Vaultwarden

Unofficial Bitwarden password manager server implementation written in Rust

Prerequisites

In your vaultwarden folder, create a folder named vw-data , it must be owned by a non-root user. Here i'm using Ubuntu server default user, which has UID=1000 and GID=1000.

Installation

docker-compose.yml

version: '3'

services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: unless-stopped
    user: 1000:1000
    volumes:
      - ./vw-data:/data
    networks:
      - proxyadmin
#    environment:
#       - SIGNUPS_ALLOWED=false
       
networks:
  proxyadmin:
    driver: bridge
    external: true

For security reasons, after all the users are created on the app, you should uncomment the environment variables section, which will disable new non-invited signups on your instance. You will be able to invite users even with thiibs variable set.

As I'm using a reverse proxy, the container is not mapped to any host port but is member of my proxy docker network instead. If you want to map a port, please remove all occurrences of proxyadmin docker network in the compose file and add :

ports:

- <host_port>:8080

In this case, you may also want to add certificates to access your instance with HTTPS, please check the official wiki if necessary.

If you are using an authentification system with your reverse-proxy and you want to use bitwarden browser extensions, then you must disable auth for this app.

You can see how to do it with Authentik on the page Authentik as Reverse-Proxy

Vaultwarden is now up and running on the URL you defined in your reverse proxy or on http://<serverip>:<vaultwarden_port>

PreviousRestrict App Access NextServer Administration

Last updated 3 years ago