Bitwarden Docker Install

Starting with a fresh Ubuntu 18.04 install we are going to install the Bitwarden password manager. This will be a secure Let's Encrypt based install.

Step 1 Update And Prep Fresh OS

Add the Ubuntu Universe Repo

sudo apt-add-repository universe
sudo apt update && sudo apt -y dist-upgrade && sudo apt autoremove

Install Docker CE and Docker Compose.

Follow the instructions in this article and than hop back here to proceed with Bitwarden install.

Now that you've installed Docker properly I think it's best to get Let's Encrypt installed and generate the certs we will want. This is assuming you have setup DNS resolution to whatever domain your using.

Installing Let's Encrypt

Because we added the Ubuntu Universe repo earlier install certbot to issue our certs should be easy.

sudo apt install cerbot

Because I use a reverse proxy I like to use DNS as my preferred method of verifying my domain ownership with Let's Encrypt.

sudo certbot -d bitwarden.domain.com --manual --preferred-challenges dns certonly

During the setup you will be asked to provide an email address and allow your email for public use, which you can decline. Then you need to agree to using your IP address.

You will be presented with a subdomain which you need to add to your DNS provider, and also a TXT record for the value of that subdomain.

After setting this in your DNS, you can use dig txt _acme-challenge.<my fqdn example.com> @8.8.8.8 to verify the record is propagated. After it's propagated you can continue to tell certbot to validate the entry.

Installing Bitwarden

The time has come to get to the point and install Bitwarden. This part is actually very easy and straight forward. Customizing can be a little tricky, but we'll get to that part later.

Download the main Bitwarden script to your machine in the desired location:

sudo curl -s -o bitwarden.sh https://raw.githubusercontent.com/bitwarden/core/master/scripts/bitwarden.sh && sudo chmod u+x bitwarden.sh

Start the installer:

sudo ./bitwarden.sh install

That's it. Bitwarden and it's set of Docker containers are now installed and ready. Well, kind of ready. We do need to configure Bitwarden a little to make things work with Let's Encrypt.

Take a look at this article for how to install and generate a certificate from Let's Encrypt.

Installing and Issuing Let's Encrypt Certificates

Now to integrate the new certificates with Bitwarden.

First copy over your certs to the proper location so docker will use them properly. Which means something similar to this command.

sudo cp /etc/letsencrypt/live/myhost.domain.com/fullchain.pem /etc/ssl/myhost.domain.com/ && sudo cp /etc/letsencrypt/live/myhost.domain.com/privkey.pem /etc/ssl/myhost.domain.com/

Than edit your Nginx .conf file and point it to where you copied the certs.

For example

sudo nano ./bwdata/nginx/default.conf

Change your ssl_certificate and ssl_certificate_key

ssl_certificate /etc/ssl/myhost.domain.com/fullchain.pem;
and
ssl_certificate_key /etc/ssl/myhost.domain.com/privkey.pem;

Might as well make sure your docker config file is setup for SMTP mail functionality.

sudo nano ./bwdata/env/global.override.env

And customize your SMTP settings.

globalSettings__mail__smtp__host=smtp.sendgrid.net
globalSettings__mail__smtp__username=apikey
globalSettings__mail__smtp__password=SG.YOUR.API_KEY
globalSettings__mail__smtp__ssl=true
globalSettings__mail__smtp__port=587
globalSettings__mail__smtp__useDefaultCredentials=false

You could add U2F authentication if you wanted to, but that requires a Premium License to work.

Now it's time to start Bitwarden and see how it goes. If the webpage doesn't start when you test it check the logs under ./bwdata/logs/nginx/error.log and see what it recorded.

Bitwarden should be started and accessible with the SSL cert verified.