0

Install and configure vaultwarden – Migrated to a new server 4 of 4

Posted on by jlim0930

This is the third section in the 4 part series of migrating my server

  1. Install and configure the host machine
  2. Install and configure a database and webserver
  3. Install and configure a mailserver
  4. Install and configure vaultwarden - we are here
  5. Tie everything back to 1. for backups, misc, etc

Tie everything back to 1. for backups, misc, etc

Dockerized vaultwarden

I been a bitwarden user for a long time ever since Lastpass changed it policies. I wanted to run my own instance of bitwarden but the setup is a mess and it requires a lot of resources to run. I discovered vaultwarden (formerly called bitwarden_rs) and its a simple rust implementation of bitwarden API. It is backed by sqlite3 database but you can use mysql databases as well. It is a light weight easy to deploy password manager server that you can use your bitwarden app to access.

Install & Configure server

  • Create directories
# mkdir -p /opt/vaultwarden
  • Create the systemd file /etc/systemd/system/docker-vaultwarden.service
[Unit]
Description=vaultwarden docker container
Requires=docker.service
After=docker.service

[Service]
Restart=always
RestartSec=90
ExecStartPre=-/usr/bin/docker kill vaultwarden
ExecStartPre=-/usr/bin/docker rm vaultwarden

ExecStart=/usr/bin/docker run \
        --name vaultwarden \
        --net internal \
        -e -e ADMIN_TOKEN=xxxxxxx \
        -e VIRTUAL_HOST=secrets.domain1.com \
        -e VIRTUAL_PORT=80 \
        -e LETSENCRYPT_EMAIL=your@email.address \
        -e LETSENCRYPT_HOST=secrets.domain1.com \
        -e SIGNUPS_ALLOWED=false \
        -v /etc/localtime:/etc/localtime:ro \
        -v /opt/temp:/temp \
        -v /opt/vaultwarden:/data \
        vaultwarden/server:latest

ExecStop=/usr/bin/docker stop vaultwarden

[Install]
WantedBy=multi-user.target

If you can remember from Install and configure a database and webserver when you add the VIRTUAL* and LETSENCRYPT* envvars onto your docker containers nginx-proxy and letsencrypt will automatically create the cert and proxy configurations. The random token can be generated by openssl rand -base64 48

  • Start the service
# systemctl daemon-reload
# systemctl start docker-vaultwarden

Web Gui

The web GUI is located on https://secrets.domain1.com however you will need to create your account first. Please visit https://secrets.domain1.com/admin and use the token used to login. You can create your account and configure options etc from here. For the SMTP server I am using my mail.domain1.com from the mail server and the service is able to send out emails without issues. Once you configure the server and create accounts you can go back to https://secrets.domain1.com and put in your email address and click on Create Account and you will be able to set your password etc.

Configure apps

As mentioned previously, all the bitwarden extensions and apps will work with vaultwarden. You can install the bitwarden extention onto your browsers and mobile devices. Before logging into the extension/apps you will need to customize the server by clicking on the gear icon

file

Input the Server URL

file

Save and login and you will access your account
file

Post steps

  1. Now that the server is up and running and configured you can remove -e ADMIN_TOKEN=xxxxxxx \ from your /etc/systemd/system/docker-vaultwarden.service and run systemctl daemon-reload to remove the ADMIN_TOKEN since its now set in /opt/vaultwarden/config.json.
  2. If you look at the backup script from step1 you will see that I am already backing up the sqlite database on top of the /opt/vaultwarden directory.

jlim0930

More Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.