How To Install Bitwarden on Debian 11: Best Password Manager

In this guide, we want to teach you to Install Bitwarden on Debian 11. Bitwarden enables you to sync your passwords across all of your devices using the same password vault. It also has browser extensions that allow you to automatically fill out passwords in your browser. It’s easy to use. Bitwarden is free, but for $10 / year, you can unlock some additional features, such as encrypted file backups.

Now follow the guide steps below on the Orcacore website to set up the Bitwarden password vault.

To install Bitwarden, you must log in to your server as a non-root user with sudo privileges. To do this, you can follow our guide on Initial Server Setup with Debian 11.

Also, you need to have Docker and Docker Compose installed on your server. To do these, you can visit the following guides:

Now follow the steps below to complete this guide.

Step 1. Create Bitwarden User on Debian 11

It is recommended to run Bitwarden as a dedicated user. To create the user you can use the following command:

sudo useradd -G docker,sudo -s /bin/bash -m -d /opt/bitwarden bitwarden

This will add the user to the sudo and Docker groups.

Then, set a password for your user by using the command below:

sudo passwd bitwarden

Set the correct permission for the /opt/bitwarden directory:

sudo chown -R bitwarden: /opt/bitwarden

Step 2. Installation Steps of Bitwarden on Debian 11

At this point, you need to visit the Bitwarden hosting page and get the Installation ID and Key.

Bitwarden Download Installer Script

Next, switch to Bitwarden user and download the Bitwarden installation script with the following curl command:

# su - bitwarden
# sudo curl -Lso bitwarden.sh "https://func.bitwarden.com/api/dl/?app=self-host&platform=linux"

Then, set the correct permission for your script:

sudo chmod 700 bitwarden.sh

Install and Start Bitwarden

Install the Bitwarden password manager with the following command:

sudo ./bitwarden.sh install

You will be asked to provide your domain or IP, SSL information, database name, installation ID and key, and self-signed SSL, as shown below:

**Output**
 _     _ _                         _
| |__ (_) |___      ____ _ _ __ __| | ___ _ __
| '_ | | __  / / / _` | '__/ _` |/ _  '_ 
| |_) | | |_  V  V / (_| | | | (_| |  __/ | | |
|_.__/|_|__| _/_/ __,_|_|  __,_|___|_| |_|

Open source password management solutions
Copyright 2015-2023, 8bit Solutions LLC
https://bitwarden.com, https://github.com/bitwarden

===================================================

bitwarden.sh version 2023.3.0
Docker version 23.0.3, build 3e7cbfd
Docker Compose version v2.11.2

(!) Enter the domain name for your Bitwarden instance (ex. bitwarden.example.com): bit.orcacore.net

(!) Do you want to use Let's Encrypt to generate a free SSL certificate? (y/n): n

(!) Enter the database name for your Bitwarden instance (ex. vault): bitdb

2023.3.0: Pulling from bitwarden/setup
3f9582a2cbe7: Pull complete
d866aec6058e: Pull complete
11332129480d: Pull complete
9f9b514859b0: Pull complete
b709e83c5e9e: Pull complete
1f8900615ea1: Pull complete
47137b35c8bf: Pull complete
b7b87e36a4d9: Pull complete
223d50917a39: Pull complete
23ee09621502: Pull complete
Digest: sha256:e09da2acdedd62819dd1fe774935d1a215058244cc6e1c18203bb65cf845f70c
Status: Downloaded newer image for bitwarden/setup:2023.3.0
docker.io/bitwarden/setup:2023.3.0

(!) Enter your installation id (get at https://bitwarden.com/host): 89c6b904-d1c1-42ff-9f99-afe501342444

(!) Enter your installation key: VUzFlxjaZzn4mevt6vvN

(!) Do you have a SSL certificate to use? (y/n): n

(!) Do you want to generate a self-signed SSL certificate? (y/n): y

Generating self signed SSL certificate.
Generating a RSA private key
............++++
........................................................................................................++++
writing new private key to '/bitwarden/ssl/self/bit.orcacore.net/private.key'
-----
Generating key for IdentityServer.
Generating a RSA private key
.....................................++++
.......................................................................................................................................................................................++++
writing new private key to 'identity.key'
-----

!!!!!!!!!! WARNING !!!!!!!!!!
You are using an untrusted SSL certificate. This certificate will not be
trusted by Bitwarden client applications. You must add this certificate to
the trusted store on each device or else you will receive errors when trying
to connect to your installation.

Building nginx config.
Building docker environment files.
Building docker environment override files.
Building FIDO U2F app id.
Building docker-compose.yml.

Installation complete

If you need to make additional configuration changes, you can modify
the settings in `./bwdata/config.yml` and then run:
`./bitwarden.sh rebuild` or `./bitwarden.sh update`

Next steps, run:
`./bitwarden.sh start`

Now you can start your Bitwarden by using the command below on Debian 11:

sudo ./bitwarden.sh start

**Output**
2023.3.0: Pulling from bitwarden/setup
Digest: sha256:e09da2acdedd62819dd1fe774935d1a215058244cc6e1c18203bb65cf845f70c
Status: Image is up to date for bitwarden/setup:2023.3.0
docker.io/bitwarden/setup:2023.3.0

Bitwarden is up and running!
===================================================

Step 3. Access Bitwarden Web Interface

At this point, you can access your Bitwarden Web interface by typing your domain name in your web browser:

https://your-domain

You will see the Bitwarden login screen, Click Create Account.

Then, provide the information and click create account.

You will be redirected to the Bitwarden login page. Enter the Email and master password and click login with a master password.

You should see the Bitwarden dashboard on Debian 11.

You can now add your passwords and share them between multiple devices.

Conclusion

At this point, you have learned to Install Bitwarden on Debian 11 and access your Bitwarden login screen, create an account, and access the dashboard. This guide demonstrates how to Install Bitwarden on Debian 11 using the official installation script.

Hope you enjoy it. You may also interested in these articles:

How To Install Portainer on Debian 11

Install GitHub Desktop on Debian 11

Alternative Solutions for Installing Bitwarden on Debian 11

While the official script provides a straightforward way to deploy Bitwarden, alternative methods offer flexibility and potentially simplified management. Here are two alternative solutions:

1. Installing Bitwarden Using Docker Compose (Without the Script)

This method allows for greater control over the individual Docker containers and their configurations. It involves creating a docker-compose.yml file that defines all the Bitwarden services and their dependencies. This approach can be preferable for those who want a deeper understanding of the Bitwarden architecture and how the different components interact.

Steps:

1. Create a docker-compose.yml file: This file will define the Bitwarden services (e.g., web, identity, SQL Server). A basic example is shown below, but you’ll need to customize it with your domain, database settings, and installation ID/key.
2. Configure Environment Variables: Instead of answering prompts during an installation script, you’ll set environment variables within the docker-compose.yml file to configure Bitwarden.
3. Run docker-compose up -d: This command will download the necessary Docker images and start the Bitwarden containers in detached mode.

Example docker-compose.yml (Minimal):

version: "3.9"

services:
  bitwarden:
    image: bitwardenrs/server:latest
    ports:
      - "80:80"  # Expose port 80 for HTTP (recommended to use HTTPS)
      - "443:443" # Expose port 443 for HTTPS
    volumes:
      - ./bw-data:/data
    environment:
      - SIGNUPS_ALLOWED=false #Disable new signups.
      - DOMAIN=your-domain.com #Replace with your domain name
      - INSTALLATION_ID=your_installation_id
      - INSTALLATION_KEY=your_installation_key
    restart: unless-stopped

Explanation:

• version: "3.9": Specifies the Docker Compose file version.
• services: bitwarden: Defines a service named "bitwarden."
• image: bitwardenrs/server:latest: Uses the official Bitwarden (Rust implementation) Docker image. The bitwardenrs/server image is a popular lightweight alternative to the official Bitwarden server, offering similar functionality with reduced resource usage.
• ports: Maps ports on the host machine to the container. You will need to configure a reverse proxy (like Nginx or Apache) to handle SSL/TLS termination and route traffic to the container if you want to use HTTPS.
• volumes: Creates a persistent volume to store Bitwarden data.
• environment: Sets environment variables used to configure Bitwarden. Replace your-domain.com, your_installation_id, and your_installation_key with your actual values.
• restart: unless-stopped: Automatically restarts the container unless it is explicitly stopped.

Advantages:

• Control: Fine-grained control over container configurations.
• Reproducibility: The docker-compose.yml file serves as a blueprint for deploying Bitwarden.
• Lightweight Alternative: Using bitwardenrs/server requires less resources.

Disadvantages:

• Complexity: Requires understanding of Docker Compose.
• Manual Configuration: Requires manual configuration of environment variables.
• Reverse Proxy: Requires setting up a reverse proxy for HTTPS.

2. Using Ansible to Automate the Installation

Ansible is an automation tool that can be used to provision and configure servers. An Ansible playbook can automate the entire Bitwarden installation process, from creating the user to starting the containers.

Steps:

1. Install Ansible: sudo apt update && sudo apt install ansible
2. Create an Ansible Playbook: This playbook will define the tasks needed to install Bitwarden.
3. Run the Playbook: ansible-playbook your_bitwarden_playbook.yml

Example Ansible Playbook (your_bitwarden_playbook.yml):

---
- hosts: your_server_hostname_or_ip
  become: true  # Run tasks as root
  tasks:
    - name: Create Bitwarden user
      user:
        name: bitwarden
        groups: docker,sudo
        shell: /bin/bash
        home: /opt/bitwarden
        create_home: yes

    - name: Set Bitwarden user password
      user:
        name: bitwarden
        password: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=12') }}"  # Generates a random password

    - name: Ensure /opt/bitwarden directory exists
      file:
        path: /opt/bitwarden
        state: directory
        owner: bitwarden
        group: bitwarden
        mode: '0755'

    - name: Download Bitwarden installation script
      get_url:
        url: "https://func.bitwarden.com/api/dl/?app=self-host&platform=linux"
        dest: /opt/bitwarden/bitwarden.sh
        owner: bitwarden
        group: bitwarden
        mode: '0700'

    - name: Install Bitwarden (Interactive - Requires user input)
      command: /opt/bitwarden/bitwarden.sh install
      become_user: bitwarden
      register: bitwarden_install
      # You might want to use expect module to automate interaction

    - name: Start Bitwarden
      command: /opt/bitwarden/bitwarden.sh start
      become_user: bitwarden
      when: bitwarden_install.rc == 0  # Only start if installation was successful

Explanation:

• hosts: Specifies the target server. Replace your_server_hostname_or_ip with the actual hostname or IP address.
• become: true: Elevates privileges to root for tasks that require it.
• tasks: A list of tasks to be executed.
• user: Creates the Bitwarden user. The password field uses the password lookup to generate a random password. You might want to store this securely.
• file: Creates the /opt/bitwarden directory.
• get_url: Downloads the Bitwarden installation script.
• command: Executes the Bitwarden installation script. Important: This is an interactive command and requires manual input. For fully automated installation, you would need to use the expect module or pre-configure the installation settings via environment variables or configuration files.
• command: Starts Bitwarden.
• become_user: bitwarden: Executes commands as the bitwarden user.
• when: bitwarden_install.rc == 0: Conditionally executes the start command only if the installation was successful (return code 0).

Advantages:

• Automation: Automates the entire installation process.
• Idempotency: Ansible playbooks are designed to be idempotent, meaning they can be run multiple times without changing the system state.
• Configuration Management: Can be used to manage the configuration of Bitwarden over time.

Disadvantages:

• Complexity: Requires understanding of Ansible.
• Initial Setup: Requires setting up Ansible and writing the playbook.
• Interactive Installation: The example playbook includes an interactive install step, which needs further automation using the expect module or pre-configuration.

Choosing the right installation method depends on your experience level and specific requirements. The official script is a good starting point, while Docker Compose and Ansible offer more advanced options for control and automation when you Install Bitwarden on Debian 11. The alternative methods provided here will allow you to Install Bitwarden on Debian 11 with greater control and configuration.