Vaultwarden password manager setup

Vaultwarden is an alternative password manager that implements Bitwarden password manager's features - the most popular manager on the internet - and uses its API's to use Bitwarden client apps on most opertating systems and browser extensions. Lets set up Vaultwarden server:

Install Docker:

• Docker install link

Requirements:

• System RAM >= 1GB, disk space >= 5GB and OS Linux
• Domain name that translates to your public/internal IP
• SSL certificate for the domain
• Ports 2020 is forwarded and accessible to the Vaultwarden server IP

Directory structure:

• Make directories for files:

mkdir -p /dockerApps/vaultwarden

cd /dockerApps/vaultwarden

Create and configure files:

touch compose.yml && touch Caddyfile

• Open compose.yml file - using any text editor - and paste the following config (red highlight --> your config):

services:

  vaultwarden:

    image: vaultwarden/server:latest

    container_name: vaultwarden

    restart: always

    environment:

      DOMAIN: "https://yourdomain.com" # Your domain

      SIGNUPS_ALLOWED: "true" # true for first startup to create an account then change to false to disable account creation

      INVITATIONS_ALLOWED: "false" # false to disable invitations

    volumes:

      - /dockerApps/vaultwarden/vw-data:/data

  caddy:

    image: caddy:2

    container_name: caddy

    restart: always

    ports:

      - 2020:2020

    volumes:

      - /dockerApps/vaultwarden/Caddyfile:/etc/caddy/Caddyfile:ro

      - /shares/sslCerts:/sslCerts

      - /dockerApps/vaultwarden/caddy-data:/data

    environment:

      DOMAIN: "https://yourdomain.com" # Your domain.

      EMAIL: "your@email.com" # The email address to use for ACME registration.

      LOG_FILE: "/data/access.log"

      SSL_CERT_PATH: "/sslCerts/fullchain.pem"

      SSL_KEY_PATH: "/sslCerts/privkey.pem"

• Open Caddyfile - using any text editor - and paste the following config:

# Custom ssl port

{

  https_port 2020

}

#################

{$DOMAIN} {

  log {

    level INFO

    output file {$LOG_FILE} {

      roll_size 10MB

      roll_keep 10

    }

  }

  # Uncomment this if you're providing your own cert. You would also use this option if you're running behind Cloudflare.

  tls {$SSL_CERT_PATH} {$SSL_KEY_PATH}

  # This setting may have compatibility issues with some browsers

  # (e.g., attachment downloading on Firefox). Try disabling this

  # if you encounter issues.

  encode zstd gzip

  # Proxy everything to Rocket

  reverse_proxy vaultwarden:80 {

       # Send the true remote IP to Rocket, so that Vaultwarden can put this in the log, so that fail2ban can ban the correct IP.

       header_up X-Real-IP {remote_host}

  }

}

Run Docker command (must be in the same directory /dockerApps/vaultwarden):

docker compose up -d

Access Vaultwarden through browser using domain and port:

https://yourdomain.com:2020

Register an account and then login.

To disable future registrations, open compose.yml file and change the SIGNUPS_ALLOWED field to false and run docker commands:

docker compose down

docker compose up -d

After the command completes and the docker container is up and running, you can access Vaultwarden using the web app or any other Bitwarden client and start creating and storing all you private information.

• Download Bitwarden clients.
• Fearure documentation.
• Vautlwarden Github and wiki.