There are a lot of password management solutions out there but to me, it is always a good idea to manage passwords on-premises. By using bitwarden_rs, you can store all your secret info (password, note, two-factor authentication, credit card info) to your own server, even in your tiny raspberry pi .

bitwarden_rs is an unofficial project of bitwarden which is written in Rust. The official self hosted bitwarden package needs minimum 2 GB  ram in order to operate. However, bitwarden_rs needs only 10MB ram and it doesn’t need much cpu usage! More info in reddit.

In this tutorial we will setup bitwarden_rs to google’s always free tier instance running Debian 10. You can follow the same procedure to any server.

Setting up docker & docker-compose

bitwarden_rs needs docker in order to run. So if you don’t have docker & docker-compose installed in your server, please install those first.

curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh
#Installing docker-compose (https://docs.docker.com/compose/install/)
sudo curl -L "https://github.com/docker/compose/releases/download/1.25.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
#Adding current user to docker group
sudo usermod -aG docker $USER
exit

Log back to the server again.

Setting up dns & certificates

We will setup a dns record to our domain so that we can visit bitwarden_rs admin panel like this: https://bitwarden.example.tld

First, please create a subdomain/domain which points to your server’s IP address. In my case, I am using cloudflare to do that job

<img class="alignnone size-full wp-image-525" src="/uploads/2020/04/bitwarden1.png" alt="" width="1112" height="442" srcset="/uploads/2020/04/bitwarden1.png 1112w, /uploads/2020/04/bitwarden1-768x305.png 768w" sizes="(max-width: 1112px) 100vw, 1112px" />

Next, I will setup SSL for this domain. Here I will use cloudflare’s free SSL. However, you can use Let’s encrypt’s free SSL also.

If you use cloudflare & wanted to use cloudflare’s free SSL, please follow the below steps in order to generate certificate and private key.

Please go to SSL/TLS tab and click Origin Server. Now create certificate and key for the domain:

<img class="size-full wp-image-527 aligncenter" src="/uploads/2020/04/bitwarden2.png" alt="" width="1090" height="426" srcset="/uploads/2020/04/bitwarden2.png 1090w, /uploads/2020/04/bitwarden2-768x300.png 768w" sizes="(max-width: 1090px) 100vw, 1090px" />

 

<img class="size-full wp-image-528 aligncenter" src="/uploads/2020/04/bitwarden3.png" alt="" width="791" height="887" srcset="/uploads/2020/04/bitwarden3.png 791w, /uploads/2020/04/bitwarden3-768x861.png 768w" sizes="(max-width: 791px) 100vw, 791px" />

Now copy the generated key and create a new text file and paste the code. Save as **key.pem **(make sure no .txt extension at the end).

<img class="size-full wp-image-530 aligncenter" src="/uploads/2020/04/bitwarden4.png" alt="" width="781" height="709" />

Now again, copy the generated private key and create a new text file and paste the code. Save as **fullchain.pem **(make sure no .txt extension at the end also).

<img class="size-full wp-image-529 aligncenter" src="/uploads/2020/04/bitwarden5.png" alt="" width="776" height="738" />

Installing bitwarden_rs in server

Now go back to the server and create a directory within your home directory

mkdir -p ~/bitwarden_rs/ssl
cd ~/bitwarden_rs/ssl

Now transfer key.pem and fullchain.pem files to the ssl directory.

Now go back to the bitwarden_rs directory and create a file named docker-compose.yml

cd ~/bitwarden_rs
nano docker-compose.yml

Open the file with any text editor you like (I used nano) and paste the following code:

version: '3'

services:
 bitwarden:
  image: bitwardenrs/server
  restart: always
  volumes:
      - ./bw-data:/data
      - ./ssl:/ssl
  ports:
    - 443:80
  environment:
   ROCKET_TLS: '{certs = "/ssl/fullchain.pem", key = "/ssl/key.pem"}'
   LOG_FILE: '/data/bitwarden.log'
   SIGNUPS_ALLOWED: 'true'
   DOMAIN: 'https://bitwarden.example.tld'

Change DOMAIN: ‘https://bitwarden.example.tld’ to your domain name. Save and exit.

Now that we have our docker-compose.yml file ready, let’s run it (make sure that you are in bitwarden_rs folder)

docker-compose up -d

The application will start in a few seconds and it will be detached (-d flag) in order to run in background.

Visit https://bitwarden.example.tld. You should see that page. Means your self hosted password management service is ready!

If you need to stop the service

docker-compose stop

If you want to delete the service

docker-compose down

Please visit bitwarden_rs wiki for more info.