Self-hostingInstall & Deploy Guides

Linux Standard Deployment

This article will walk you through the procedure to install and deploy Bitwarden to your own Linux server. Bitwarden can also be installed and deployed on Windows machines. Please review Bitwarden software release support documentation.

System specifications

Minimum

Recommended

Processor

x64, 1.4GHz

x64, 2GHz dual core

Memory

2GB RAM

4GB RAM

Storage

12GB

25GB

Docker Version

Engine 19+ and Compose 1.24+

Engine 19+ and Compose 1.24+

tip

If you are looking for a quality provider with affordable prices, we recommend DigitalOcean. Get started today or read our blog post about Bitwarden on DigitalOcean.

TL;DR

The following is a summary of the installation procedure in this article. Links in this section will jump to detailed Installation procedure sections:

  1. Configure your domain. Set DNS records for a domain name pointing to your machine, and open ports 80 and 443 on the machine.

  2. Install Docker and Docker Compose on your machine.

  3. Create a Bitwarden user & directory from which to complete installation.

  4. Retrieve an installation id and key from https://bitwarden.com/host for use in installation.

    For more information, see What are my installation id and installation key used for?

  5. Install Bitwarden on your machine.

  6. Configure your environment by adjusting settings in ./bwdata/env/global.override.env.

    tip

    At a minimum, configure the globalSettings__mail__smtp... variables to setup an email server for inviting and verifying users.

  7. Start your instance.

  8. Test your installation by opening your configured domain in a web browser.

  9. Once deployed, we recommend regularly backing up your server and checking for system updates.

Installation procedure

Configure your domain

By default, Bitwarden will be served through ports 80 (http) and 443 (https) on the host machine. Open these ports so that Bitwarden can be accessed from within and/or outside of the network. You may opt to choose different ports during installation.

We recommend configuring a domain name with DNS records that point to your host machine (for example, bitwarden.example.com), especially if you are serving Bitwarden over the internet.

Install Docker and Docker Compose

Bitwarden will be deployed and run on your machine using an array of Docker containers. Bitwarden can be run with any Docker edition or plan. Evaluate which edition is best for your installation.

Deployment of containers is orchestrated using Docker Compose. Some Docker installations, including Docker for macOS, come with Docker Compose already installed.

Install Docker and Docker Compose on your machine before proceeding with installation. Refer to the following Docker documentation for help:

Create Bitwarden local user & directory

We recommend configuring your Linux server with a dedicated bitwarden service account, from which to install and run Bitwarden. Doing so will isolate your Bitwarden instance from other applications running on your server.

These steps are Bitwarden-recommended best practices, but are not required. For more information, see Docker's Post-installation steps for Linux documentation.

  1. Create a bitwarden user:

    Bash
    sudo adduser bitwarden
  2. Set password for bitwarden user (strong password):

    Bash
    sudo passwd bitwarden
  3. Create a docker group (if it doesn’t already exist):

    Bash
    sudo groupadd docker
  4. Add the bitwarden user to the docker group:

    Bash
    sudo usermod -aG docker bitwarden
  5. Create a bitwarden directory:

    Bash
    sudo mkdir /opt/bitwarden
  6. Set permissions for the /opt/bitwarden directory:

    Bash
    sudo chmod -R 700 /opt/bitwarden
  7. Set the bitwarden user as owner of the /opt/bitwarden directory:

    Bash
    sudo chown -R bitwarden:bitwarden /opt/bitwarden

Install Bitwarden

warning

If you have created a Bitwarden user & directory, complete the following as the bitwarden user from the /opt/bitwarden directory. Do not install Bitwarden as root, as you will encounter issues during installation.

Bitwarden provides a shell script for easy installation on Linux and Windows (PowerShell). Complete the following steps to install Bitwarden using the shell script:

  1. Download the Bitwarden installation script (bitwarden.sh) to your machine:

    Bash
    curl -Lso bitwarden.sh "https://func.bitwarden.com/api/dl/?app=self-host&platform=linux" && chmod 700 bitwarden.sh
  2. Run the installer script. A ./bwdata directory will be created relative to the location of bitwarden.sh.

    Bash
    ./bitwarden.sh install
  3. Complete the prompts in the installer:

    • Enter the domain name for your Bitwarden instance:

      Typically, this value should be the configured DNS record.

    • Do you want to use Let's Encrypt to generate a free SSL certificate? (y/n):

      Specify y to generate a trusted SSL certificate using Let's Encrypt. You will be prompted to enter an email address for expiration reminders from Let's Encrypt. For more information, see Certificate Options.

      Alternatively, specify n and use the Do you have a SSL certificate to use? option.

    • Enter your installation id:

      Retrieve an installation id using a valid email at https://bitwarden.com/host. For more information, see what are my installation id and installation key used for?

    • Enter your installation key:

      Retrieve an installation key using a valid email at https://bitwarden.com/host. For more information, see What are my installation id and installation key used for?

    • Do you have a SSL certificate to use? (y/n):

      If you already have your own SSL certificate, specify y and place the necessary files in the ./bwdata/ssl/your.domain directory. You will be asked whether it is a trusted SSL certificate (y/n). For more information, see Certificate Options.

      Alternatively, specify n and use the self-signed SSL certificate? option, which is only recommended for testing purposes.

    • Do you want to generate a self-signed SSL certificate? (y/n):

      Specify y to have Bitwarden generate a self-signed certificate for you. This option is only recommended for testing. For more information, see Certificate Options.

      If you specify n, your instance will not use an SSL certificate and you will be required to front your installation with a HTTPS proxy, or else Bitwarden applications will not function properly.

Post-install configuration

Configuring your environment can involve making changes to two files; an environment variables file and an installation file:

Environment variables (required)

Some features of Bitwarden are not configured by the bitwarden.sh script. Configure these settings by editing the environment file, located at ./bwdata/env/global.override.env. At a minimum, you should replace the values for:

Bash
... globalSettings__mail__smtp__host=<placeholder> globalSettings__mail__smtp__port=<placeholder> globalSettings__mail__smtp__ssl=<placeholder> globalSettings__mail__smtp__username=<placeholder> globalSettings__mail__smtp__password=<placeholder> ... adminSettings__admins= ...

Replace globalSettings__mail__smtp...= placeholders to connect to the SMTP mail server that will be used to send verification emails to new users and invitations to organizations. Adding an email address to adminSettings__admins= will provision access to the System Administrator Portal.

After editing global.override.env, run the following command to apply your changes:

Bash
./bitwarden.sh restart

Installation file

The Bitwarden installation script uses settings in ./bwdata/config.yml to generate the necessary assets for installation. Some installation scenarios (such as installations behind a proxy with alternate ports) may require adjustments to config.yml that were not provided during standard installation.

Edit config.yml as necessary and apply your changes by running:

Bash
./bitwarden.sh rebuild

Start Bitwarden

Once you have completed all previous steps, start your Bitwarden instance:

Bash
./bitwarden.sh start
note

The first time you start Bitwarden it may take some time as it downloads all of the images from Docker Hub.

Verify that all containers are running correctly:

Bash
docker ps
docker-healthy.png
docker-healthy.png

Congratulations! Bitwarden is now up and running at https://your.domain.com. Visit the web vault in your web browser to confirm that it's working.

You may now register a new account and log in. You will need to have configured smtp environment variables (see Environment Variables) in order to verify the email for your new account.

tip

Once deployed, we recommend regularly backing up your server and checking for system updates.

Next Steps:

Script commands reference

The Bitwarden installation script (bitwarden.sh or bitwarden.ps1) has the following commands available:

note

PowerShell users will run the commands with a prefixed - (switch). For example .\bitwarden.ps1 -start.

Command

Description

install

Start the installer.

start

Start all containers.

restart

Restart all containers (same as start).

stop

Stop all containers.

update

Update all containers and the database.

updatedb

Update/initialize the database.

updaterun

Update the run.sh file.

updateself

Update this main script.

updateconf

Update all containers without restarting the running instance.

uninstall

Before this command executes, you will be prompted to save database files. y will create a tarfile of your database including the most recent backup.

Stops containers, deletes the bwdata directory and all its contents, and removes ephemeral volumes. After executing, you will be asked whether you also want to purge all Bitwarden images.

renewcert

Renew certificates.

rebuild

Rebuild generated installation assets from config.yml.

help

List all commands.

Make a suggestion to this page

Contact Our Support Team

For technical, billing, and product questions.

Name*
Bitwarden account email*
Verify account email*
Product*
Are you self-hosting?*
Subject*
Message...*

Cloud Status

Check status

© 2024 Bitwarden, Inc. Terms Privacy Cookie Settings Sitemap

This site is available in English.
Go to EnglishStay Here