Set up Vaultwarden, a self-hosted Bitwarden implementation with dyrectorio using Docker from the ground up
Vaultwarden is a self-hosted implementation of Bitwarden. Its broad use case leaves room for individual and professional password management. Here's how you can set up Vaultwarden from setting up a VPS to deploying it with the help of dyrectorio.
Step 1: Get yourself a VPS
Before you can do anything, you'll need a VPS where you'll host Vaultwarden.
When looking for a VPS provider to host Vaultwarden, you need to consider several factors:
- Resources. Vaultwarden isn't a resource demanding application. According to a closed issue from 2018 on the project's GitHub repo, the stack can basically run on any hardware.
- Location. To reduce latency and get the most out of the VPS, choose a data center closest to your location.
- Support. Preferably the provider offers 24/7 customer support. It's always useful if the provider has forums and other places where users can look for solutions in case they bump into difficulties.
- Features. Backups and security options might be useful when hosting Vaultwarden.
For this case study, we used Hetzner.
Hetzner provides VPS with Ubuntu 22.04 and Docker CE's latest version when this blog post is written. As already mentioned, Vaultwarden is a lightweight application so as long as you plan to run it as single service on the VPS, the lowest available hardware is fine. Scaling up the hardware is still a possibility at most providers in case you decide to host other services on the VPS, however, scaling down is usually not possible. Therefore, we chose VPS with the lowest specs Hetzner offers:
- RAM: 2 GB
- VCPUs: 1 (Intel)
- SSD: 20 GB
Now that the VPS is purchased, time to get a domain to easily access Vaultwarden.
Free alternatives to Hetzner VPS
If you try to get the most out of Vaultwarden with minimal spending, you can set up free-tier AWS or Cloudflare accounts. You get minimal hardware which should be sufficient to run Docker and Vaultwarden.
Step 2: Get yourself a domain
Having a domain isn't necessary to host Vaultwarden, still, it makes sense to get one for better usability.
Here's what you need to keep in mind when picking the domain and its providers.
- Domain name. Human readability is a basic need, especially if you want to host Vaultwarden to manage passwords of subscriptions that the whole family uses. IP addresses aren't as user friendly as domains.
- Extension. Some extensions are pricier than others. For self-hosted Vaultwarden, it's unnecessary to go fancy.
- Support. Again, 24/7 availability is preferable with additional resources users can check to solve problems.
- Privacy. Purchasers' personal data can be checked out on WHOIS. If you want to avoid this, you can redact it at the provider to protect personal data.
- DNS. This is required to point the domain to VPS.
We used GoDaddy to purchase a domain. Select the domain you prefer. With GoDaddy's domain protection service, it shouldn't cost more than $11–12 a month if you don't need an email service.
After the purchase is complete, you're ready to connect the VPS to the domain.
Step 3: Point the domain to your VPS
This process shouldn't take more than a few minutes but keep in mind that some providers take 48 hours to process user requests to point a domain to a VPS. To do so, you need to add the VPS IP address to the domain's DNS as an A record.
In our case, the steps are the following:
- Add a new node by selecting the
Nodepanel on the left side and clicking on theAddbutton in the top right. Add a name and save the node. - Select Docker Host as the technology of the agent that'll be set up on your VPS. By clicking on the Generate script button, the platform will generate a one-liner you can use in the VPS' terminal to install the agent. More details about Nodes and dyrectorio agents are documented here. Use the toggle next to
Install traefik, which will enable you to deploy to subdomains pointing to your VPS. - Paste the one-liner in the terminal of the VPS on Hetzner, and press Enter. Soon dagent will run on the VPS and the node status will turn green from red.
There, our VPS is now ready to host Vaultwarden.
Step 4: Add your VPS as a deployment target in dyrectorio
To be able to set up Vaultwarden on your VPS, you need to define it as a node on dyrectorio. You can access dyrectorio beta here. After signing up to the platform, it goes as the steps described below. More details about node setup are here, but below you can see the steps of the process.
Check out the whole process in the video below:
- Add a new node by selecting the
Nodepanel on the left side and clicking on theAddbutton in the top right. Add a name and save the node. - Select Docker Host as the technology of the agent that'll be set up on your VPS. By clicking on the Generate script button, the platform will generate a one-liner you can use in the VPS' terminal to install the agent. More details about Nodes and dyrectorio agents are documented here. Use the toggle next to
Install traefik, which will enable you to deploy to subdomains pointing to your VPS. - Paste the one-liner in the terminal of the VPS on Hetzner, and press Enter. Soon dagent will run on the VPS and the node status will turn green from red.
The only remaining step is to deploy Vaultwarden to the VPS.
Step 5: Deploy Vaultwarden to your VPS in dyrectorio
Click on Templates on the left and select Vaultwarden from the templates listed by clicking Add.
You're able to specify a name and a description to the Vaultwarden stack you plan to deploy. Depending on if you plan to roll out the latest version of Vaultwarden, you can pick if you want to deploy Vaultwarden as a simple or a complex type of product. More details on the differences here, but a simple product will likely do for most users.
Click Add to save Vaultwarden as a product.
Click on the gear icon next to Vaultwarden's image. On the configuration screen specify the following variables with your domain:
name,hostunder Ingress section.nameis the first part of the domain,hostis the second. Example: if your domain isvault.example.com, thenname = vault,host = example.com.DOMAINunder Environments section. Example: if your domain isvault.example.com, thenDOMAINkey will behttps://vault.example.com.
When you got the domain configured, click Back to head back to Vaultwarden's overview.
Click Add deployment.
Select the Node — your VPS –, and click Add.
Click Deploy to setup Vaultwarden.
After the deployment status turns successful…
Traefik will take up to 5 minutes to do its magic. Enter domain in the URL bar and enjoy your self-hosted Vaultwarden, as seen below.
This blogpost was written by the team of specialists at dyrector.io. dyrector.io is an open-source container management platform.
Find our project on GitHub. Read our docs to learn more about our platform. Any contribution is welcome!
To stay updated about our product follow us on Twitter, Instagram and LinkedIn.
Join our public Discord server to discuss DevOps.
