How to Self-Host Bitwarden on a VPS

Contabo's guide to self-hosting Bitwarden on a virtual private server (VPS).

Given how frequent data breaches occur, it’s no surprise that Bitwarden self-hosting has become more popular among the DIY community (especially given that Bitwarden is open source). Note that it’s free to self-host Bitwarden, but there are some features that need to be unlocked with a registered Bitwarden license file. In this tutorial, we’ll show you how to self-host Bitwarden using a virtual private server (VPS).

And you before you set up your Bitwarden instance, you’ll need to consider whether you’re running it only on a virtual machine (VM) or for other purposes (we cover both installation methods in this guide):

  1. Running self-hosted Bitwarden on a VM: Choose the Bitwarden standalone variant.
  2. Running Bitwarden for a different purpose: Choose Vaultwarden fka bitwarden_rs, an unofficial Bitwarden-compatible server.

Table of Contents

Installing Bitwarden Server (Standalone)

The ready-made installation script makes installation relatively easy.

Requirements

Step 1: Install Docker and cURL

Before you can run the installation script, you’ll need to first install a Docker container to run Bitwarden in. And, you’ll need to install other smaller packages like cURL.

Use this command to install both Docker and cUrl:

apt install docker.io docker-compose curl -y

Step 2: Download the Installation Script

Downloading the script is quite simple and done with one command (the script is executable.) Use the following command:

curl -s -o bitwarden.sh \  

https://raw.githubusercontent.com/bitwarden/server/master/scripts/bitwarden.sh \  

&& chmod +x bitwarden.sh

Step 3: Run the Installation Script

To start the installation, run the installation script with the following command: 

./bitwarden.sh install

And then you’ll need to enter your (sub)domain:

The prompt to enter your (sub)domain in Bitwarden.
The prompt to enter your (sub)domain in Bitwarden.

Step 3A: Install SSL Certificate (optional)

This next step of installing a free SSL certificate from Let’s Encrypt is optional, but since it’ll be a storage location for your passwords later on, we strongly recommend installing a SSL certificate (the certificate doesn’t have to be from Let’s Encrypt): 

If you decide to install a SSL certificate, then you’ll need to enter your email address to request a private Installation ID and Installation Key for self-hosting Bitwarden in the next step.

Step 3A: Install SSL Certificate (optional)

Enter the email address that you’d like to be admin to get your ID and Key.

You’ll then enter your Installation ID and Installation Key into the console.

The console will prompt you for your ID first: 

Then your Key: 

installation key

After you’ve entered both, the script installs the rest and your Bitwarden self-hosted instance is active.

Now call your (sub)domain in the browser, and create an account there.  

And voila! You can now use your instance of Bitwarden.

If you want to run more than just Bitwarden on your server, then read the following sections.

Install Vaultwarden Server (Bitwarden)

If you want to run other things on your server in addition to your Bitwarden instance, then this variant is much more suitable for you.  

Vaultwarden is an implementation of the Bitwarden API in a Rust program that also runs in a Docker container.

Requirements

Step 1: Install Docker and Other Needed Prorams

Before we can start installing Vaultwarden, we need to install programs like Docker in this variant.  

You can install the following programs with this command:

apt install apache2 docker.io docker-compose curl git wget sudo certbot python3-certbot-apache -y 

Step 2: Create a Virtual Host

To tell the web server which port Vaultwarden is running on, we first need to insert a Virtual Host. We create this with the following command:

nano /etc/apache2/sites-available/bitwarden.conf

And paste in the following content: 

<VirtualHost *:80> 

    ServerName <Your(Sub)Domain> 

    ProxyPreserveHost On 

    <Proxy *> 

        Order allow,deny 

        Allow from all 

    </Proxy> 

    ProxyPass / http://localhost:8081/ 

    ProxyPassReverse / http://localhost:8081/ 

</VirtualHost>

Important: Replace <your(sub)domain> with your (sub)domain under which the Bitwarden instance should be accessible. The brackets (i.e. “<” and “>”) must be removed.  

Now, activate the virtual host with this command:

a2ensite bitwarden.conf

Step 3: Activate the Required Modules

Enable required modules with this command (the server needs these modules to work properly):

a2enmod ssl proxy proxy_http proxy_balancer lbmethod_byrequest

You’ll need to restart the server afterward in order for the changes to take effect. Use this command to restart your server:

systemctl restart apache2

Step 4: Install SSL certificate

Unlike the first variant, you’ll need to manually install the SSL certificate. 

Fortunately, it’s a simple step. All you need to start the certification process is enter in this command: 

certbot --apache 

The rest of the SSL certification process is straightforward, so we won’t go into details here.

Step 5 (Last Step): Download and Run Vaultwarden

After all the preparations are complete, you can download the Vaultwarden image with this command:  

docker pull vaultwarden/server:latest

And then start the container with this command:  

docker run -d --name vaultwarden -v /vw-data/:/data/ -p 8081:80 vaultwarden/server:latest 

Now, go to your (sub)domain in the browser and create an account there.

Once you’ve created an account, your Vaultwarden (or Bitwarden instance) install is complete and ready to use. Thanks for following with us on this tutorial!

Feel free to check out more tutorials, or explore our VPS plans for self-hosting. Customers typically use our VPS for a variety of applications and projects (like self-hosting Bitwarden or Nextcloud) because we have the “best price-to-performance ratio” (where else can you get truckloads of RAM and traffic (32 TB!), lightning-fast NVMe SSDs, and AMD EPYC™ processors for cheap?).