Install Bitwarden on Ubuntu 20.04: Best Password Manager
This guide will walk you through the process of Install Bitwarden on Ubuntu 20.04. Bitwarden stands out as an open-source password manager, meaning its underlying code is continuously scrutinized by a community comprising developers, researchers, users, and the wider public. This collaborative approach allows for faster identification of bugs, leading to a more secure application.
Follow the steps detailed on this guide to deploy Bitwarden, the preferred password management solution, on your Ubuntu 20.04 server. Let’s dive into the installation process of Install Bitwarden on Ubuntu 20.04.
1. Requirements for Bitwarden Setup
Before starting, ensure you meet the following prerequisites:
- Non-Root User with Sudo Privileges: You must be logged into your server as a non-root user with
sudoprivileges. If you haven’t already, refer to our guide on Initial Server Setup with Ubuntu 20.04 for instructions. - Docker and Docker Compose: Docker and Docker Compose are essential for running Bitwarden. Install them using the guides:
With these requirements in place, you are ready to proceed.
2. Create Bitwarden User on Ubuntu 20.04
Creating a dedicated user for Bitwarden is a security best practice. Use the following command:
sudo useradd -G docker,sudo -s /bin/bash -m -d /opt/bitwarden bitwardenThis command creates a new user named bitwarden, adds it to the docker and sudo groups, sets the shell to /bin/bash, creates a home directory /opt/bitwarden, and assigns it to the new user.
Next, set a password for the bitwarden user:
sudo passwd bitwarden**Output**
New password:
Retype new password:
passwd: password updated successfullyFinally, assign the correct permissions to the /opt/bitwarden directory:
sudo chown -R bitwarden: /opt/bitwarden3. Install Bitwarden Password Manager on Ubuntu 20.04
Visit the Bitwarden hosting page to obtain your Installation ID and Key. These are required to complete the installation.
Switch to the bitwarden user and download the Bitwarden installation script using curl:
# su - bitwarden
# sudo curl -Lso bitwarden.sh https://go.btwrdn.co/bw-shMake the script executable:
sudo chmod +x bitwarden.shRun the installation script:
sudo ./bitwarden.sh installThe script will prompt you for various information, including your domain name or IP address, SSL configuration, database name, Installation ID, Installation Key, and whether to use a self-signed SSL certificate.
**Output**
_ _ _ _
| |__ (_) |___ ____ _ _ __ __| | ___ _ __
| '_ | | __ / / / _` | '__/ _` |/ _ '_
| |_) | | |_ V V / (_| | | | (_| | __/ | | |
|_.__/|_|__| _/_/ __,_|_| __,_|___|_| |_|
Open source password management solutions
Copyright 2015-2023, 8bit Solutions LLC
https://bitwarden.com, https://github.com/bitwarden
===================================================
bitwarden.sh version 2023.3.0
Docker version 23.0.3, build 3e7cbfd
Docker Compose version v2.11.2
(!) Enter the domain name for your Bitwarden instance (ex. bitwarden.example.com): bit.orcacore.net
(!) Do you want to use Let's Encrypt to generate a free SSL certificate? (y/n): n
(!) Enter the database name for your Bitwarden instance (ex. vault): bitdb
2023.3.0: Pulling from bitwarden/setup
3f9582a2cbe7: Pull complete
d866aec6058e: Pull complete
11332129480d: Pull complete
9f9b514859b0: Pull complete
b709e83c5e9e: Pull complete
1f8900615ea1: Pull complete
47137b35c8bf: Pull complete
b7b87e36a4d9: Pull complete
223d50917a39: Pull complete
23ee09621502: Pull complete
Digest: sha256:e09da2acdedd62819dd1fe774935d1a215058244cc6e1c18203bb65cf845f70c
Status: Downloaded newer image for bitwarden/setup:2023.3.0
docker.io/bitwarden/setup:2023.3.0
(!) Enter your installation id (get at https://bitwarden.com/host): 89c6b904-d1c1-42ff-9f99-afe501342444
(!) Enter your installation key: VUzFlxjaZzn4mevt6vvN
(!) Do you have a SSL certificate to use? (y/n): n
(!) Do you want to generate a self-signed SSL certificate? (y/n): y
Generating self signed SSL certificate.
Generating a RSA private key
............++++
........................................................................................................++++
writing new private key to '/bitwarden/ssl/self/bit.orcacore.net/private.key'
-----
Generating key for IdentityServer.
Generating a RSA private key
.....................................++++
.......................................................................................................................................................................................++++
writing new private key to 'identity.key'
-----
!!!!!!!!!! WARNING !!!!!!!!!!
You are using an untrusted SSL certificate. This certificate will not be
trusted by Bitwarden client applications. You must add this certificate to
the trusted store on each device or else you will receive errors when trying
to connect to your installation.
Building nginx config.
Building docker environment files.
Building docker environment override files.
Building FIDO U2F app id.
Building docker-compose.yml.
Installation complete
If you need to make additional configuration changes, you can modify
the settings in `./bwdata/config.yml` and then run:
`./bitwarden.sh rebuild` or `./bitwarden.sh update`
Next steps, run:
`./bitwarden.sh start`Start Bitwarden
Start the Bitwarden instance with the following command:
sudo ./bitwarden.sh start**Output**
2023.3.0: Pulling from bitwarden/setup
Digest: sha256:e09da2acdedd62819dd1fe774935d1a215058244cc6e1c18203bb65cf845f70c
Status: Image is up to date for bitwarden/setup:2023.3.0
docker.io/bitwarden/setup:2023.3.0
Bitwarden is up and running!
===================================================Update Bitwarden
To keep your Bitwarden instance up to date, run these commands:
# sudo ./bitwarden.sh updateself
# sudo ./bitwarden.sh update4. Access Bitwarden Web Interface
Access the Bitwarden web interface by navigating to your domain name in a web browser:
https://your-domainYou’ll be greeted with the Bitwarden login screen. Click Create Account.
Enter the required information and click create account.
You will be redirected to the Bitwarden login page. Enter your email and master password and click login.
The Bitwarden dashboard should now be visible on your Ubuntu 20.04 server.
You can begin adding your passwords and synchronizing them across your devices.
Conclusion
Bitwarden offers a secure and user-friendly solution for managing your passwords. This guide demonstrated how to Install Bitwarden Password Manager on Ubuntu 20.04.
Hopefully, you found this guide helpful. You may also be interested in these articles:
Use AWK Command with Examples on Linux
Check and Install Security Updates on Centos 7
Install and Configure Jenkins on AlmaLinux 9
Alternative Solutions to Installing Bitwarden on Ubuntu 20.04
While the provided method using the official Bitwarden installation script is recommended and straightforward, there are alternative approaches to achieve the same outcome. Here are two different methods:
1. Using Snap Package
Snap is a package management system developed by Canonical (the company behind Ubuntu) that simplifies software installation. Bitwarden is available as a Snap package, which can streamline the setup process. Note this installs the Bitwarden client application, not the server itself. It provides access to your Bitwarden Vault and can be used alongside the original solution to access your locally hosted Vault or to access the official Bitwarden cloud hosted solution.
Explanation:
Snap packages are self-contained and include all the necessary dependencies, reducing the risk of conflicts with other software on your system. This makes installations and updates easier and more reliable.
Installation Steps:
-
Update Snap: Ensure that your snap package manager is up to date:
sudo snap refresh -
Install Bitwarden Snap: Install the Bitwarden client from the Snap Store:
sudo snap install bitwarden -
Run Bitwarden: Once installed, you can run Bitwarden from the command line or your application menu:
bitwarden
This method is particularly useful for desktop users who primarily need the Bitwarden client application. It does not allow for hosting your own Bitwarden server, as the original article covers.
2. Manual Docker Compose Setup (Advanced)
The official bitwarden.sh script automates the creation of the docker-compose.yml file and other configurations. For more granular control or for integration into existing infrastructure setups, you can manually create and manage the Docker Compose configuration.
Explanation:
This approach gives you the flexibility to customize every aspect of the Bitwarden deployment, such as network configurations, volume mappings, and environment variables. However, it requires a deeper understanding of Docker and Docker Compose.
Steps:
-
Create a
docker-compose.ymlFile:Create a
docker-compose.ymlfile in a directory of your choice (e.g.,/opt/bitwarden-manual). The content should resemble the following (adjust versions as needed):version: '3.7' services: nginx: image: bitwarden/nginx:latest ports: - "80:80" - "443:443" volumes: - ./bwdata:/etc/bitwarden depends_on: - mssql restart: always mssql: image: bitwarden/mssql:latest volumes: - ./bwdata:/var/opt/mssql environment: SA_PASSWORD: "YourSecurePassword" # Replace with a strong password restart: always identity: image: bitwarden/identity:latest volumes: - ./bwdata:/identity depends_on: - mssql restart: always api: image: bitwarden/api:latest volumes: - ./bwdata:/api depends_on: - mssql restart: always admin: image: bitwarden/admin:latest volumes: - ./bwdata:/admin ports: - "8080:80" # Admin UI port (optional) depends_on: - mssql restart: alwaysImportant Considerations:
SA_PASSWORD: Replace"YourSecurePassword"with a strong, unique password for the SQL Server administrator account.- Volumes: The
./bwdatadirectory will store the Bitwarden data. Ensure it has appropriate permissions (owned by the user you’ll run Docker Compose as). - Ports: Adjust port mappings as needed, especially if you have other services using ports 80 and 443. Consider using a reverse proxy like Traefik or Nginx Proxy Manager for managing SSL certificates and routing.
- SSL Certificates: This example doesn’t include SSL configuration. You’ll need to configure Nginx with SSL certificates from Let’s Encrypt or another provider.
-
Configure Environment Variables:
Create an
.envfile in the same directory to store sensitive information like the database password and other configuration settings. This enhances security by preventing hardcoding credentials in thedocker-compose.ymlfile.SA_PASSWORD=YourSecurePassword DOMAIN=bitwarden.example.com # Replace with your domain INSTALLATION_ID=YourInstallationId INSTALLATION_KEY=YourInstallationKey -
Start the Containers:
Navigate to the directory containing your
docker-compose.ymlfile and run:docker-compose up -dThis will download the necessary images and start the Bitwarden containers in detached mode.
-
Configure SSL (Essential):
This manual setup requires you to configure SSL certificates for Nginx. You can use Let’s Encrypt with Certbot or manually create self-signed certificates (not recommended for production).
-
Initial Configuration:
Access the Bitwarden web interface through your configured domain. You’ll need to complete the initial setup steps, including creating an account and configuring email settings.
Code Example: Docker Compose File (Revised for SSL)
This example includes a basic SSL configuration using Let’s Encrypt with Certbot. It assumes you have Certbot installed and configured on your server. You will also need to adapt this example to your setup and domain names.
version: '3.7'
services:
nginx:
image: bitwarden/nginx:latest
ports:
- "80:80"
- "443:443"
volumes:
- ./bwdata:/etc/bitwarden
- ./certbot/conf:/etc/letsencrypt
- ./certbot/www:/var/www/certbot
depends_on:
- mssql
restart: always
networks:
- bitwarden
mssql:
image: bitwarden/mssql:latest
volumes:
- ./bwdata:/var/opt/mssql
environment:
SA_PASSWORD: ${SA_PASSWORD}
restart: always
networks:
- bitwarden
identity:
image: bitwarden/identity:latest
volumes:
- ./bwdata:/identity
depends_on:
- mssql
restart: always
networks:
- bitwarden
api:
image: bitwarden/api:latest
volumes:
- ./bwdata:/api
depends_on:
- mssql
restart: always
networks:
- bitwarden
admin:
image: bitwarden/admin:latest
volumes:
- ./bwdata:/admin
ports:
- "8080:80" # Admin UI port (optional)
depends_on:
- mssql
restart: always
networks:
- bitwarden
certbot:
image: certbot/certbot:latest
volumes:
- ./certbot/conf:/etc/letsencrypt
- ./certbot/www:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
networks:
- bitwarden
networks:
bitwarden:Nginx Configuration (Example)
You will need to configure your Nginx reverse proxy to route traffic to the Bitwarden containers. Here’s a basic example (adjust to your domain and setup):
server {
listen 80;
server_name bitwarden.example.com;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name bitwarden.example.com;
ssl_certificate /etc/letsencrypt/live/bitwarden.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bitwarden.example.com/privkey.pem;
location / {
proxy_pass http://nginx:80; # Assuming nginx service name is 'nginx'
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}This alternative solution using manual Docker Compose setup is significantly more complex but provides a high degree of customization and control. Install Bitwarden on Ubuntu 20.04 and then choose your preferred method.
