🔗 Official Docs - Install and Deploy - Linux (always check for updated process)
- Point your DNS records domain to your Linux host machine, if you want to reach it from the public network.
- Open these ports so Bitwarden can be accessed from inside the network (in this case).
80(http) ,11443(https)
- On the Linux machine:
sudo ufw allow 80
sudo ufw allow 11443
sudo ufw status🔗 Docs - Install Docker Engine on Ubuntu
- Install dependencies and setup repository
# uninstall older Docker versions:
sudo apt-get remove docker docker-engine docker.io containerd runc
sudo apt update
sudo apt install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common lsb-releasesudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null- Install Docker Engine and Compose
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-compose-plugin
# Try docker:
sudo docker compose version
sudo docker version
sudo docker run hello-world
# Configure Docker to start on boot
sudo systemctl enable docker.service
sudo systemctl enable containerd.servicesudo adduser bitwarden
sudo passwd bitwarden
sudo groupadd docker
sudo usermod -aG docker bitwarden
sudo mkdir /opt/bitwarden
sudo chmod -R 700 /opt/bitwarden
sudo chown -R bitwarden:bitwarden /opt/bitwarden- Use the shell script for installation with the
bitwardenuser in the/opt/bitwardendirectory
su - bitwarden
cd /opt/bitwarden
curl -Lso /opt/bitwarden/bitwarden.sh "https://func.bitwarden.com/api/dl/?app=self-host&platform=linux" && chmod 700 /opt/bitwarden/bitwarden.sh
./bitwarden.sh install
# Enter the domain name for your Bitwarden instance (ex. bitwarden.example.com):
bitwarden.yourdomain.com
# Do you want to use Let's Encrypt to generate a free SSL certificate? (y/n):
n
### Choose Y to generate trusted Let's Encrypt SSL certificate (ports 80 and 443 have to be open for certbot)
# Enter the database name for your Bitwarden instance (ex. vault):
vault
# Enter your installation id (get at https://bitwarden.com/host):
# Enter your installation key:
# Do you have a SSL certificate to use? (y/n):
n
# Do you want to generate a self-signed SSL certificate? (y/n):
y
# ^^^ This option is only recommended for testing.
- Retrieve an installation id using a valid email at https://bitwarden.com/host.
Installation ids keys are used when installing Bitwarden on-premises in order to:
- Register your installation and contain email so that we can contact you for important security updates.
- Authenticate to push relay servers for push notifications to Bitwarden client applications.
- Validate licensing of paid features.
Retrieve an installation id and key from https://bitwarden.com/host.
You should not share your installation id or installation key across multiple Bitwarden installations. They should be treated as secrets.
# If you need to make additional configuration changes, you can modify the settings in `./bwdata/config.yml` and then run:
`./bitwarden.sh rebuild` or `./bitwarden.sh update`
nano ./bwdata/env/global.override.env
# adminSettings__admins=yourmail@gmail.com
# nano ./bwdata/config.yml
# Next steps, run:
./bitwarden.sh start
# Bitwarden is up and running!
# ===================================================
# visit https://bitwarden.yourdomain.com
# to update, run
./bitwarden.sh updateself
./bitwarden.sh update- Create a cronjob to run the updates automatically
su - bitwarden
nano /opt/bitwarden/bwdata/scripts/updatebw.sh- Add the 3 lines to the script:
#!/bin/bash
/opt/bitwarden/bitwarden.sh updateself
/opt/bitwarden/bitwarden.sh update- Make the script executable:
chmod +x updatebw.sh
crontab -e
# Add lines to update and start Bitwarden at boot:
@reboot /opt/bitwarden/bwdata/scripts/updatebw.sh >/dev/null 2>&1
@reboot /opt/bitwarden/bitwarden.sh start
# or for Example: on every Sunday at 2:00
0 2 * * 0 /opt/bitwarden/bwdata/scripts/updatebw.sh >/dev/null 2>&1- Change https port
nano /opt/bitwarden/bwdata/config.yml
# Set https_port variable to 11443
https_port: 11443
# Save and exit.
# Update
./bitwarden.sh updatesu - bitwarden
cd /opt/bitwarden
curl -Lso /opt/bitwarden/bitwarden.sh "https://func.bitwarden.com/api/dl/?app=self-host&platform=linux" && chmod 700 /opt/bitwarden/bitwarden.sh
/opt/bitwarden/bitwarden.sh updateself
/opt/bitwarden/bitwarden.sh update
# or run the script created before
/opt/bitwarden/bwdata/scripts/updatebw.sh
su - bitwarden
/opt/bitwarden/bitwarden.sh stop
/opt/bitwarden/bitwarden.sh start- Since
bitwarden.shrequires internet connection to work, Bitwarden can be started offline using the docker container already present on the host.
su - bitwarden
# Start
docker-compose -f /opt/bitwarden/bwdata/docker/docker-compose.yml up -d
# Stop
docker-compose -f /opt/bitwarden/bwdata/docker/docker-compose.yml down