Skip to content

Installing Vaultwarden (Bitwarden) on a VPS

Most of our personal and financial information is hidden behind just a username and password, the importance of keeping this data secure is very high.

For the convenience of storing and entering passwords to websites, there are password managers, they can be both local and cloud.

Today we are going to show you how to install your own password manager on your virtual server.

Installing the Vaultwarden

To install Vaultwarden, we need to set up a Docker server, a domain name that will be pointed to your server, and an SSL certificate. You can point the domain name to Cloudflare and use their SSL certificate. You can learn more about how to install Docker in this article.

To install Vaultwarden, we only need to run one command

docker run -d --name vaultwarden -v /vw-data/:/data/ -p 80:80 vaultwarden/server:latest

In this command, replace the path /vw-data/ with your own, in this directory will be saved files needed to run Vaultwarden.

Once the container installation is complete, you can go to the address of your server’s domain name and you will be taken to the Vaultwarden login page.

Vaultwarden and HTTPS

For Vaultwarden to work correctly, you need to have a ssl certificate configured on the domain name, for example you can use Cloudflare and just point your domain name to the server, or configure a reverse proxy.

One of the easiest ways is to use Caddy’s reverse proxy. To deploy Vaultwarden and Caddy immediately, create a docker-compose.yaml file and put the following data into it

version: '3'

    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: always
      WEBSOCKET_ENABLED: "true"  # Enable WebSocket notifications.
      - ./vw-data:/data

    image: caddy:2
    container_name: caddy
    restart: always
      - 80:80  # Needed for the ACME HTTP-01 challenge.
      - 443:443
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - ./caddy-config:/config
      - ./caddy-data:/data
      DOMAIN: "https://vaul.domain.com"  # Your domain.
      EMAIL: "[email protected]"                 # The email address to use for ACME registration.
      LOG_FILE: "/data/access.log"

В этой же директории создадим файл Caddyfile в который мы внесем следующие данные

{$DOMAIN}:443 {
  log {
    level INFO
    output file {$LOG_FILE} {
      roll_size 10MB
      roll_keep 10

  # Use the ACME HTTP-01 challenge to get a cert for the configured domain.
  tls {$EMAIL}

  # This setting may have compatibility issues with some browsers
  # (e.g., attachment downloading on Firefox). Try disabling this
  # if you encounter issues.
  encode gzip

  # Notifications redirected to the WebSocket server
  reverse_proxy /notifications/hub vaultwarden:3012

  # Proxy everything else to Rocket
  reverse_proxy vaultwarden:80 {
       # Send the true remote IP to Rocket, so that vaultwarden can put this in the
       # log, so that fail2ban can ban the correct IP.
       header_up X-Real-IP {remote_host}

If you want to run Vaultwarden on a local network for a local domain name, the Caddyfile will look like this

domain.local:443 {
        reverse_proxy vaultwarden:80
        tls internal

Creating a user in Vaultwarden

To create a new account, click Create account at the bottom under the Continue button.

This completes the installation of Vaultwarden. You can use the Bitwarden extension for your browser or desktop, in the settings you will need to specify the domain name where Vaultwarden is available.