Install Vaultwarden with Docker Compose
This article is for those looking for a detailed and straightforward guide on installing Vaultwarden with Docker Compose.
Vaultwarden is an alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal.
In this guide, we will consider the case when you already have a server with the Ubuntu Server 22.04 LTS operating system installed on it.
You can read more about how to install Ubuntu Server 22.04 LTS in my guide “Install Ubuntu Server 22.04 LTS”.
Also, the server must have Docker Engine and Docker Compose installed.
You can learn how to install Docker Engine and Docker Compose on Ubuntu Server by reading “Install Docker Engine and Docker Compose on Ubuntu Server”.
In addition, OpenSSH must be installed on the server, and port 22 must be open in order to be able to connect to the server using the SSH protocol.
To install OpenSSH on a server, you can use the command:
If you plan to connect to the server using the Windows operating system, you can use PuTTY or MobaXterm.
This guide describes how to connect to a server using the iTerm2 terminal emulator installed on the macOS operating system.
Please note that you will need to open the following TCP ports to access your server:
- TCP port 80 - to receive a free cryptographic certificate through the Let’s Encrypt CA.
- TCP port 443 - to access the Vaultwarden web interface.
We connect to the server on which you plan to install Docker Compose.
Now you need to create a YAML configuration file that will contain all the necessary conditions for Docker Compose to work.
Let’s create a YAML configuration file using a text editor using the command:
Hit the “i” button to go into edit mode, then insert the following configuration for Vaultwarden to work.
Next, you need to make changes to the configuration so that the contents of the file match your conditions. Parameters that need to be checked or changed are marked “(replace with yours)”.
In this guide, the vaultwarden.heyvaldemar.net subdomain will be used to access Vaultwarden from the Internet. You will need to specify your domain or subdomain by which your Vaultwarden will be accessible from the Internet.
In the “traefik.http.middlewares.authtraefik.basicauth.users” parameter, you must specify the username and password hash to access the Traefik dashboard.
Please note that you can use this service to get the password hash.
Now press the “Esc” button to exit edit mode, then type “:x” and press the “Enter” button to save your changes and exit the editor.
Now let’s start Vaultwarden with the command:
To access the Vaultwarden control panel, you need to go from the workstation to the link https://vaultwarden.heyvaldemar.net, where vaultwarden.heyvaldemar.net is the name of my server. Accordingly, you need to specify the name of your server with Vaultwarden installed.
Next, you need to register to start using the Vaultwarden dashboard.
To access the Traefik control panel, go to the link https://traefik.ghost.heyvaldemar.net from the workstation, where traefik.ghost.heyvaldemar.net is the name of my server. Accordingly, you need to specify the name of your server with Traefik installed.
Specify the username and password specified earlier in the YAML configuration file and click on the “OK” button.
Welcome to the Traefik dashboard.