Sign in Subscribe
docker

How to install Vaultwarden with docker compose

On this post we are going to see how to install Vaultwarden on your server.

2nistech

2 min read

What is Vaultwarden?

Vaultwaren is a fork in Rust of the Bitwarden password manager, it allow you to access and sync between devices your login and password.
It also manage TOTP like Google Authenticator.
The server is compatible with the offical Bitwarden clients.

Deployment

You need to have docker and docker compose installed on your server, you can see how to do that by following this post:

Start with docker and docker compose
How to install docker and docker compose on Debian 12
2nis Tech World2nistech

To deploy Vaultwarden, you can use this docker-compose.yaml file

version: '3'
services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden 
    environment:
      - SIGNUPS_ALLOWED=true
      - DOMAIN=https://vaultwarden.yourdomain.com
      - PUSH_ENABLED=true
      - PUSH_INSTALLATION_ID=
      - PUSH_INSTALLATION_KEY=
      - PUSH_RELAY_BASE_URI=https://push.bitwarden.com
    volumes:
      - /path/local/datas:/data/
    ports:
      - 80
      - 3012
    restart: always

To get the PUSH_INSTALLATION_ID and PUSH_INSTALLATION_KEY go to https://bitwarden.com/host/, put an email address and you'll get your ID and KEY.

Access the container with HTTPS

You can't create an account or login to Vaultwarden without using HTTPS.

You can follow this post to configure a reverse proxy using Traefik for Vaultwarden.

Traefik an easy reverse Proxy
I was a long time user of Swag as reverse proxy, but since I discovered Traefik I started to use it more and more. And it became the core of my project YOC (Your Own Cloud). GitHub - 2nistechworld/yoc: Your Own Cloud - automatic install scriptYour Own Cloud -
2nis Tech World2nistech
💡
My best recommendation is to not expose your Vaultwarden service publicly. Use a VPN like Wireguard to access it remotely.

Once you manage to access your Vaultwarden in HTTPS and create your first account, I recommend you to deactivate the account creation by editing the docker-compose file and modify the line

SIGNUP_ALLOWED=true to SIGNUP_ALLOWED=false an do

docker-compose up -d

Finalisation

Activate Two-step login

Once connected, the first thing to do is to activate the Two-step login for your user to enforce the security of your Vaultwarden installation.

Use Bitwarden clients

Now you have a running Vaultwarden server, you can install

  • The Bitwarden web extension, to access your vault directly from your browser and auto-fill login password and OTP.
  • The mobile app, Bitwarden as an Android and IOS app to access your Vault from your mobile device and can replace the Android or IOS password manager.
  • There is also a Desktop client, but I never used it.

sources: