrowsers.
Let’s Encrypt is a Certificate Authority (CA) that issues trusted SSL certificates free of charge for any domain. The Bitwarden installation script offers the option to generate a trusted SSL certificate for your domain using Let’s Encrypt and Certbot. Certificate renewal checks occur each time Bitwarden is. So, I want to install bitwarden and only be able to use it while at home. I do not want the outside world to see it. I cannot use letsencrypt because I do not have a valid domain (ie: from Godaddy etc.) nor can letsencrypt ping my DNS server because my ISP blocks port 80 and 443. Bitwardenrs will not work on Chrome without SSL, so we are going to create a self signed certificate. If you are going to host Bitwarden on the internet (outside your local network), use certbot instead. Prerequisites: working Docker installation on Linux As sudo or root, make persistent data directories for SSL and Bitwarden files on.
In this example I’ll be using two pc’s: One for compiling and one for hosting, because the VPS I run this on isn’t powerful enough to compile the binaries.
On compile machine
Install dependencies
Compile bitwarden_rs
Compile vault
Clone and checkout repository
Patch web vault to work with Bitwarden RS
Download the most recent Bitwarden_RS patch for the Bitwarden web vault. This can be done using one of two ways:
A. Download and apply a patch based on the version that you just checked out using git.
B. Does this give a 404 Not Found error? In that case there might not be new changes in the most recent Bitwarden web release that need to be patched in order to work with Bitwarden RS.
- Go to https://github.com/dani-garcia/bw_web_builds/tree/master/patches.
- Click on the patch that is closest to the version you checked out in git (visible by executing the command
git tag --sort=v:refname | tail -n1). - Click on “raw” to get a direct link to the patch file.
- Download with
wgetand usegit apply.
For example:
Build the web vault
NB: Do not run the following commands as root. Building the web vault will fail.
Copy
on remote host
Use this file as a template. Alfred omnifocus. Alter all uncommented variables to match your environment.
Add nginx vault.conf. The following config assumes that you have already installed and configured certbot / letsencrypt and retrieved a certificate.
Set up Fail2ban
If you are using Fail2Ban, you can add this configuration to keep out unwanted guests:
Set up logrotation
Over time, the Bitwarden_RS log file can grow to a significant size. Using logrotate, we can periodically rotate logs.
NB: To view a compressed log file without manually decompressing:
Bitwarden Letsencrypt Dns
Backup
If you’d like to backup the bitwarden server, please use the following steps to do so
Export the sqlite database:
If you have already set up backups for other services, add these paths to your list of backup targets:
Upgrade Bitwarden RS and web vault
On build machine
Update system packages
Remove old build and sources
Upgrade Rust
Build Bitwarden RS
Build Bitwarden web vault
Clone Bitwarden web vault repository
Download the most recent Bitwarden_RS patch for the Bitwarden web vault
Warlords for mac os. This can be done using one of two ways:
A. Download and apply a patch based on the version that you just checked out using git.
B. Does this give a 404 Not Found error? In that case there might not be new changes in the most recent Bitwarden web release that need to be patched in order to work with Bitwarden RS.
- Go to https://github.com/dani-garcia/bw_web_builds/tree/master/patches.
- Click on the patch that is closest to the version you checked out in git (visible by executing the command
git tag --sort=v:refname | tail -n1). - Click on “raw” to get a direct link to the patch file.
- Download with
wgetand usegit apply.
For example:
Compile web vault
Copy upgraded binary and vault
On remote / public machine
Bitwarden Disable Letsencrypt
Update notes
- 2020-07: Improved web-vault instructions, added upgrade steps.
- 2020-08: Noticed missing nginx config example. Added this.
- 2020-09: Added some cleanup steps.
- 2020-10: Updated to latest versions. Added new configuration options. Include MySQL and PostgreSQL backends next to the existing SQLite backend in compile steps.
- 2020-12: Update to latest versions. Added logrotate config.
- 2021-04: A reader notified me that the Bitwarden admin Fail2ban regex in
/etc/fail2ban/filter.d/bitwarden-admin.confshould be updated. Bitwarden no longer prepends the log entry with “Unauthorized Error: “. This has been corrected.
Bitwarden Let's Encrypt Password
Related