Setup your self hosted Password Manager using bitwarden on a Linux Cloud Server
Choosing a Password Manage can be an interesting process, you want to consider many factors in doing so. Why not host your own? This way, you can control the server where it is hosted, and this server may be on premise or on a cloud based environment.
For this particular guide, I used a Linux Server hosted on Linode, but you can use any other hosting provider instead. One thing to note with Linode, unless you have been a customer for at least 3 payment cycles, they wont allow outbound email traffic from your systems, not even if you do have a subscription to a reputable smtp service provider (I use mailgun.com), so if you start from scratch, do not pick Linode as email will be required.
First things first, lets look at the requirements:
I strongly suggest you go for the recommended ones, but, minimum specs will work if you need to trim it down to avoid cost.
So, we will start by creating a VPS on Linode, we select the needed specs and region, chose a root password (or provide ssh keys) and create our "Linode"
It takes a few moments for the Server to be created and booted up
It is time now to SSH into our new Server, using root and the password you have assigned in the previous step. Once prompted, accept the SSH Key
After providing the correct credentials, you are now logged in
At this time, we can configure the needed DNS records for the subdomain. You can name it whatever you like within your own domain, if you do not have a domain, you can either get a free one at a service like Freenom or just buy a cheap one. In the case of this tutorial lets assume i use bitwarden.osintph.info and I did configure it on my DNS provider to point to the IP of the Linux Server.
Also, if not already, you need to open ports 80 and 443 to your Server.
Next, we go ahead and install Docker Engine and Docker Compose, this is straight forward and you can just copy and paste the commands from here if you are also using Ubuntu (20.04 LTS)
We are assuming this is a clean install so we skip this part but if you have a previous docker version installed please remove it to start clean.
First, lets update apt. Note, I am running this as root for the purpose of demonstration but if you are working with a non root user which is recommended, just use sudo to execute those commands:
sudo apt-get install \
ca-certificates \
curl \
gnupg \
lsb-release
Next we are going to add the official PGP Keys of Docker
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
Next we use the following command to set the stable repository
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
Now we update the apt package index and then install the latest version of Docker Engine and containerd
apt-get update
apt-get install docker-ce docker-ce-cli containerd.io
After this we will just verify the installation by running
docker run hello-world
At this point we are good with the Docker engine and move on to install Docker Compose. To do this, we simply run the following curl to download the current stable release
curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
We then have to make the binary executable by running
chmod +x /usr/local/bin/docker-compose
Lastly, we test the installation by running
docker-compose --version
That completes the prerequisites, now the fun stuff, installing bitwarden
For this, we prepare by creating the bitwarden user, setting its password, adding that user to the docker group, create its directory, set the right permissions and ownership
Create the user
adduser bitwarden
groupadd docker
usermod -aG docker bitwarden
mkdir /opt/bitwarden
chmod -R 700 /opt/bitwarden
chown -R bitwarden:bitwarden /opt/bitwarden
Next we download the installation script
curl -Lso bitwarden.sh https://go.btwrdn.co/bw-sh && chmod 700 bitwarden.sh
And run the script
You will have to provide some details such as the domain that we already setup in the earlier steps
./bitwarden.sh install
At one point we will be asked to provide an installation ID and an Installation Key, you will see mine here in plain text but by the time i post this they will no longer be applicable
Navigate to https://bitwarden.com/host/ to get your KEY and ID
After the installer is complete, we want to configure certain parameters to be able to send email, and possibly add an admin user as well, for this, we will have to edit a file called global.override.env - and we do so by using vi or any of your preferred editors:
You need to modify at the least the following parameters to be able to send email and the adminSettings_admin to give a user access to the admin dashboard:
...
globalSettings__mail__smtp__host=<placeholder>
globalSettings__mail__smtp__port=<placeholder>
globalSettings__mail__smtp__ssl=<placeholder>
globalSettings__mail__smtp__username=<placeholder>
globalSettings__mail__smtp__password=<placeholder>
...
adminSettings__admins=
...vi ./bwdata/env/global.override.env
After we have made our changes, we will now start bitwarden for the first time by issuing the following command:
./bitwarden.sh start
You will see something like this once the startup was successful
Now we can visit the URL that we configured, it will also be shown to us in the final message after startup of bitwarden, you will see something like this
We have to create our first user, by using the "Create Account" button and filling up the required information:
Once complete you will see
You can now login with the credentials provided:
The user you will configure as admin user (see previous steps) can then access the admin dashboard. The Dashboard by default can be found at the URL you configured by adding /admin at the end
I hope this was useful, subscribe to my blog if it was! A Video Version of this tutorial will soon be published on my YouTube Channel