There is a new version of this tutorial available for Ubuntu 22.04 (Jammy Jellyfish).

How to Install Bitwarden Password Manager on Ubuntu 20.04

Bitwarden is an open-source password manager. It not only stores or creates strong passwords but also syncs them across multiple devices. Bitwarden offers apps for Windows, macOS, Linux, Android, iPhone along with Browser extensions and is accessible via the web as well.

Bitwarden allows you to secure your account via two-factor authentication and can also store and 2FA keys.

Bitwarden can be managed either on their cloud hosting or you can install it on your server which offers you an advantage as your data remains with you.

In this tutorial, you will learn to install Bitwarden on an Ubuntu 20.04 server.

Prerequisite

  1. A Ubuntu 20.04 based server with a non-root user with sudo privileges.

  2. A domain name pointing to the said server.

  3. Update the system

    $ sudo apt update && sudo apt upgrade
    

Configure Firewall

Ubuntu 20.04 comes with Uncomplicated Firewall(UFW) by default. In case it is not, install it first.

$ sudo apt install ufw

Enable SSH port.

$ sudo ufw allow "OpenSSH"

Enable the firewall.

$ sudo ufw enable

Also, open the HTTP and HTTPS ports which we will need later.

$ sudo ufw allow http
$ sudo ufw allow https

Check the firewall status.

$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
80/tcp (v6)                ALLOW       Anywhere (v6)
443/tcp (v6)               ALLOW       Anywhere (v6)

Install Docker

Bitwarden is bundled as a Docker image. Docker is an application that can run applications in a resource-isolated process called containers. They are similar to virtual machines but more portable and resource-friendly.

Before installing Docker, first, we need to install some dependencies and packages that it requires.

$ sudo apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common

Add Docker's official GPG key.

$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

Add Docker's official Ubuntu repository.

$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs)  stable"

Install the Docker engine.

$ sudo apt-get install docker-ce docker-ce-cli containerd.io

Verify that Docker is installed correctly.

$ sudo docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
0e03bdcc26d7: Pull complete
Digest: sha256:8c5aeeb6a5f3ba4883347d3747a7249f491766ca1caa47e5da5dfcf6b9b717c0
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

The above command will download a test image and run it.

Run Docker without Sudo

By default, Docker can only be run via the root user or using sudo privileges. There is another way as well which is to run a user which is a part of the docker group which was created during the time of the installation.

If you want to avoid using sudo every time when you run the docker command, use the following command to add your current system user to the docker group.

$ sudo usermod -aG docker ${USER}

To apply the change, you need to log out and log back in.

$ su - ${USER}

You will be prompted for your password to continue.

Confirm that your user is added to the docker group.

$ id -nG
username sudo docker

Install Docker Compose

Docker Compose is a tool for defining and running multi-container Docker applications. Compose uses a YAML file to configure the application.

You can install Compose directly from Ubuntu's repository but it is outdated. You can grab the latest version of Compose from its Github repository.

Download the current stable release of Docker Compose.

$ sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

At the time of writing this tutorial, 1.27.4 was the latest version of the Compose available. You can choose a different version by checking the Releases page of the Compose repository.

The above command downloads and moves the Compose binary to the /usr/local/bin directory.

Make the binary executable.

$ sudo chmod +x /usr/local/bin/docker-compose

Test if it is installed correctly.

$ docker-compose --version
docker-compose version 1.27.4, build 40524192

Install the command completion script for the bash shell.

$ sudo curl -L https://raw.githubusercontent.com/docker/compose/1.27.4/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose

Install Bitwarden

The first step is to download the Bitwarden installation script.

$ curl -Lso bitwarden.sh https://go.btwrdn.co/bw-sh

Next, give executable permission to the installation script.

$ chmod +x bitwarden.sh

Before moving to the next step of the installation, you need to generate the Bitwarden installation ID and Installation key.

Open the Bitwarden Host site (https://bitwarden.com/host) to generate the key.

Bitwarden Host Page

Enter your email address and click on the Submit button.

You should see your Installation ID and key on the following screen. Note them down.

Bitwarden Installation Key

Launch the Bitwarden installer.

$ ./bitwarden.sh install

You will be asked for your Bitwarden domain name where you want to access the site. Bitwarden can install an SSL certificate for your site using Let's Encrypt service or you can choose your own certificate or use a self-signed certificate.

We will recommend sticking to the Let's Encrypt certificate so enter y when prompted. If you wish to provide your own certificate or use a self-signed one, enter n and provide the path to your certificate or use Bitwarden to generate a self-signed certificate later.

Once the installation completes, you can make changes before you start the Bitwarden application.

Here you can enter your custom certificate or change the domain or even add SMTP settings.

All the settings are stored in the /home/<username>/bwdata directory.

The main configuration file is located at ~/bwdata/config.yml. This file holds the domain and SSL settings. If you want to make changes in the default Nginx configuration file, you can do so via changing the ~/bwdata/nginx/default.conf file.

If you want to add SMTP settings, edit the ~/bwdata/env/global.override.env file.

Once you are satisfied with your changes, rebuild Bitwarden.

$ ./bitwarden.sh rebuild

You can then run the following command instead.

$ ./bitwarden.sh update

Next, start Bitwarden.

$ ./bitwarden.sh start

You can check if all the services are running correctly, once the startup process completes.

$ docker ps

You shall see the following screen.

Bitwarden Verify

Your Bitwarden installation should be up and running at https://bitwarden.example.com

Bitwarden Homepage

Click on the Create Account button to create your first account.

Bitwarden Registration Screen

Once you are done, you can now log in to your Bitwarden account and start using it.

Bitwarden Home Page

Configure SMTP

The first thing you will notice is that you are being asked to verify your email address. Bitwarden needs your SMTP details in order to do that.

There are two ways you can achieve this. Either you can set up your own SMTP server or you can use any 3rd party service.

If you want to set up your own SMTP service, you can follow our tutorial which teaches you how to install Postfix and use it to send an outgoing email via Gmail.

For our tutorial, we will use a 3rd party email service, SES(Simple Email Service), by Amazon. You can use any service of your choice.

SES is very affordable and costs only $0.1 for every 1000 emails you send. And if you are hosted on Amazon EC2 server, then first 62000 emails are free forever.

Now, we need to open the file /home/<username>/bwdata/env/global.override.env for editing.

$ nano /home/<username>/bwdata/env/global.override.env

You need to configure the following settings in the file.

[email protected]
globalSettings__mail__smtp__host=REPLACE
globalSettings__mail__smtp__username=REPLACE
globalSettings__mail__smtp__password=REPLACE
globalSettings__mail__smtp__ssl=true
globalSettings__mail__smtp__port=587

Replace the values for host, username and password you got from your SMTP provider.

Save the file by pressing Ctrl+X and entering Y when prompted.

After you have changed the settings, restart your Bitwarden installation.

$ ./bitwarden.sh restart

User Registration

You can use your Bitwarden install to allow your family and friends to create their individual accounts. But if you want to keep the install for yourself, it is a good security practice to disable User registrations.

To do that, again, open the file /home/<username>/bwdata/env/global.override.env for editing.

$ nano /home/<username>/bwdata/env/global.override.env

Change the value of the variable disableUserRegistration to true.

globalSettings__disableUserRegistration=true

Save the file by pressing Ctrl+X and entering Y when prompted.

Restart your Bitwarden installation.

$ ./bitwarden.sh restart

You will still see the create account link and the form but submitting it will generate an error now.

Administration Portal

Bitwarden provides an administration portal where you can

  • View installation environment settings
  • View the currently installed and latest available versions
  • Browse all registered users and information about them
  • Delete registered users
  • Browse all organizations and information about them
  • Delete organizations

It is available at https://bitwarden.yourdomain.com/admin but by default is disabled.

To enable it, you need to make the change in /home/<username>/bwdata/env/global.override.env file.

Find the setting adminSettings__admins and add the email addresses of users who are allowed to access the administration page.

[email protected],[email protected]

Restart the Bitwarden server once you are finished making changes.

Whenever you want to login to the Admin Portal, visit https://bitwarden.yourdomain.com/admin and enter your email address. You will receive a temporary login link which will be valid for 15 minutes.

Bitwarden Admin Dashboard

As you can see, our administrator dashboard is telling you to update Bitwarden. Let's see how we can do that.

Update Bitwarden

If you want to update your Bitwarden installation, you can do so by running the following commands.

./bitwarden.sh updateself
./bitwarden.sh update

The first command updates the Bitwarden installer script and the second command updates all the containers and databases and restarts them.

Bitwarden Clients

Bitwarden clients are available for Windows, macOS, Linux, Android and iOS operating systems along with extensions. Normally the clients are configured to connect to the Bitwarden cloud service but you can change their setting to connect to your self-hosted installation.

Just enter your Bitwarden URL (`https://bitwarden.yourdomain.com) in the client settings menu and you can start using them,

Conclusion

This concludes our tutorial on installing Bitwarden server on Ubuntu 20.04. If you have any questions, post them in the comments below.

Share this page:

0 Comment(s)