How to install Vaultwarden with docker compose

On this post we are going to see how to install Vaultwarden on your server.

What is Vaultwarden?

Vaultwaren is a fork in Rust of the Bitwarden password manager, it allow you to access and sync between devices your login and password.
It also manage TOTP like Google Authenticator.
The server is compatible with the offical Bitwarden clients.

Deployment

You need to have docker and docker compose installed on your server, you can see how to do that by following this post:

Start with docker and docker compose
How to install docker and docker compose on Debian 12

To deploy Vaultwarden, you can use this docker-compose.yaml file

version: '3'
services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden 
    environment:
      - SIGNUPS_ALLOWED=true
      - DOMAIN=https://vaultwarden.yourdomain.com
      - WEBSOCKET_ENABLED=true
    volumes:
      - /path/local/datas:/data/
    ports:
      - 80
      - 3012
    restart: always

Access the container with HTTPS

You can't create an account or login to Vaultwarden without using HTTPS.

The easier method is to either using  reverse proxy like swag and use the pre-set configuration for Vaultwarden (see here), or you can use Cloudflare tunnel if you don't want to open a port and / or expose your public IP.

­čĺí
My best recommendation is to not expose your Vaultwarden service publicly. Use a VPN like Wireguard to access it remotely.

Once you manage to access your Vaultwarden in HTTPS and create your first account, I recommend you to deactivate the account creation by editing the docker-compose file and modify the line

SIGNUP_ALLOWED=true to SIGNUP_ALLOWED=false an do

docker-compose up -d

Finalisation

Activate Two-step login

Once connected, the first thing to do is to activate the Two-step login for your user to enforce the security of your Vaultwarden installation.

Use Bitwarden clients

Now you have a running Vaultwarden server, you can install

  • The Bitwarden web extension, to access your vault directly from your browser and auto-fill login password and OTP.
  • The mobile app, Bitwarden as an Android and IOS app to access your Vault from your mobile device and can replace the Android or IOS password manager.
  • There is also a Desktop client, but I never used it.

sources: