Skip to main content
Sean’s Tech Notes
  1. Posts/

Bitwarden Server

Bitwarden Password-Manager Self-Hosted Ubuntu Docker Security
Table of Contents

My Bitwarden Server Setup
#

This guide follows Bitwarden’s official Linux Standard Deployment process for Ubuntu.

Prerequisites
#

  • Ubuntu server with a static IP or reliable DNS
  • Docker Engine 26+ and Docker Compose plugin installed
  • A domain name pointed to your server
  • Ports 80 and 443 open in your firewall/router
  • Installation ID and Installation Key from Bitwarden Host

Bitwarden recommends consistent protocol usage across the deployment. Use HTTPS in production.

Prepare Domain and Server
#

Set DNS for your chosen domain to your server IP and make sure inbound 80/443 are allowed.

Install Docker and verify Docker Compose plugin:

docker --version
docker compose version

If needed, use the official Docker docs to install Engine and Compose plugin before continuing.

Create Bitwarden User and Directory
#

Bitwarden recommends running as a dedicated bitwarden user, not root.

sudo adduser bitwarden
sudo usermod -aG docker bitwarden
sudo mkdir -p /opt/bitwarden
sudo chmod -R 700 /opt/bitwarden
sudo chown -R bitwarden:bitwarden /opt/bitwarden

Switch to the bitwarden user:

su - bitwarden
cd /opt/bitwarden

Download and Run the Installer
#

Download the official script:

curl -Lso bitwarden.sh "https://func.bitwarden.com/api/dl/?app=self-host&platform=linux" && chmod 700 bitwarden.sh

Run the installer:

./bitwarden.sh install

During install, you will be prompted for:

  • domain name,
  • Let’s Encrypt or custom certificate settings,
  • Installation ID,
  • Installation Key,
  • region (US/EU).

Post-install Configuration (Required)
#

Bitwarden requires additional environment configuration after install.

Edit:

nano ./bwdata/env/global.override.env

At minimum, set SMTP values and optional admin users:

globalSettings__mail__smtp__host=
globalSettings__mail__smtp__port=
globalSettings__mail__smtp__ssl=
globalSettings__mail__smtp__username=
globalSettings__mail__smtp__password=
adminSettings__admins=

Apply changes:

./bitwarden.sh restart

Start Bitwarden
#

./bitwarden.sh start

The first start may take a while while images are pulled.

Verify containers:

docker ps

Access the Web UI
#

Open your Bitwarden URL in a browser:

https://your-domain.example.com

Create your account and confirm email verification works (SMTP must be configured).

Useful Management Commands
#

Stop services:

./bitwarden.sh stop

Restart services:

./bitwarden.sh restart

Update Bitwarden:

./bitwarden.sh updateself
./bitwarden.sh update

Rebuild generated assets after config.yml changes:

./bitwarden.sh rebuild

Backup Notes
#

Back up your Bitwarden data regularly, especially:

  • bwdata/ directory contents,
  • database backups,
  • and TLS certificates.

Store backups off-site and test restore procedures periodically.

Bitwarden recommends backing up before each update.

Conclusion
#

You now have a self-hosted Bitwarden server running on Ubuntu. With regular updates, backups, and TLS properly configured, it is a solid way to manage passwords in your own environment.