What Is Vaultwarden?
Vaultwarden is a lightweight, open-source implementation of the Bitwarden password manager server. It is fully compatible with all Bitwarden client apps but requires far fewer resources to self-host.
Requirements
- A Breeze with at least 512 MB RAM
- Docker installed
- A domain with HTTPS (required for browser extensions)
Step 1: Run Vaultwarden
docker run -d --name vaultwarden \
-v /opt/vaultwarden/data:/data \
-p 8080:80 \
-e SIGNUPS_ALLOWED=false \
-e ADMIN_TOKEN=$(openssl rand -base64 48) \
--restart unless-stopped \
vaultwarden/server:latestStep 2: Set Up Nginx with SSL
server {
server_name vault.yourdomain.com;
client_max_body_size 128M;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /notifications/hub {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# sudo certbot --nginx -d vault.yourdomain.comStep 3: Create Your Account
Visit https://vault.yourdomain.com and register. After creating your account, set SIGNUPS_ALLOWED=false to prevent others from registering.
Admin Panel
Access the admin panel at /admin using the ADMIN_TOKEN you set. From here you can manage users, organizations, and server settings.
Backup
# Back up the data directory
tar czf /opt/backups/vaultwarden-$(date +%Y%m%d).tar.gz /opt/vaultwarden/dataUsing Bitwarden Clients
In any Bitwarden client app, go to Settings and set the Server URL to https://vault.yourdomain.com before logging in.