This article will walk you through how to install and deploy Bitwarden to your own server. Because Bitwarden is a cross platform application, you can install and deploy it on Linux, macOS, and Windows machines.
Install & deploy Bitwarden.
curl -s -o bitwarden.sh \ https://raw.githubusercontent.com/bitwarden/server/master/scripts/bitwarden.sh \ && chmod +x bitwarden.sh ./bitwarden.sh install ./bitwarden.sh start ./bitwarden.sh updatedb
Invoke-RestMethod -OutFile bitwarden.ps1 ` -Uri https://raw.githubusercontent.com/bitwarden/server/master/scripts/bitwarden.ps1 .\bitwarden.ps1 -install .\bitwarden.ps1 -start .\bitwarden.ps1 -updatedb
Adjust additional configuration settings in
./bwdata/env/global.override.env and restart.
If you are looking for a quality provider with affordable prices, we recommend:
By default, Bitwarden will be served through ports 80 (http) and 443 (https) on the localhost machine. You should open these ports so that Bitwarden can be accessed from within and/or outside of the network. You can choose different ports during installation if you like.
If you are serving Bitwarden to the outside world you will need to configure a domain name with DNS records that point to your host machine (ex. bitwarden.company.com). You should configure this domain before beginning your Bitwarden installation.
Alternatively, if you are only testing you can install Bitwarden to the “localhost” domain.
Bitwarden will be deployed and ran on your machine using an array of Docker containers. Bitwarden will work equally well with Docker Community (free) and Enterprise editions. You should evaluate which edition is best for your installation. Additionally, deployment of these containers is orchestrated through the use of Docker Compose. Docker and Docker Compose must first be installed on your machine before beginning a Bitwarden installation.
See the following official Docker documentation for more information:
Some Docker installations such as Windows and macOS already come with Docker Compose installed.
For reference, you can find the official Bitwarden images hosted on Docker Hub at https://hub.docker.com/u/bitwarden/.
We’ve made installing Bitwarden very simple. Depending on your environment (non-Windows vs. Windows) we provide Bash (Linux and macOS) and PowerShell (Windows) scripts to aide in installing and managing your Bitwarden installation. The following steps will include references for both Bash and PowerShell.
Download the main Bitwarden script to your machine in the desired location:
All Bitwarden assets will be installed in the
./bwdata directory relative to where the main Bitwarden script resides.
curl -s -o bitwarden.sh \ https://raw.githubusercontent.com/bitwarden/server/master/scripts/bitwarden.sh \ && sudo chmod u+x bitwarden.sh
Invoke-RestMethod -OutFile bitwarden.ps1 ` -Uri https://raw.githubusercontent.com/bitwarden/server/master/scripts/bitwarden.ps1
Start the installer:
Complete the prompts in the installer.
Each Bitwarden installation requires a unique installation id and installation key. The installation id and key is used to:
You should not share your installation id or installation key across multiple Bitwarden installations. They should be treated as secrets.
You can obtain an installation id and key from https://bitwarden.com/host.
Bitwarden can generate and maintain renewal of a trusted SSL certificate for your domain for completely free provided by Let’s Encrypt and Certbot. Certificate renewal checks occur each time Bitwarden is restarted. Use of the automated Let’s Encrypt certificate requires ports 80 and 443 to be available. Alternatively, you can manage your own Let’s Encrypt certificate outside of the Bitwarden setup script and provide it using the “bring your own SSL certificate” method as described below.
./bwdata/ssl/your.domain.comdirectory. File paths for certificate assets are configurable from the
./bwdata/config.ymlfile if you wish to change the default paths generated by the installer.
cat domain.crt ca.crt >> certificate.crt. See here for more information.
dhparam.pemby using OpenSSL with
openssl dhparam -out ./dhparam.pem 2048.
If you are only testing and do not have an SSL certificate, a self-signed certificate can be generated for your installation. Self-signed certificates will not be trusted by Bitwarden client applications so you will need to install this certificate to the trusted store of each device you plan to use Bitwarden with.
Installation Config File
The Bitwarden setup script uses settings from
./bwdata/config.yml to generate the necessary assets for the installation to operate. More advanced installation scenarios (ex. installations behind a proxy with alternate ports) may need to make further configuration adjustments that were not provided during the standard installation prompts. Additionally, if you need to alter the initial installation settings (ex. changing the domain name used for Bitwarden) these can be made from
After changing settings in
./bwdata/config.yml, you can apply them by running:
Some features such as a SMTP mail server settings, YubiKey OTP API credentials, etc. are not configured by the installer. You can find the environment file for these settings (and all others) in the following location:
./bwdata/env/global.override.env. Edit this file and REPLACE the placeholders values for them.
globalSettings__yubico__clientId=294620155 globalSettings__yubico__key=owdez88RdxVZuGbZ4fv globalSettings__mail__smtp__host=smtp.sendgrid.net globalSettings__mail__smtp__port=587 globalSettings__mail__smtp__ssl=false globalSettings__mail__smtp__username=apikey globalSettings__mail__smtp__password=SG.YOUR.API_KEY
If you plan to use YubiKeys for two-step login, you can get your YubiKey client id and key at https://upgrade.yubico.com/getapikey/.
Once you’ve completed installing and configuring your Bitwarden installation you can start it up:
The first time you start Bitwarden it may take some time as it downloads all of the images from Docker Hub.
You can then verify that all containers are up and running correctly:
Finally, you need to initialize and update the Bitwarden database:
Congratulations! Bitwarden is now up and running at
https://your.domain.com. Visit the web vault in your web browser to confirm. You should register a new account and log in.
The Bitwarden main script (
bitwarden.ps1) has the following commands available:
PowerShell users will run the commands with a prefixed
- (switch). For example
|install||Start the installer.|
|start||Start all containers.|
|restart||Restart all containers (same as start).|
|stop||Stop all containers.|
|updatedb||Update/initialize the database.|
|update||Update all containers and the database.|
|updateself||Update this main script.|
|rebuild||Rebuild generated installation assets from
Rate this article:
Want to talk to a human?Send Us An Email