In this tutorial, we will show you how to install and run the Vaultwarden Docker Container.
Vaultwarden is a third-party alternative to the official Bitwarden server written in Rust. It is a lightweight alternative to the more heavyweight official server. Being lightweight makes it an excellent choice for devices such as a Raspberry Pi or a low-memory VPN.
For those who do not know, Bitwarden is an open-source password manager that allows you to self-host instead of relying on its cloud servers.
The Vaultwarden server attempts to maintain compatibility with the core functionality of the Bitwarden server. The official Vaultwarden Wiki lists missing features.
In this guide we are using Docker to run Vaultwarden as it makes the whole setup process incredibly simple. Outside of installing Docker, you don’t have to worry about installing any other software to run this password manager server.
Before proceeding, Vaultwarden works best when you have a domain name for your server. This is because the clients need a signed certificate to work correctly.
While it is possible to use a self-signed certificate, Bitwarden is incredibly difficult to use. You will have to add the certificate to every device you use.
Additionally, you must forward ports 80 and 443 and point your domain to your IP address so that Caddy can grab a signed certificate for your domain.
Running Vaultwarden using Docker
In the following sections, we will walk you through setting up and running Vaultwarden as a Docker container.
Preparing for the Vaultwarden Docker Container
1. If you don’t already have the Docker runtime installed on your system, you can follow our quick and easy guide on installing Docker on Linux.
If you already have Docker installed, you can skip to the next step.
https://pimylifeup.com/linux-docker-install/
Preparing your System for the Vaultwarden Docker Container
2. We need to use the mkdir command to create a folder to store the Vaultwarden Docker containers compose file.
By using the “-p
” option, the command will create all missing directories within the path.
sudo mkdir -p /opt/stacks/vaultwarden
3. With the directory created, you will want to change into it by using the cd command.
cd /opt/stacks/vaultwarden
Writing a Docker Compose file for Vaultwarden
4.Using the following command, you can begin writing the Docker Compose file for Vaultwarden.
We use the nano text editor as it is relatively straightforward for most users to pick up and use.
sudo nano compose.yaml
5. Within this file you will want to enter the following lines. We have two separate blocks; the first one includes Caddy, which will operate as a reverse proxy and provide HTTPS.
<DOMAINNAME>
: Replace this with the domain name you intend to use to interact with your Vaultwarden server.<EMAIL>
: As we use Caddy to automatically fetch a signed certificate, you must provide an email address. The cert provider uses this email to inform you of any issues.
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: always
environment:
DOMAIN: "https://<DOMAINNAME>"
volumes:
- ./vw-data:/data
caddy:
image: caddy:2
container_name: caddy
restart: always
ports:
- 80:80
- 443:443
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- ./caddy-config:/config
- ./caddy-data:/data
environment:
DOMAIN: "https://<DOMAINNAME>"
EMAIL: "<EMAIL>"
LOG_FILE: "/data/access.log"
This second alternative block is the one you should use if you already have a reverse proxy that you want to use. The main change here is that we don’t include Caddy and expose port 80
from the container.
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: always
environment:
DOMAIN: "https://<DOMAINNAME>"
volumes:
- ./vw-data:/data
ports:
- 80:80
6. After filling out this file, save and quit by pressing CTRL + X, Y, and ENTER.
Writing a Caddyfile for Vaultwarden
7. If you choose to use the Caddy web server, you will need to write a simple Caddyfile.
To begin writing this file, run the command below within the terminal.
sudo nano Caddyfile
8. Within this file, type out the following lines. These lines are relatively simple and set up Caddy to proxy all requests to the Vaultwarden Docker container.
You don’t have to replace any text within this file, as it is automatically filled in from the Docker environment variables.
{$DOMAIN}:443 {
log {
level INFO
output file {$LOG_FILE} {
roll_size 10MB
roll_keep 10
}
}
# Use the ACME HTTP-01 challenge to get a cert for the configured domain.
tls {$EMAIL}
encode gzip
reverse_proxy vaultwarden:80 {
header_up X-Real-IP {remote_host}
}
}
9. After writing your Caddyfile, save and quit by pressing CTRL + X, Y, and then ENTER.
Starting up the Password Manager Server
10. With the Compose and Caddyfile written, we can start the Vaultwarden Docker container by running the command below.
This may take a few minutes as it must download both the Vaultwarden and Caddy containers. During start up, Caddy will automatically attempt to fetch an SSL certificate for your domain name.
We use the “-d
” option so that Docker will detach from the current terminal session.
docker compose up -d
Accessing the Vaultwarden Docker Container Web Interface
11. In your favorite web browser, you will want to go to the following address.
Ensure you replace “<DOMAINNAME>
” with the domain you specified earlier in this guide. For example, if we set up our domain name as “vaultwaden.pimylifeup.com
” we would use that.
https://<DOMAINNAME>
12. When you first access Vaultwarden, you must create your own account.
To begin this process, click the “Create account
” link.
13. On this next screen, you will want to fill out the information you want to use for your account.
Ensure that you use a secure password, as this is where you will store passwords for all of your other accounts. Do not use a password that you have used before.
After filling out your information, click the “Create account
” button.
14. With your account created, you can log in and use your new Vaultwarden installation.
Start the login process by entering the email you created the account for (1.) and then click the “Continue
” button (2.).
15. On the next screen, enter your account password (1.) and then click the “Log in with master password
” button (2.).
16. Thanks to the Docker container, you should now successfully have Vaultwarden running on your device.
Now is an excellent time to start connecting with the various Bitwarden-compatible clients.
Disabling Sign Ups
17. Once you have created your account, you may want to disable sign-ups. By default, Vaultwarden will let anybody sign up for your installation.
You will want to use the command below to get Docker to turn off the Vaultwarden container.
docker compose down
18. Our next step is to begin modifying the Compose file. In particular, we need to add a new environment variable.
sudo nano compose.yaml
19. With your Compose file open, look for the “environment
” section next to where Vaultwarden is defined. The block should look similar to what we have shown below.
image: vaultwarden/server:latest
container_name: vaultwarden
restart: always
environment:
Underneath the “environment
” header you will want to add the following. This line sets the “SIGNUPS_ALLOWED
” option and to “false
“.
- SIGNUPS_ALLOWED=false
20. After you have made this change, save and quit by pressing CTRL + X, Y, and then ENTER.
21. Start the Vaultwarden Docker container again by running the command below.
docker compose up -d
Updating the Vaultwarden Docker Container
One key advantage of using Docker to run Vaultwarden on your system is that it makes updating very simple.
This quick section will walk you through the simple steps of updating Vaultwarden.
1. First you must change into the directory where we wrote the Compose file earlier in this guide.
You can change to this directory by using the following command.
cd /opt/stacks/vaultwarden
2. Once we are in the right place, we can get Docker to pull the latest version of the Vaultwarden image.
If you use Caddy, this command will also download a new version of that container if one is available.
docker compose pull
3. If new versions of your images were downloaded, you can get Docker to start using them by using the command below.
Docker will check if a new version of the Vaultwarden image is available and restart the container using it if it is.
docker compose up -d
Conclusion
Hopefully, at this stage in the tutorial, you will have successfully started the Vaultwarden Docker container.
Vaultwarden is a lightweight alternative to the official server. It is great for those who are trying to run it on devices with little memory or a relatively weak CPU.
Please comment below if you have any questions about setting up this service using Docker.
If you found this guide helpful, we highly recommend checking out our many other Docker guides.