November 5, 2024 admin

How to Install and Set Up Vaultwarden (Bitwarden) for Password Management on Ubuntu 22.04 LTS

Ensuring secure password management is vital for protecting sensitive information in any environment, especially in DevOps and IT operations. Vaultwarden (formerly known as Bitwarden_RS) is an open-source, self-hosted version of the Bitwarden password manager. It is lightweight, easy to set up, and ideal for anyone looking for a secure password management solution on their own server. This guide will walk you through installing and configuring Vaultwarden on Ubuntu 22.04 LTS.

Prerequisites

Before starting, ensure you have the following:

  • Administrative access to the server
  • Basic understanding of Linux commands and system administration
  • (Optional) Docker installed, if you plan to run Vaultwarden as a containerized service

Step-by-Step Guide to Installing Vaultwarden

Step 1: Install Dependencies

Start by updating the package list and installing necessary dependencies:

sudo apt update && sudo apt install -y curl software-properties-common

This ensures your system has essential tools for package management and downloading.

Step 2: Install Docker (Optional)

If you prefer running Vaultwarden using Docker, install Docker by following these steps:

# Add the Docker GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

# Add the Docker repository
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

# Update package list and install Docker
sudo apt update && sudo apt install -y docker-ce

Step 3: Deploy Vaultwarden with Docker

With Docker installed, run the following command to pull and start the Vaultwarden container:

sudo docker run -d --name vaultwarden -e ROCKET_PORT=8000 -p 8000:8000 -v /vw-data/:/data/ --restart unless-stopped vaultwarden/server:latest

This command:

  • Runs Vaultwarden as a detached (-d) service
  • Sets the exposed port to 8000
  • Mounts a persistent volume for data storage to /vw-data/

Step 4: Configure Vaultwarden

Vaultwarden offers various configuration options that can be set via environment variables. For added security and performance, consider using HTTPS. To do this, you can configure an Nginx reverse proxy with SSL:

  1. Install Nginx:
   sudo apt install -y nginx
  1. Generate an SSL Certificate (using Certbot):
   sudo apt install -y certbot python3-certbot-nginx
   sudo certbot --nginx -d yourdomain.com
  1. Configure Nginx:
    Add the following to /etc/nginx/sites-available/vaultwarden:
   server {
       listen 80;
       server_name yourdomain.com;
       return 301 https://$host$request_uri;
   }

   server {
       listen 443 ssl;
       server_name yourdomain.com;

       ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
       ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;

       location / {
           proxy_pass http://127.0.0.1:8000;
           proxy_set_header Host $host;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header X-Forwarded-Proto $scheme;
       }
   }
  1. Enable the Nginx Configuration:
   sudo ln -s /etc/nginx/sites-available/vaultwarden /etc/nginx/sites-enabled/
   sudo systemctl restart nginx

Step 5: Access Vaultwarden

Navigate to https://yourdomain.com in your browser. You should now see the Vaultwarden login page, ready for you to create an account and start managing your passwords securely.

Best Practices for Securing Your Vaultwarden Instance

  • Enable Two-Factor Authentication (2FA): Add an extra layer of security by enabling 2FA within Vaultwarden.
  • Secure Your Data Backup: Regularly back up your Vaultwarden data directory.
  • Keep Docker and Vaultwarden Updated: Regular updates ensure you have the latest security patches.
  • Monitor Logs: Keep an eye on server and Vaultwarden logs for any unusual activity.

Troubleshooting Tips

  • Vaultwarden Container Won’t Start: Check the Docker logs using docker logs vaultwarden for error messages.
  • SSL Issues: Verify that the SSL certificates are valid and correctly configured in Nginx.
  • Access Denied: Ensure that your server firewall allows connections on port 8000 or 443.

For more help, refer to Vaultwarden’s GitHub documentation or join community forums for support.

Conclusion

You have successfully set up and configured Vaultwarden on Ubuntu 22.04 LTS. With Vaultwarden, you can manage your passwords securely and locally, ensuring complete control over your data. Following best practices, such as enabling 2FA and securing your server, will help maintain the security and reliability of your password management system.

Next Steps:

  • Integrate Vaultwarden with your DevOps toolchain to manage secrets efficiently.
  • Explore automated backup solutions for continuous data protection.
  • Experiment with additional security features like IP whitelisting and detailed access logs.

Embrace the peace of mind that comes with managing your passwords securely and efficiently!