Install Bitwarden Password Manager on Ubuntu 20.04
Abstract: 1.44.1 "/entrypoint.sh" About a minute ago Up About a minute (healthy) 5000/tcp
This tutorial walks you through the process of installing the Bitwarden password manager on your Ubuntu 20.04 home server. I describe all steps required to prepare your home server before installing Bitwarden, how to configure Bitwarden with a free domain name from CloudDNS, and finally how to setup an Apache reverse proxy to point your free domain to your Bitwarden instance.
Prepare UbuntuIn a first step, upgrade all previously installed software on your server
sudo apt update
sudo apt upgrade
If you haven’t yet, install Apache if you want to access Bitwarden from outside of your local network.
sudo apt install apache2 curl
Next, we need to install docker. Before installing docker though, we need install a few dependencies first.
sudo apt install apt-transport-https ca-certificates gnupg-agent software-properties-common
Add GPG key for the official docker repository to your system and add the docker repository
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"
Install docker
sudo apt update
sudo apt install docker-ce
sudo apt install docker-compose
Add user to docker group
sudo usermod -aG docker $USER
Install Bitwarden
First, request a hosting instance ID & Key from https://bitwarden.com/host
Then simply download the Bitwarden install script to your server, make it executable and execute it:
curl -Lso bitwarden.sh https://go.btwrdn.co/bw-sh
sudo chmod 700 bitwarden.sh
sudo bash bitwarden.sh install
Provide requested information – I generally like to use an Apache reverse proxy to handle the SSL certificate part, so just set up Bitwarden without encryption and let Apache deal with the certificate.
(!) Enter the domain name for your Bitwarden instance (ex. bitwarden.example.com): <ENTER YOUR DOMAIN>
(!) Enter the database name for your Bitwarden instance (ex. vault): <LEAVE EMPTY>
1.44.1: Pulling from bitwarden/setup
Digest: sha256:d06b051e84345232f673bb2a2a9a374fe3ae41b20ac5d8842d3cb0e32e170281
Status: Image is up to date for bitwarden/setup:1.44.1
docker.io/bitwarden/setup:1.44.1
(!) Enter your installation id (get at https://bitwarden.com/host): <YOUR ID>
(!) Enter your installation key: <YOUR KEY>
(!) Do you have a SSL certificate to use? (y/n): n
(!) Do you want to generate a self-signed SSL certificate? (y/n): y
If you don’t have a domain name yet (and want to access your Bitwarden instance over the internet) get a free domain name from ClouDNS. I will publish another tutorial soon that will show you how to set up dynamic DNS using ClouDNS which is required if your IP address changes on a daily basis (otherwise the URL will start pointing to the wrong public IP address). Check this space for updates.
Configure BitwardenOpen the Bitwarden configuration file, e.g. using nano
# We will point to this port using our Apache reverse proxy
http_port: 8080
# Remove the https_port
https_port:
# Set SSL to false
ssl: false
# Specify the correct SSL certificates that you will use with your Apache reverse proxy
ssl_certificate_path: /etc/letsencrypt/live/<YOUR SITE>.dnsabr.com/cert.pem
ssl_key_path: /etc/letsencrypt/live/<YOUR SITE>.dnsabr.com/privkey.pem
If you don’t already have a wildcard SSL certificate from Letsencrpyt, follow this guide to set one up!
Update the Bitwarden Docker files and run Bitwarden using
sudo bash bitwarden.sh update
Check if Bitwarden docker image is running
roman@tutserv:~$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
33d44408e466 bitwarden/nginx:1.44.1 "/entrypoint.sh" About a minute ago Up About a minute (healthy) 80/tcp, 8443/tcp, 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp bitwarden-nginx
a22136c4c35b bitwarden/admin:1.44.1 "/entrypoint.sh" About a minute ago Up About a minute (healthy) 5000/tcp bitwarden-admin
d7843222d672 bitwarden/sso:1.44.1 "/entrypoint.sh" About a minute ago Up About a minute (healthy) 5000/tcp bitwarden-sso
a4acf3bc8306 bitwarden/web:2.24.2 "/entrypoint.sh" About a minute ago Up About a minute (healthy) bitwarden-web
877e63e69cc1 bitwarden/attachments:1.44.1 "/entrypoint.sh" About a minute ago Up About a minute (healthy) bitwarden-attachments
dec2a5a4a4f8 bitwarden/identity:1.44.1 "/entrypoint.sh" About a minute ago Up About a minute (healthy) 5000/tcp bitwarden-identity
74c4d1e8a3c6 bitwarden/notifications:1.44.1 "/entrypoint.sh" About a minute ago Up About a minute (healthy) 5000/tcp bitwarden-notifications
5ca0bb69adcc bitwarden/mssql:1.44.1 "/entrypoint.sh" About a minute ago Up About a minute (healthy) bitwarden-mssql
15217bd83f74 bitwarden/icons:1.44.1 "/entrypoint.sh" About a minute ago Up About a minute (healthy) 5000/tcp bitwarden-icons
f0d0c0a8528f bitwarden/events:1.44.1 "/entrypoint.sh" About a minute ago Up About a minute (healthy) 5000/tcp bitwarden-events
0c09374e71f7 bitwarden/api:1.44.1 "/entrypoint.sh" About a minute ago Up About a minute (healthy) 5000/tcp bitwarden-api
Set up Apache reverse proxy
Edit the Apache2 ssl configuration file and add a virtual host entry similar to the one below
<VirtualHost *:443>
ServerName <YOUR SITE>.dnsabr.com
SSLEngine On
SSLProxyEngine On
SSLProxyVerify none
ProxyVia On
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ProxyPreserveHost on
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
<Proxy *>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Proxy>
SSLCertificateFile /etc/letsencrypt/live/<YOUR SITE>.dnsabr.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/<YOUR SITE>.dnsabr.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/<YOUR SITE>.dnsabr.com/chain.pem
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log example
</VirtualHost>
Reload Apache2
sudo service apache2 restart
And just that simply did you install Bitwarden on Ubuntu! You should now be able to access your Bitwarden instance on <YOUR SITE>.dnsabr.com
Enjoy!