Given how frequent data breaches occur, it’s no surprise that Bitwarden self-hosting has become more popular among the DIY community (especially given that Bitwarden is open source). Note that it’s free to self-host Bitwarden, but there are some features that need to be unlocked with a registered Bitwarden license file. In this tutorial, we’ll show you how to self-host Bitwarden using a virtual private server (VPS).
And before you set up your Bitwarden instance, you’ll need to consider whether you’re running it only on a virtual machine (VM) or for other purposes (we cover both installation methods in this guide):
- Running self-hosted Bitwarden on a VM: Choose the Bitwarden standalone variant.
- Running Bitwarden for a different purpose: Choose Vaultwarden fka bitwarden_rs, an unofficial Bitwarden-compatible server.
Installing Bitwarden Server (Standalone)
The ready-made installation script makes installation relatively easy.
- A Linux operating system-based server.
- Root access to the server.
- A subdomain connected to the server.
Step 1: Install Docker and cURL
Before you can run the installation script, you’ll need to first install a Docker container to run Bitwarden in. And, you’ll need to install other smaller packages like cURL.
Use this command to install both Docker and cUrl:
apt install docker.io docker-compose curl -y
Step 2: Download the Installation Script
Downloading the script is quite simple and done with one command (the script is executable.) Use the following command:
curl -s -o bitwarden.sh \
&& chmod +x bitwarden.sh
Step 3: Run the Installation Script
To start the installation, run the installation script with the following command:
And then you’ll need to enter your (sub)domain:
Step 3A: Install SSL Certificate (optional)
This next step of installing a free SSL certificate from Let’s Encrypt is optional, but since it’ll be a storage location for your passwords later on, we strongly recommend installing a SSL certificate (the certificate doesn’t have to be from Let’s Encrypt):
If you decide to install a SSL certificate, then you’ll need to enter your email address to request a private Installation ID and Installation Key for self-hosting Bitwarden in the next step.
Step 3B: Getting an Installation ID and Key
Enter the email address that you’d like to be admin to get your ID and Key.
You’ll then enter your Installation ID and Installation Key into the console.
The console will prompt you for your ID first:
Then your Key:
After you’ve entered both, the script installs the rest and your Bitwarden self-hosted instance is active.
Now call your (sub)domain in the browser, and create an account there.
And voila! You can now use your instance of Bitwarden.
If you want to run more than just Bitwarden on your server, then read the following sections.
Install Vaultwarden Server (Bitwarden)
If you want to run other things on your server in addition to your Bitwarden instance, then this variant is much more suitable for you.
Vaultwarden is an implementation of the Bitwarden API in a Rust program that also runs in a Docker container.
- Linux-based virtual server.
- Root access to the server.
- A (sub)domain already connected to the server.
Step 1: Install Docker and Other Needed Prorams
Before we can start installing Vaultwarden, we need to install programs like Docker in this variant.
You can install the following programs with this command:
apt install apache2 docker.io docker-compose curl git wget sudo certbot python3-certbot-apache -y
Step 2: Create a Virtual Host
To tell the web server which port Vaultwarden is running on, we first need to insert a Virtual Host. We create this with the following command:
And paste in the following content:
Allow from all
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/
Important: Replace <your(sub)domain> with your (sub)domain under which the Bitwarden instance should be accessible. The brackets (i.e. “<” and “>”) must be removed.
Now, activate the virtual host with this command:
Step 3: Activate the Required Modules
Enable required modules with this command (the server needs these modules to work properly):
a2enmod ssl proxy proxy_http proxy_balancer lbmethod_byrequest
You’ll need to restart the server afterward in order for the changes to take effect. Use this command to restart your server:
systemctl restart apache2
Step 4: Install SSL certificate
Unlike the first variant, you’ll need to manually install the SSL certificate.
Fortunately, it’s a simple step. All you need to start the certification process is enter in this command:
The rest of the SSL certification process is straightforward, so we won’t go into details here.
Step 5 (Last Step): Download and Run Vaultwarden
After all the preparations are complete, you can download the Vaultwarden image with this command:
docker pull vaultwarden/server:latest
And then start the container with this command:
docker run -d --name vaultwarden -v /vw-data/:/data/ -p 8081:80 vaultwarden/server:latest
Now, go to your (sub)domain in the browser and create an account there.
Once you’ve created an account, your Vaultwarden (or Bitwarden instance) install is complete and ready to use. Thanks for following with us on this tutorial!
Feel free to check out more tutorials, or explore our VPS plans for self-hosting. Customers typically use our VPS for a variety of applications and projects (like self-hosting Bitwarden or Nextcloud) because we have the “best price-to-performance ratio” (where else can you get truckloads of RAM and traffic (32 TB!), lightning-fast NVMe SSDs, and AMD EPYC™ processors for cheap?).