Bitwarden is one of my favorite password managers. But if you’re seriously concerned about security and would rather not save your password database on a third-party server, you might want to consider deploying your own Bitwarden server.

That might sound like a serious challenge but, thanks to Docker, it’s actually quite simple. I’m going to show you how to do just that.

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

What you’ll need

The only things you’ll need to make this happen are a server that supports Docker and a user with sudo privileges. I’m going to be demonstrating on Ubuntu Server 20.04.

Ready? Okay.

How to install Docker

On the off chance you don’t have Docker installed, let’s do so now. We’ll be using Docker Compose, so there’s more to the installation than usual.

First, install the necessary dependencies with:

sudo apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y

Next, add the Docker GPG key with:

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

Note: The above method of adding a key is deprecated but still works.

Add the correct repository:

sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

Update apt and install with the following:

sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-compose

How to create the Bitwarden user

To be safe, we’re going to run all of this with a specific user. First, we’ll create a directory for the user with:

sudo mkdir /opt/bitwarden

Create the user with:

sudo adduser bitwarden

Give the newly created directory the proper permission and ownership with:

sudo chmod -R 700 /opt/bitwarden
sudo chown -R bitwarden:bitwarden /opt/bitwarden

Add the bitwarden user to the docker group with:

sudo usermod -aG docker bitwarden

Change to the bitwarden user with:

su bitwarden
cd

How to download the installer script and deploy Bitwarden

Download the handy installer script with:

curl -Lso bitwarden.sh https://go.btwrdn.co/bw-sh && chmod 700 bitwarden.sh

Before we run the installer script, make sure you don’t have a web server already running (because Bitwarden is going to run on port 80 and it won’t start if that port is already taken). Kill Apache with:

sudo systemctl stop apache2

If this is a Red Hat-based machine, that command would be:

sudo systemctl stop httpd

If you’re using NGINX, stop it with the command:

sudo systemctl stop nginx

Run the installer with:

./bitwarden.sh install

You will be asked for an FQDN. If you don’t plan on accessing Bitwarden from outside your LAN, you can always just use an IP address for that.

This will take some time for all of the containers to pull and deploy.

Next, we need to configure the SMTP server that Bitwarden will use. After the deployment completes, open the configuration file with:

nano ~/bwdata/env/global.override.env

In that file, search for and configure the following sections, using an available SMTP server (I used Google’s):

globalSettings__mail__smtp__host=REPLACE
globalSettings__mail__smtp__port=REPLACE
globalSettings__mail__smtp__ssl=REPLACE
globalSettings__mail__smtp__username=REPLACE
globalSettings__mail__smtp__password=REPLACE
adminSettings__admins= ADMIN_EMAIL

Make sure to replace every instance of REPLACE with your SMTP server settings and ADMIN_EMAIL with an email address for the admin user. Save and close the file.

Finally, start the Bitwarden server with:

./bitwarden.sh start

How to access your Bitwarden server

Open a web browser and point it to https://SERVER (where SERVER is the IP address or domain of the machine hosting your Bitwarden server). You should be presented with the Bitwarden web UI (Figure A).

Figure A

The Bitwarden web UI is a simple-to-use password manager.

Click Create Account to create your Bitwarden account. Once you’ve created it, log in with the credentials and you can start using your Bitwarden server to house your passwords … all of which will remain on your own hardware.

Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.


Image: BeeBright/Shutterstock

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays