|
|
|
|
@@ -7,7 +7,7 @@ popular: false
|
|
|
|
|
tags: [hosting, docker, install, deploy]
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
This article will walk you through how to install and deploy bitwarden to your own server. Because bitwarden is a cross platform application, you can install and deploy it on Linux, macOS, and Windows machines.
|
|
|
|
|
This article will walk you through how to install and deploy Bitwarden to your own server. Because Bitwarden is a cross platform application, you can install and deploy it on Linux, macOS, and Windows machines.
|
|
|
|
|
|
|
|
|
|
## Table of Contents
|
|
|
|
|
|
|
|
|
|
@@ -15,9 +15,9 @@ This article will walk you through how to install and deploy bitwarden to your o
|
|
|
|
|
- [System Requirements](#system-requirements)
|
|
|
|
|
- [Configure Your Domain](#configure-your-domain)
|
|
|
|
|
- [Install Docker](#install-docker)
|
|
|
|
|
- [Install bitwarden](#install-bitwarden)
|
|
|
|
|
- [Install Bitwarden](#install-bitwarden)
|
|
|
|
|
- [Post-install Environment Configuration](#post-install-environment-configuration)
|
|
|
|
|
- [Start bitwarden](#start-bitwarden)
|
|
|
|
|
- [Start Bitwarden](#start-bitwarden)
|
|
|
|
|
- [Script Commands](#script-commands)
|
|
|
|
|
|
|
|
|
|
## TL;DR
|
|
|
|
|
@@ -25,7 +25,7 @@ This article will walk you through how to install and deploy bitwarden to your o
|
|
|
|
|
1. Set DNS records for a domain name pointing to your machine. Open ports 80 and 443 on the machine.
|
|
|
|
|
2. Install [Docker](https://docs.docker.com/engine/installation/){:target="_blank"} and [Docker Compose](https://docs.docker.com/compose/install/){:target="_blank"}.
|
|
|
|
|
3. Get an installation id and key from [https://bitwarden.com/host](https://bitwarden.com/host){:target="_blank"}.
|
|
|
|
|
4. Install & deploy bitwarden.
|
|
|
|
|
4. Install & deploy Bitwarden.
|
|
|
|
|
|
|
|
|
|
{% icon fa-linux %} {% icon fa-apple %} Bash
|
|
|
|
|
|
|
|
|
|
@@ -63,15 +63,15 @@ This article will walk you through how to install and deploy bitwarden to your o
|
|
|
|
|
|
|
|
|
|
## Configure Your Domain
|
|
|
|
|
|
|
|
|
|
By default, bitwarden will be served through ports 80 (http) and 443 (https) on the localhost machine. You should open these ports so that bitwarden can be accessed from within and/or outside of the network. You can choose different ports during installation if you like.
|
|
|
|
|
By default, Bitwarden will be served through ports 80 (http) and 443 (https) on the localhost machine. You should open these ports so that Bitwarden can be accessed from within and/or outside of the network. You can choose different ports during installation if you like.
|
|
|
|
|
|
|
|
|
|
It you are serving bitwarden to the outside world you will need to configure a domain name with DNS records that point to your host machine (ex. bitwarden.company.com). *You should configure this domain before beginning your bitwarden installation.*
|
|
|
|
|
It you are serving Bitwarden to the outside world you will need to configure a domain name with DNS records that point to your host machine (ex. bitwarden.company.com). *You should configure this domain before beginning your Bitwarden installation.*
|
|
|
|
|
|
|
|
|
|
Alternatively, if you are only testing you can install bitwarden to the "localhost" domain.
|
|
|
|
|
Alternatively, if you are only testing you can install Bitwarden to the "localhost" domain.
|
|
|
|
|
|
|
|
|
|
## Install Docker
|
|
|
|
|
|
|
|
|
|
bitwarden will be deployed and ran on your machine using an array of [Docker](https://www.docker.com/what-docker){:target="_blank"} containers. bitwarden will work equally well with Docker Community (free) and Enterprise editions. You should evaluate which edition is best for your installation. Additionally, deployment of these containers is orchestrated through the use of [Docker Compose](https://docs.docker.com/compose/){:target="_blank"}. Docker and Docker Compose must first be installed on your machine before beginning a bitwarden installation.
|
|
|
|
|
Bitwarden will be deployed and ran on your machine using an array of [Docker](https://www.docker.com/what-docker){:target="_blank"} containers. Bitwarden will work equally well with Docker Community (free) and Enterprise editions. You should evaluate which edition is best for your installation. Additionally, deployment of these containers is orchestrated through the use of [Docker Compose](https://docs.docker.com/compose/){:target="_blank"}. Docker and Docker Compose must first be installed on your machine before beginning a Bitwarden installation.
|
|
|
|
|
|
|
|
|
|
See the following official Docker documentation for more information:
|
|
|
|
|
|
|
|
|
|
@@ -82,15 +82,15 @@ See the following official Docker documentation for more information:
|
|
|
|
|
Some Docker installations such as Windows and macOS already come with Docker Compose installed.
|
|
|
|
|
{% endnote %}
|
|
|
|
|
|
|
|
|
|
For reference, you can find the official bitwarden images hosted on Docker Hub at [https://hub.docker.com/u/bitwarden/](https://hub.docker.com/u/bitwarden/){:target="_blank"}.
|
|
|
|
|
For reference, you can find the official Bitwarden images hosted on Docker Hub at [https://hub.docker.com/u/bitwarden/](https://hub.docker.com/u/bitwarden/){:target="_blank"}.
|
|
|
|
|
|
|
|
|
|
## Install bitwarden
|
|
|
|
|
## Install Bitwarden
|
|
|
|
|
|
|
|
|
|
We've made installing bitwarden very simple. Depending in your environment (non-Windows vs. Windows) we provide Bash (Linux and macOS) and PowerShell (Windows) scripts to aide in installing and managing your bitwarden installation. The following steps will include references for both Bash and PowerShell.
|
|
|
|
|
We've made installing Bitwarden very simple. Depending in your environment (non-Windows vs. Windows) we provide Bash (Linux and macOS) and PowerShell (Windows) scripts to aide in installing and managing your bitwarden installation. The following steps will include references for both Bash and PowerShell.
|
|
|
|
|
|
|
|
|
|
1. Download the main bitwarden script to your machine in the desired location:
|
|
|
|
|
1. Download the main Bitwarden script to your machine in the desired location:
|
|
|
|
|
|
|
|
|
|
{% note %}All bitwarden assets will be installed in the `./bwdata` directory relative to where the main bitwarden script resides.{% endnote %}
|
|
|
|
|
{% note %}All Bitwarden assets will be installed in the `./bwdata` directory relative to where the main Bitwarden script resides.{% endnote %}
|
|
|
|
|
|
|
|
|
|
{% icon fa-linux %} {% icon fa-apple %} Bash
|
|
|
|
|
|
|
|
|
|
@@ -117,7 +117,7 @@ We've made installing bitwarden very simple. Depending in your environment (non-
|
|
|
|
|
|
|
|
|
|
**SSL Certificate**
|
|
|
|
|
|
|
|
|
|
- bitwarden can generate and maintain renewal of a trusted SSL certificate for your domain for completely free provided by [Let's Encrypt](https://letsencrypt.org){:target="_blank"} and [Certbot](https://certbot.eff.org){:target="_blank"}. Certificate renewal checks occur each time bitwarden is restarted.
|
|
|
|
|
- Bitwarden can generate and maintain renewal of a trusted SSL certificate for your domain for completely free provided by [Let's Encrypt](https://letsencrypt.org){:target="_blank"} and [Certbot](https://certbot.eff.org){:target="_blank"}. Certificate renewal checks occur each time bitwarden is restarted.
|
|
|
|
|
|
|
|
|
|
- If you already have your own SSL certificate you can place the following files in the `./bwdata/ssl/your.domain.com` directory:
|
|
|
|
|
- certificate.crt (required). If not done so already, you may need to bundle your primary certificate with any intermediate certificates provided by the CA or else you will receive SSL trust errors. ex. `cat domain.crt ca.crt >> certificate.crt`. [See here](https://www.google.com/search?q=nginx+ssl+bundle+certificate+and+ca){:target="_blank"} for more information.
|
|
|
|
|
@@ -129,19 +129,19 @@ We've made installing bitwarden very simple. Depending in your environment (non-
|
|
|
|
|
|
|
|
|
|
**Installation Id/Key**
|
|
|
|
|
|
|
|
|
|
Each bitwarden installation requires a unique installation id and installation key. The installation id and key is used to:
|
|
|
|
|
Each Bitwarden installation requires a unique installation id and installation key. The installation id and key is used to:
|
|
|
|
|
|
|
|
|
|
1. Register your installation and contact email so that we can contact you in case of important security updates
|
|
|
|
|
2. Validate licensing of paid features
|
|
|
|
|
3. Authenticate to push relay servers for push notifications (see below)
|
|
|
|
|
|
|
|
|
|
You should not share your installation id or installation key across multiple bitwarden installations. They should be treated as secrets.
|
|
|
|
|
You should not share your installation id or installation key across multiple Bitwarden installations. They should be treated as secrets.
|
|
|
|
|
|
|
|
|
|
You can obtain an installation id and key from [https://bitwarden.com/host](https://bitwarden.com/host){:target="_blank"}.
|
|
|
|
|
|
|
|
|
|
**Push Notifications**
|
|
|
|
|
|
|
|
|
|
If you would like to take advantage of having push notifications automatically keep your bitwarden client applications synced in real time you can choose to use the bitwarden push notification relay service. This relay service is provided by external bitwarden servers. You should ensure that your machine can communicate with the `https://push.bitwarden.com` endpoint. Your bitwarden installation will POST **non-sensitive data** (reference ids) to the push relay service which will then notify the bitwarden client applications to "phone home" back to **your installation** for an update.
|
|
|
|
|
If you would like to take advantage of having push notifications automatically keep your Bitwarden client applications synced in real time you can choose to use the bitwarden push notification relay service. This relay service is provided by external Bitwarden servers. You should ensure that your machine can communicate with the `https://push.bitwarden.com` endpoint. Your Bitwarden installation will POST **non-sensitive data** (reference ids) to the push relay service which will then notify the Bitwarden client applications to "phone home" back to **your installation** for an update.
|
|
|
|
|
|
|
|
|
|
The use of the push notification relay service is optional. If you do not use this service you will need to keep your client applications in sync manually.
|
|
|
|
|
|
|
|
|
|
@@ -164,12 +164,12 @@ globalSettings__mail__smtp__useDefaultCredentials=false
|
|
|
|
|
|
|
|
|
|
If you plan to use YubiKeys for two-step login, you can get your YubiKey client id and key at [https://upgrade.yubico.com/getapikey/](https://upgrade.yubico.com/getapikey/){:target="_blank"}.
|
|
|
|
|
|
|
|
|
|
## Start bitwarden
|
|
|
|
|
## Start Bitwarden
|
|
|
|
|
|
|
|
|
|
Once you've completed installing and configuring your bitwarden installation you can start it up:
|
|
|
|
|
Once you've completed installing and configuring your Bitwarden installation you can start it up:
|
|
|
|
|
|
|
|
|
|
{% note %}
|
|
|
|
|
The first time you start bitwarden it may take some time as it downloads all of the images from Docker Hub.
|
|
|
|
|
The first time you start Bitwarden it may take some time as it downloads all of the images from Docker Hub.
|
|
|
|
|
{% endnote %}
|
|
|
|
|
|
|
|
|
|
{% icon fa-linux %} {% icon fa-apple %} Bash
|
|
|
|
|
@@ -186,7 +186,7 @@ You can then verify that all containers are up and running correctly:
|
|
|
|
|
|
|
|
|
|
{% image hosting/docker-ps.png %}
|
|
|
|
|
|
|
|
|
|
Finally, you need to initialize and update the bitwarden database:
|
|
|
|
|
Finally, you need to initialize and update the Bitwarden database:
|
|
|
|
|
|
|
|
|
|
{% icon fa-linux %} {% icon fa-apple %} Bash
|
|
|
|
|
|
|
|
|
|
@@ -196,11 +196,11 @@ Finally, you need to initialize and update the bitwarden database:
|
|
|
|
|
|
|
|
|
|
.\bitwarden.ps1 -updatedb
|
|
|
|
|
|
|
|
|
|
Congratulations! bitwarden is now up and running at `https://your.domain.com`. Visit the web vault in your web browser to confirm. You should register a new account and log in.
|
|
|
|
|
Congratulations! Bitwarden is now up and running at `https://your.domain.com`. Visit the web vault in your web browser to confirm. You should register a new account and log in.
|
|
|
|
|
|
|
|
|
|
## Script Commands
|
|
|
|
|
|
|
|
|
|
The bitwarden main script (`bitwarden.sh` or `bitwarden.ps1`) has the following commands available:
|
|
|
|
|
The Bitwarden main script (`bitwarden.sh` or `bitwarden.ps1`) has the following commands available:
|
|
|
|
|
|
|
|
|
|
{% note %}
|
|
|
|
|
PowerShell users will run the commands with a prefixed `-` (switch). For example `.\bitwarden.ps1 -start`.
|
|
|
|
|
|
Kyle Spearrin