How Tos, Servers

Setup BitWarden Password Management

 ,

Introduction

I’ve been searching for a suitable password management system for a while now. I’ve tried a few but have experience multiple problems or juts didn’t like the interface. My basic requirements for the system are as follows:

  • Web interface
  • SSL
  • Self Hosted
  • Free or cheap
  • Chrome extension and iOS/Adroid app

Months ago I tried passvault and syspass. Passvault met all the requirements with the exception of the iOS app. However, no matter how I tried to install it, I could never get it to work outside of my network. No matter what I did, I could not get the damn thing to work while I was at work. I then had syspass for a while and it worked, but didn’t have the extension and, honestly, is kind of ugly. That’s a silly reason, but it irritated me. Syspass also seemed very buggy and you could tell it wasn’t quite as polished as I think it should have been.

That brings me to now. I was searching through homelab or selfhosted on reddit and came across bitwarden. I have never heard of that before but the interface looked promising. I decided to give it a try, despite never using docker before. Here’s what I did to get it working well:

Prerequisites

I’m not going to go into installing an OS, so here’s the prerequisites:

  1. A working Ubuntu Server VM (or physical box, I guess, if that’s your thing)
  2. A domain name
  3. For this tutorial, I already have certificates created on my proxy server by letsencrypt. If you don’t have these, not a big deal as the installer will setup letsencrypt for you (I think).

Docker and Docker Compose Install

Once you’ve got Ubuntu and running and you know the domain you plan on using, ssh into that beast and start running the following:

I prefer to run sudo su at the beginning of this because, well, laziness:

sudo su

Now just do a quick update:

apt-get update

Run the following to allow apt to use HTTPS

apt-get install \
apt-transport-https \
ca-certificates \
curl \
software-properties-common

Once that’s done, then you’ll install the GPG key for Docker

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add –

Now we want to verify that we have the key with the correct fingerprint of 9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88 by running the following:

apt-key fingerprint 0EBFCD88

Now that we’re good there, go ahead and add the official repository for Docker:

add-apt-repository \
“deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable”

Now that the repository is there, do an update:

apt-get update

Now simply install Docker

apt-get install docker-ce

Now that Docker is installed, start installing Docker Compose

curl -L https://github.com/docker/compose/releases/download/1.17.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

Now that you’ve done that, go ahead and change the permissions:

chmod +x /usr/local/bin/docker-compose

And finally just verify that you’ve got the docker compose installed and that it’s on the correct version with:

docker-compose –version

Install BitWarden

Now that you’ve got Docker going, we’ll start with the BitWarden install.

I like to keep my stuff organized so I created a new folder to store the app:

mkdir -p /apps/bitwarden

Now move to the newly created folder and run the following to download the script to install bitwarden:

curl -s -o bitwarden.sh \
https://raw.githubusercontent.com/bitwarden/core/master/scripts/bitwarden.sh \
&& sudo chmod u+x bitwarden.sh

Now that we’ve got that, simply run the following:

./bitwarden.sh install

That will prompt you with a few questions. You should be able to answer them.

Once that’s installed, if you’re going to provide an SMTP server for it to be able to send emails (you need to do this for it to really function), browse to /apps/bitwarden/bwdata/env and edit global.override.env with the SMTP parameters you use

Now that you’ve done that, you can start the service. Make sure and do this BEFORE trying to copy over any SSL certs (I did this out of order and it makes it not happy). Start the service with:

./bitwarden.sh start

Once that completes, verify it’s running with the following:

docker ps

Now that it’s running, you need to run one more thing:

./bitwarden.sh updatedb

Now that it’s running, if you opted to bring your own SSL certs, you’ll browse to /bwdata/ssl and create a new directory named your domain name.

Once that’s created, you can copy your files in. I used letsencrypt on my proxy to create these files and I had some confusion as to the certificates. Bitwarden needs them to be .ca and .crt extensions but all of the letsencrypt stuff is .pem. Turns out it’s really easy to convert these – but I didn’t know which was which. All you have to do is rename the .pem files as such:

  • cert.pem = certificate.crt
  • privkey.pem = private.key
  • fullchain.pem = ca.crt

Other Notes

I contacted bitwarden support as I was having issues with the certs (they have awesome support, BTW) and they gave me this nice command to help identify issues with the docker system:

docker-compose -f ./bwdata/docker/docker-compose.yml -f ./bwdata/docker/docker-compose.linwin.yml up