Bitwarden Self-Hosted Password Manager

Bitwarden is an open-source password management solution providing secure storage and synchronization of passwords, login credentials, and sensitive data across devices. With self-hosted deployment, organizations maintain complete control over their password infrastructure and user data. This guide covers Docker deployment, SSL configuration, admin panel setup, user management, and backup strategy.

Tabla de contenidos

Requisitos previos

Ensure you have:

  • Ubuntu 20.04 LTS or later
  • Root or sudo access
  • A registered domain name
  • Minimum 2GB RAM (4GB+ recommended)
  • 15GB available disk space
  • Basic Linux administration knowledge

Update system:

sudo apt update && sudo apt upgrade -y

Requisitos del sistema

Verifique las especificaciones del sistema:

Check OS version:

cat /etc/os-release
uname -m

Check available resources:

free -h
df -h

Docker Instaleation

Instale Docker and Docker Compose:

sudo apt install -y docker.io docker-compose

Add user to docker group:

sudo usermod -aG docker $USER
newgrp docker

Verifique installation:

docker --version
docker-compose --version

Start Docker:

sudo systemctl start docker
sudo systemctl enable docker

Bitwarden Implementement

Cree Bitwarden directory:

mkdir -p /opt/bitwarden
cd /opt/bitwarden

Cree docker-compose.yml:

nano docker-compose.yml

Add configuration:

version: '3'

services:
  bitwarden:
    image: bitwardenrs/server:latest
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /opt/bitwarden/data:/data
      - /opt/bitwarden/ssl:/ssl
    environment:
      DOMAIN: https://vault.example.com
      SIGNUPS_ALLOWED: "false"
      INVITATIONS_ORG_ALLOW: "true"
      SHOW_PASSWORD_HINT: "false"
      LOG_LEVEL: info
      LOG_FILE: /data/bitwarden.log
      EXTENDED_LOGGING: "true"
      DATABASE_URL: sqlite:///data/db.sqlite3
    labels:
      - "com.example.description=Bitwarden Password Manager"

Cree data directory:

mkdir -p /opt/bitwarden/data
mkdir -p /opt/bitwarden/ssl

Start Bitwarden container:

docker-compose up -d

Verifique container is running:

docker-compose ps
docker-compose logs -f bitwarden

Wait for initialization to complete.

Configuración de Nginx

Instale Nginx:

sudo apt install -y nginx

Cree Nginx configuration:

sudo nano /etc/nginx/sites-available/bitwarden

Add configuration:

upstream bitwarden {
    server localhost:80;
}

server {
    listen 80;
    listen [::]:80;
    server_name vault.example.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name vault.example.com;

    ssl_certificate /etc/letsencrypt/live/vault.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/vault.example.com/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    client_max_body_size 100M;

    location / {
        proxy_pass http://bitwarden;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_buffering off;
    }

    location /notifications/hub {
        proxy_pass http://bitwarden;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

Enable site:

sudo ln -s /etc/nginx/sites-available/bitwarden /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl start nginx
sudo systemctl enable nginx

Configuración del certificado SSL

Instale Certbot:

sudo apt install -y certbot python3-certbot-nginx

Obtain SSL certificate:

sudo certbot certonly --standalone -d vault.example.com

Verifique certificate:

sudo openssl x509 -in /etc/letsencrypt/live/vault.example.com/fullchain.pem -noout -dates

Configure auto-renewal:

sudo systemctl enable certbot.timer
sudo systemctl start certbot.timer

Admin Panel Configuration

Access Bitwarden admin panel:

Navigate to https://vault.example.com/admin

The first time, you'll need to set a master password.

Configure admin settings:

  1. Settings → General

    • Organization invitations allowed
    • Allow signups (set to false for security)
    • Password hint display

  2. Settings → Mail

    • Configure email sender
    • SMTP server details

  3. Settings → Backup

    • Descargue backup configuration

User Management

Invite users to Bitwarden:

  1. Admin Panel → Users
  2. Click "Invite User"
  3. Enter email address
  4. User receives invitation via email

Accept invitation:

  1. Click invitation link in email
  2. Cree master password
  3. Activate account

Cree organization:

  1. Click "New Organization"
  2. Set organization name
  3. Invite users to organization
  4. Configure permissions

Configure user permissions:

  1. Go to Organization → Members
  2. Set access level for each user:
    • Owner
    • Admin
    • User
    • Manager

Organization Setup

Cree collections:

  1. Organization → Collections
  2. Click "New Collection"
  3. Name collection (Teams, Finance, etc.)
  4. Assign users access

Add items to collection:

  1. Login as member
  2. Click "+" to create item
  3. Select collection
  4. Add credentials or secure notes

Configure collection permissions:

  1. Organization → Collections
  2. Set read/edit permissions per collection
  3. Manage user access levels

Backup Strategy

Cree backup script:

sudo nano /usr/local/bin/bitwarden-backup.sh

Add:

#!/bin/bash

BACKUP_DIR="/backups/bitwarden"
BITWARDEN_DIR="/opt/bitwarden"
DATE=$(date +%Y%m%d_%H%M%S)

mkdir -p $BACKUP_DIR

# Stop Bitwarden
docker-compose -f $BITWARDEN_DIR/docker-compose.yml stop

# Data backup
tar -czf "$BACKUP_DIR/bitwarden-data-$DATE.tar.gz" "$BITWARDEN_DIR/data"

# Start Bitwarden
docker-compose -f $BITWARDEN_DIR/docker-compose.yml start

# Keep only 30 days
find $BACKUP_DIR -type f -mtime +30 -delete

echo "Backup completed: $DATE"

Make executable:

sudo chmod +x /usr/local/bin/bitwarden-backup.sh

Schedule daily backups:

sudo crontab -e

Add:

0 2 * * * /usr/local/bin/bitwarden-backup.sh >> /var/log/bitwarden-backup.log 2>&1

Update Bitwarden:

cd /opt/bitwarden
docker-compose pull
docker-compose down
docker-compose up -d

Monitor container health:

docker-compose logs -f bitwarden
docker stats bitwarden

Test password vault:

  1. Navigate to https://vault.example.com
  2. Cree test account (if signups enabled)
  3. Add test password entry
  4. Verifique sync across devices

Conclusión

Bitwarden is now fully deployed as a self-hosted password management solution. With Docker containerization, SSL encryption, and admin panel control, you have a secure password vault. Cree organizations, manage user permissions, and enforce strong password policies. Regular backups ensure password recovery and data protection. Maintain security by keeping Bitwarden updated and monitoring access logs.