The official Bitwarden server can be hosted at home, however, you will actually get LESS free features using it than having it be hosted by Bitwarden. Instead, we will use the open source version of Bitwarden server so that you get access to all the paid tier features of Bitwarden for free! The open source version has been around for years as a project to ensure that the code is open to the public with the purpose of forcing bugs to rise the surface under the scrutiny of the entire world.
The open source version of Bitwarden server is called Vaultwarden (formerly Bitwarden_RS) and its GitHub can be found here
Note:
There are more thorough instructions in my GitHub on how to do this with a docker-compose stack. This combines the Vaultwarden container with the Cloudflared container and is just as easy to setup. There are step-by-step instructions with screenshots including a backup script. Check it out here:
https://github.com/christensenjairus/Docker-Compose-Stack-for-Vaultwarden-Cloudflared/
Prepare your computer
The VaultWarden server is just a docker container, so the requirements to make it work are minimal. You should not usually (unless you’re opening it up to many people) need more than 1 core, 512MB of RAM, and 3GB of disk space to run the docker container. Of course, you will need more resources for the overhead of whatever Virtual Machine or LXC container you’re using.
I would recommend using an LXC Ubuntu Container to host VaultWarden, but you could also use a Virtual Machine, or software that manages docker containers to make this work.
- Update your computer
sudo apt-get update && sudo apt upgrade -y- Install docker
sudo apt install docker docker.io -yInstall VaultWarden with Docker
Pull the docker image and mount a volume from the host for persistent storage:
docker pull vaultwarden/server:latest
docker run -d --name vaultwarden --restart unless-stopped -v /vw-data/:/data/ -p 80:80 vaultwarden/server:latestThis will preserve any persistent data under /vw-data/, you can adapt the path to whatever suits you.
IMPORTANT:
Some web browsers, like Chrome, disallow the use of Web Crypto APIs in insecure contexts. In this case, you might get an error like Cannot read property 'importKey'. To solve this problem, you need to access the web vault from HTTPS.
This can be configured in vaultwarden directly or using a third-party reverse proxy like CloudFlare (here are some other examples).
If you have an available domain name, you can get HTTPS certificates with Let’s Encrypt, or you can generate self-signed certificates with utilities like mkcert. Some proxies automatically do this step, like Caddy (see examples linked above).
In my opinion, the easiest option would be to access your VaultWarden instance through CloudFlare and have them take care of the HTTPS cert for you. This can be done by following the following instructions.
