I have been migrating from online service to self hosting service on whichever stuff that was possible and recently another thing that I was looking to migrate is password manager. Been using Chrome password manager for so long, while I only use it for auto-filling non crucial sites, I still feel uneasy that all my credentials are somewhere in the cloud that was just waiting to be leaked. But on the other hand, having auto-fill by Google no matter on desktop or phone makes my life so easy.
So I was looking for something that can do the same thing but hosted locally, and I found out about self hosting Bitwarden by using Vaultwarden. It ticks almost all the boxes for my requirement. Bitwarden actual service is by using its cloud storage and the basic account is totally free. Premium account is USD$10 per-year. I would recommend using their service if you are not doing self-hosting. The credentials stored in their cloud are encrypted, even Bitwarden themselves can’t decrypt because they don’t know your master password. This also means if you forgot your password, there’s no way to retrieve the data anymore, so make sure to find ways so that you will never lose the master password.
While I was setting it up and scouring the web for info on how to do it properly, I found that everyone saying it needs HTTPS to work. If you’re doing local network hosting that is not reachable by internet, you know how shitty HTTPS is when it’s about certificates. With self hosted Bitwarden, you need to use a DNS server that can divert domain to local IP address, such as pihole. You also need to set a reverse proxy on the self-hosted machine. Then only the Bitwarden HTTPS page is accessible. If you want to remove the “Your connection is not private” page and “Not secure” on the address bar, you also need a valid CA signed certificate.
The HTTPS page is called Web Vault by Bitwarden, in there you can do management stuff such as changing email or master password and sharing credentials with other users through Collection. To import data from another password manager also needs to be done from Web Vault. Enabling 2FA and using TOTP also can only be done there.
When I tried using Bitwarden I found that it still can be used even without accessing the HTTPS page. You will not be able to do what I mentioned in the previous paragraph but the main function of password manager is workable.
I’m doing self-hosting using Docker on my Synology NAS. Docker is great for running services that are isolated from the main system. Almost all systems have Docker. First thing is installing Docker from the Package Center or something equivalent in your system.
Once Docker is installed, run the program and you’ll be greeted with this window. If you not familiar with Docker it’s advisable to read the Help page first.
We are going to use Vaultwarden for self-hosting. Previously it was known as Bitwarden_RS.
First thing, we need to get Vaultwarden image.
1. Click on Registry
2. Type vaultwarden on the search box
3. Find and click to highlight “vaultwarden/server”
4. Click on download
5. Make sure it is chosen on latest and click Select
While waiting for the image to complete download, next thing we need to do is make a folder where all the configs file and database will be stored. When you install Docker, it will create a shared folder for it. In it create a folder named “bitwarden”, make sure not to use capital letters.
Going back to Docker after finish downloading
1. Click on Image to open the download page. You know it’s finished downloading if the icon is not animated anymore and fully blue.
2. Click to highlight the image
3. Click on Launch to create container for Vaultwarden
It will open General Settings to configure the container.
1. Click to enable resource limitation and put CPU priority to low
2. Set the memory limit to 50MB. These 2 steps is useful so that it won’t use much resource on your machine.
3. Click on Advanced Settings to configure some more things
In here we need to configure some things on 3 tabs
1. Enable auto-restart so that if your system restart it will run back the container
2. Click on Volume to go next tab
3. Click on “Add Folder” to select folder
4. Find and highlight the bitwarden folder we created earlier and click on Select
5. Click on the Mount path box and type “/data”. This way the configs and database will be saved locally, otherwise all data will gone when the container restart
6. Click on “Port Settings” tab, here we can specify the HTTPS and HTTP port at “Local Port” if needed. Local Port with Container Port 3012 is for HTTPS while the other one is for HTTP. You can just leave it as default and the system will auto configure. Don’t change the “Container Port” number.
Click Apply to close Advanced Setting, click Next to complete General Settings, and before clicking Done to close Summary, make sure “Run this container after the wizard is finished” is marked.
Now we go back to Docker main page
1. Click on Container to open it’s page
2. Highlight vaultwarden container. Make sure it is running, if not you can run it here
3. Click on details to open the details for vaultwarden container
4. If you didn’t specify the “Local Port” number, you can check here for the HTTPS and HTTP port. We will need these number for later settings
We finish setting up the container.
Open new tab in your browser and put http/https and followed by the host machine IP and it's “PORT_IP”
Example is https://10.0.0.1:49153 for HTTPS.
We see that here the page won’t load if use HTTPS. If use HTTP it can load but, when trying to create account it will ask to use HTTPS. We’re stuck here with no way to use both method.
This post has been edited by xxboxx: Jul 17 2021, 07:20 PM
Guide Self-hosting Bitwarden password manager, By using Vaultwarden on Docker