Are you looking to deploy an in-house password manager server? Jack Wallen shows you how with Bitwarden and Docker.
Bitwarden is one of my favorite password managers. But if you’re seriously concerned about security and would rather not save your password database on a third-party server, you might want to consider deploying your own Bitwarden server.
That might sound like a serious challenge but, thanks to Docker, it’s actually quite simple. I’m going to show you how to do just that.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
What you’ll need
The only things you’ll need to make this happen are a server that supports Docker and a user with sudo privileges. I’m going to be demonstrating on Ubuntu Server 20.04.
How to install Docker
On the off chance you don’t have Docker installed, let’s do so now. We’ll be using Docker Compose, so there’s more to the installation than usual.
First, install the necessary dependencies with:
sudo apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y
Next, add the Docker GPG key with:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
Note: The above method of adding a key is deprecated but still works.
Add the correct repository:
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
Update apt and install with the following:
sudo apt update sudo apt install docker-ce docker-ce-cli containerd.io docker-compose
How to create the Bitwarden user
To be safe, we’re going to run all of this with a specific user. First, we’ll create a directory for the user with:
sudo mkdir /opt/bitwarden
Create the user with:
sudo adduser bitwarden
Give the newly created directory the proper permission and ownership with:
sudo chmod -R 700 /opt/bitwarden sudo chown -R bitwarden:bitwarden /opt/bitwarden
Add the bitwarden user to the docker group with:
sudo usermod -aG docker bitwarden
Change to the bitwarden user with:
How to download the installer script and deploy Bitwarden
Download the handy installer script with:
curl -Lso bitwarden.sh https://go.btwrdn.co/bw-sh && chmod 700 bitwarden.sh
Before we run the installer script, make sure you don’t have a web server already running (because Bitwarden is going to run on port 80 and it won’t start if that port is already taken). Kill Apache with:
sudo systemctl stop apache2
If this is a Red Hat-based machine, that command would be:
sudo systemctl stop httpd
If you’re using NGINX, stop it with the command:
sudo systemctl stop nginx
Run the installer with:
You will be asked for an FQDN. If you don’t plan on accessing Bitwarden from outside your LAN, you can always just use an IP address for that.
This will take some time for all of the containers to pull and deploy.
Next, we need to configure the SMTP server that Bitwarden will use. After the deployment completes, open the configuration file with:
In that file, search for and configure the following sections, using an available SMTP server (I used Google’s):
globalSettings__mail__smtp__host=REPLACE globalSettings__mail__smtp__port=REPLACE globalSettings__mail__smtp__ssl=REPLACE globalSettings__mail__smtp__username=REPLACE globalSettings__mail__smtp__password=REPLACE adminSettings__admins= ADMIN_EMAIL
Make sure to replace every instance of REPLACE with your SMTP server settings and ADMIN_EMAIL with an email address for the admin user. Save and close the file.
Finally, start the Bitwarden server with:
How to access your Bitwarden server
Open a web browser and point it to https://SERVER (where SERVER is the IP address or domain of the machine hosting your Bitwarden server). You should be presented with the Bitwarden web UI (Figure A).
Click Create Account to create your Bitwarden account. Once you’ve created it, log in with the credentials and you can start using your Bitwarden server to house your passwords … all of which will remain on your own hardware.