Pick a strong password for your master password. I use the Bitwarden passphrase generator with three words, a numeral, and punctuation, which yields over 40 bits of entropy. Set up 2FA for both your new secure email and the Bitwarden account. Secure your master password and 2FA recovery data externally. Bitwarden Send (One-to-One Text and File Sharing) Text Sharing: Text + File Sharing: Text + File Sharing: Sync all of your devices: Shared Items-Unlimited: Secure Password Generator: Encrypted file attachments-1 GB Personal: 1 GB+ Personal 1 GB+ for Org Items: Encrypted Export: Premium Features: Upgrade Required: Bitwarden Authenticator (TOTP.
Bitwarden offers a variety of different installation options for the desktop application. You can find them all listed below. Some options are not capable of automatic updates and are labeled as such. You should always keep Bitwarden applications up to date. At Bitwarden, we share a sense of purpose—helping the global community of online users manage their sensitive information easily and securely. Our open source software is the foundation of who we are as a company, with transparency and collaboration at the forefront of our core values.
Bitwarden is an awesome open source password manager that I've been using for a while. However I've never been entirely comfortable with storing my password database on someone else's computer, so I decided to look into options for self-hosting it.
Enter bitwarden_rs; an unofficial implementation of the Bitwarden password manager written in rust, and brings a number of advantages to the original project.
- It's much more lightweight.
- It only requires a single Docker container to spin it up.
Prerequisites
So without further ado, let's get started. To follow this tutorial, you'll need:
- Our letsencrypt container installed and configured with your hostname and appropriate (sub)domains
- Your own (sub)domain setup correctly and free to dedicate to bitwarden.
Docker configuration
Although I tend to prefer to use containers we've produced ourselves, sometimes you have to admit that the original application author has hit the nail on the head with their own container, and that's the case here. So let's grab it from Docker Hub:
As you can see I've changed port 80 on the container side to be 8343 on the host as Unraid is currently using port 80. You can choose any free port for this tutorial — just remember what it is so you can configure the reverse proxy appropriately.
With that completed, let's move on.
Reverse proxy
Navigate to /config/nginx/site-confs/ on your LinuxServer.io Let's Encrypt container, and create a new server. Call the file bw.
In this file paste the following, making sure you edit it to change the variables $IP and $HOST_PORT_FOR_80 appropriate to your own config. Save and restart the Let's Encrypt container.
Finishing Up
You should find now you can access the Bitwarden web vault at https://bw.server.com
Now you can create a new account, and if you want to migrate from Bitwarden's own hosted system, export your passwords as a .json file and import them to your new self-hosted version.
Setting up Browser Extensions & Mobile Applications
Reddit Bitwarden Safe
To point the browser extension to your new self hosted Bitwarden instance, you need to log out from your current Bitwarden session and then click the tiny cog in the upper left corner like below:
Reddit Bitwarden Review
Fill out the Server URL box with https://bw.server.com.
Reddit Bitwarden
Robert's your mother's brother. You're done!