Set up Bitwarden Password Manager on Debian 12: Secure Password Manager

By Posted on

Set up Bitwarden Password Manager on Debian 12: Secure Password Manager

Set up Bitwarden Password Manager on Debian 12: Secure Password Manager

This guide details how to Set up Bitwarden Password Manager on Debian 12 Bookworm. Bitwarden provides a secure and convenient way to manage your passwords, allowing you to synchronize them across all your devices through a single, encrypted vault. Its browser extensions also streamline the login process by automatically filling in your credentials.

You can use this tutorial alongside resources available on the Orcacore website to assist with Docker and Docker Compose installation, ultimately enabling you to Set up Bitwarden Password Manager on Debian 12.

Before diving into the installation, let’s review the prerequisites.

Requirements for Bitwarden Setup with Docker

To successfully install Bitwarden, you’ll need the following:

  1. A Non-Root User with Sudo Privileges: Ensure you’re logged into your Debian 12 server as a user with sudo privileges. If you haven’t already, refer to Orcacore’s guide on Initial Server Setup with Debian 12 Bookworm for detailed instructions.

  2. Docker and Docker Compose: Docker and Docker Compose are essential for containerizing and managing the Bitwarden installation. Follow these guides to install them:

    • Install Docker CE on Debian 12 Bookworm
    • Install Docker Compose on Debian 12 Bookworm

  3. A Domain Name: A domain name pointed to your server’s IP address is necessary for accessing your Bitwarden instance via a web browser.

Now that you have these prerequisites, let’s proceed with the steps to Set up Bitwarden Password Manager on Debian 12.

Step 1 – Create a Dedicated User for Bitwarden on Debian 12

Running Bitwarden under a dedicated user is a best practice for security. Use the following command to create a bitwarden user:

sudo useradd -G docker,sudo -s /bin/bash -m -d /opt/bitwarden bitwarden

This command adds the bitwarden user to both the docker and sudo groups.

Next, set a password for the new user:

sudo passwd bitwarden
**Output**
New password:
Retype new password:
passwd: password updated successfully

Finally, assign the correct permissions to the /opt/bitwarden directory:

sudo chown -R bitwarden: /opt/bitwarden

Step 2 – Install Bitwarden Password Manager on Debian 12

Visit the Bitwarden hosting page to obtain your Installation ID and Key.

Enter your email address and click submit.

[Image of Bitwarden request hosting]

You’ll then receive your Installation ID and Key.

[Image of Bitwarden installation ID and key]

Now, switch to the bitwarden user and download the Bitwarden installation script using curl:

# su - bitwarden
# sudo curl -Lso bitwarden.sh https://go.btwrdn.co/bw-sh

Set the correct permissions for the script:

sudo chmod +x bitwarden.sh

Execute the installation script:

sudo ./bitwarden.sh install

The script will prompt you for several pieces of information, including your domain or IP address, SSL configuration, database name, Installation ID, Key, and whether you want to use a self-signed SSL certificate. An example output is shown below:

**Output**
 _     _ _                         _
| |__ (_) |___      ____ _ _ __ __| | ___ _ __
| '_ | | __  / / / _` | '__/ _` |/ _  '_ 
| |_) | | |_  V  V / (_| | | | (_| |  __/ | | |
|_.__/|_|__| _/_/ __,_|_|  __,_|___|_| |_|

Open source password management solutions
Copyright 2015-2023, 8bit Solutions LLC
https://bitwarden.com, https://github.com/bitwarden

===================================================

bitwarden.sh version 2023.7.2
Docker version 24.0.5, build ced0996
Docker Compose version v2.20.2

(!) Enter the domain name for your Bitwarden instance (ex. bitwarden.example.com): bit.orcacore.net

(!) Do you want to use Let's Encrypt to generate a free SSL certificate? (y/n): n

(!) Enter the database name for your Bitwarden instance (ex. vault): bitdb

2023.3.0: Pulling from bitwarden/setup
3f9582a2cbe7: Pull complete
d866aec6058e: Pull complete
11332129480d: Pull complete
9f9b514859b0: Pull complete
b709e83c5e9e: Pull complete
1f8900615ea1: Pull complete
47137b35c8bf: Pull complete
b7b87e36a4d9: Pull complete
223d50917a39: Pull complete
23ee09621502: Pull complete
Digest: sha256:e09da2acdedd62819dd1fe774935d1a215058244cc6e1c18203bb65cf845f70c
Status: Downloaded newer image for bitwarden/setup:2023.3.0
docker.io/bitwarden/setup:2023.3.0

(!) Enter your installation id (get at https://bitwarden.com/host): 89c6b904-d1c1-42ff-9f99-afe501342444

(!) Enter your installation key: VUzFlxjaZzn4mevt6vvN

(!) Do you have a SSL certificate to use? (y/n): n

(!) Do you want to generate a self-signed SSL certificate? (y/n): y

Generating self signed SSL certificate.
Generating a RSA private key
............++++
........................................................................................................++++
writing new private key to '/bitwarden/ssl/self/bit.orcacore.net/private.key'
-----
Generating key for IdentityServer.
Generating a RSA private key
.....................................++++
.......................................................................................................................................................................................++++
writing new private key to 'identity.key'
-----

!!!!!!!!!! WARNING !!!!!!!!!!
You are using an untrusted SSL certificate. This certificate will not be
trusted by Bitwarden client applications. You must add this certificate to
the trusted store on each device or else you will receive errors when trying
to connect to your installation.

Building nginx config.
Building docker environment files.
Building docker environment override files.
Building FIDO U2F app id.
Building docker-compose.yml.

Installation complete

Step 3 – How To Start Bitwarden Password Manager?

Start your Bitwarden instance using the following command:

sudo ./bitwarden.sh start
**Output**
2023.7.2: Pulling from bitwarden/setup
Digest: sha256:8040174b601984a687aa429464a02392ae1638887ef261d9563c4d4ecb9cb88f
Status: Image is up to date for bitwarden/setup:2023.7.2
docker.io/bitwarden/setup:2023.7.2

Bitwarden is up and running!
===================================================

Step 4 – How To Update Bitwarden Password Manager on Debian 12?

To update your Bitwarden installation, run these commands:

# sudo ./bitwarden.sh updateself
# sudo ./bitwarden.sh update

Step 4 – Access Bitwarden Dashboard via Web Interface

Access your Bitwarden web interface by navigating to your domain name in a web browser:

https://your-domain

You’ll be presented with the Bitwarden login screen. Click Create Account.

[Image of bitwarden create an account Debian 12]

Enter your information and click Create Account.

[Image of Provide account details for bitwarden]

You will be redirected to the login page. Enter your email and master password and click login with a master password.

[Image of bitwarden login page]

You should now see the Bitwarden dashboard on Debian 12.

[Image of Bitwarden dashboard Debian 12]

You can now start adding your passwords and sharing them across your devices.

Conclusion

You’ve successfully installed Docker and Docker Compose, and configured Bitwarden Password Manager on Debian 12 using the command line. You can now access the Bitwarden dashboard through a web browser.

Alternative Solutions for Setting Up Bitwarden

While the above method using the official Bitwarden installation script is straightforward, other approaches exist. Here are two alternative solutions:

1. Using the Bitwarden Unified Docker Image (without the script)

This method involves directly using the bitwardenrs/server Docker image (now vaultwarden/server) and configuring it via environment variables. This offers more granular control and simplifies some aspects of the initial setup.

  • Explanation: Instead of relying on the bitwarden.sh script, you can define all configuration options directly in your docker-compose.yml file or via Docker run commands. This eliminates the interactive installation process and allows for more automated deployments.

  • Code Example (docker-compose.yml):

version: "3.8"

services:
  bitwarden:
    image: vaultwarden/server:latest
    container_name: bitwarden
    restart: unless-stopped
    ports:
      - "80:80"  # Adjust if using a reverse proxy
      - "443:443" # Adjust if using a reverse proxy
    volumes:
      - ./data:/data
    environment:
      - WEBSOCKET_ENABLED=true  # Enable websocket support
      - SIGNUPS_ALLOWED=true  # Allow new user signups (consider disabling for security)
      - INVITATIONS_ALLOWED=true
      - DOMAIN=your-domain.com  # Replace with your domain
      - ADMIN_TOKEN=your-admin-token  # Replace with a strong, random token. Required if SIGNUPS_ALLOWED=false
      #SSL Configuration. Use a reverse proxy (e.g. nginx or traefik) for handling SSL.
      #For testing purposes only:
      #- SSL_CERT=/etc/letsencrypt/live/your-domain.com/fullchain.pem
      #- SSL_KEY=/etc/letsencrypt/live/your-domain.com/privkey.pem
  • Steps:
    1. Create a docker-compose.yml file with the above content, replacing your-domain.com and your-admin-token with appropriate values.
    2. Create a directory named data in the same directory as your docker-compose.yml file: mkdir data
    3. Run docker-compose up -d to start the container.
    4. If you disabled sign-ups, access the admin panel at your-domain.com/admin using the ADMIN_TOKEN to create the initial user.
    5. Configure a reverse proxy like Nginx or Traefik to handle SSL certificates and routing.

2. Using a Pre-Built Bitwarden Appliance (e.g., TurnKey Linux)

This solution involves deploying a pre-configured virtual appliance that includes Bitwarden and all necessary dependencies. This offers the simplest and fastest setup but provides less customization.

  • Explanation: TurnKey Linux provides a Bitwarden appliance that simplifies the deployment process. It’s a pre-configured virtual machine image that includes Bitwarden, Docker, and other required components. You simply download the image, import it into your virtualization environment (e.g., VirtualBox, VMware), and configure the initial settings.

  • Steps:

    1. Download the TurnKey Linux Bitwarden appliance ISO image from the TurnKey Linux website.
    2. Create a new virtual machine in your virtualization environment.
    3. Mount the ISO image to the virtual machine and boot from it.
    4. Follow the on-screen instructions to install TurnKey Bitwarden. You’ll be prompted to set passwords for the root and Bitwarden web administration interface.
    5. After installation, the appliance will display the Bitwarden URL.
    6. Configure DNS to point your domain name to the virtual machine’s IP address.

These alternative solutions provide different trade-offs between ease of setup, customization, and control. The choice depends on your specific needs and technical expertise. The original method is well documented and useful, but other solutions could benefit different types of system users.

Related posts:

Leave a Reply

Your email address will not be published. Required fields are marked *