Vaultwarden: Self-Hosted Bitwarden Alternative

18-08-2024 - 1 minute, 47 seconds -
documentation password management vaultwarden bitwarden self-hosted docker

Setting Up Vaultwarden with Docker

Introduction

Vaultwarden is an open-source alternative to Bitwarden that allows you to host your own password management service with minimal resource usage. This guide will help you set up Vaultwarden using Docker and configure it to be accessed securely via a reverse proxy.

Prerequisites

  • Docker and Docker Compose: Ensure Docker and Docker Compose are installed on your system.
  • Domain Configuration: Make sure your domain (e.g., vaultwarden.clintmasden.duckdns.org) is properly configured to point to your server.

Setting Up Vaultwarden

1. Create a Docker Compose File

Create your docker-compose.yml with the necessary service definitions:

version: "3"
services:
  vaultwarden:
    restart: unless-stopped
    image: "vaultwarden/server:latest"
    container_name: vaultwarden
    environment:
      - TZ=America/Chicago
      - LOG_FILE=/data/bitwarden.log
      - EXTENDED_LOGGING=true
      - LOG_LEVEL=warn
      - ROCKET_WORKERS=20
      - WEBSOCKET_ENABLED=true
      - SIGNUPS_ALLOWED=false
      - DISABLE_ADMIN_TOKEN=false
      - ADMIN_TOKEN=********
      - SHOW_PASSWORD_HINT=false
      - DISABLE_ICON_DOWNLOAD=true
      - DOMAIN=https://vaultwarden.clintmasden.duckdns.org
    ports:
      - 8003:80
      - 8004:3012
    volumes:
      - ./data:/data

Sensitive Data Removed: Admin token for security purposes.

2. Launch Vaultwarden

Deploy your Vaultwarden instance using the following command:

docker-compose up -d

This command will start the Vaultwarden container, making your password management service available online.

3. Accessing Vaultwarden

Once the container is running, access Vaultwarden by navigating to:

https://vaultwarden.clintmasden.duckdns.org

Here you can log in to the admin panel and configure further settings.

Extended Setup and Configuration

Configuring Reverse Proxy

For secure access, configure a reverse proxy using Caddy or another suitable web server. This will enable HTTPS and provide an additional layer of security for your Vaultwarden instance.

Example Caddyfile

Here's an example configuration for Caddy as a reverse proxy for Vaultwarden:

vaultwarden.clintmasden.duckdns.org {
    reverse_proxy localhost:8003
    respond /admin* "404"
}
Security Enhancements
  • Set strong passwords and admin tokens using a reliable hash generator.
  • Limit login attempts and enable logging to monitor for unauthorized access attempts.

Resources and References

Conclusion

Setting up Vaultwarden with Docker provides a secure, self-hosted environment for managing passwords. The Docker deployment ensures easy setup and scalability, while the reverse proxy setup adds an essential layer of security for remote access. As your needs grow, consider integrating additional security features and monitoring tools to maintain the integrity and safety of your password management service.