AndreiC.
08-25-2025, 11:23 AM
Let's be real, you have way too many passwords to remember. While services like LastPass or 1Password are great, why pay a subscription when you can get the ultimate in privacy and control by hosting your own? We're going to set up Vaultwarden, a super lightweight, open-source version of a Bitwarden server that you can run on your own cheap VPS hosting (https://www.enginyring.com/en/virtual-servers) plan.
Step 1: Get Your Server Ready
Alright, first things first. SSH into your server. Before we start installing stuff, it's always a good idea to make sure your system is up to date.
For Debian/Ubuntu systems:
sudo apt update && sudo apt upgrade -y
For RHEL/CentOS/Rocky Linux systems:
sudo dnf update -y
Step 2: Get Docker Installed
We're going to use Docker because it keeps things clean and simple. The easiest way to get it on pretty much any Linux system is with their official script.
# This script handles setup for Debian and RHEL-based systems
curl -sSL https://get.docker.com/ | sh
Now, let's start it up and make sure it runs on boot
sudo systemctl start docker
sudo systemctl enable docker
You'll also need the Docker Compose plugin, which lets us use simple config files.
For Debian/Ubuntu systems:
sudo apt-get install docker-compose-plugin -y
For RHEL/CentOS/Rocky Linux systems:
sudo dnf install docker-compose-plugin -y
Step 3: Install Vaultwarden
Okay, now for the fun part. Getting Vaultwarden itself up and running is surprisingly easy.
First, let's make a folder for it so our files aren't all over the place.
mkdir vaultwarden
cd vaultwarden
Now, we'll create a docker-compose.yml file. This is just a simple text file that tells Docker what to do.
nano docker-compose.yml
Paste this block of text in. It tells Docker to grab the latest Vaultwarden image, keep it running, save its data in a folder called vw-data, and open up a port for it.
version: '3'
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: always
volumes:
- ./vw-data:/data
ports:
- '8080:80'
Save and close the file (Ctrl+X, then Y, then Enter).
Now, just tell Docker to fire it up!
sudo docker compose up -d
Step 4: Don't Skip This! (Making it Secure)
Okay, this next part is super important. You absolutely cannot run a password manager over an unencrypted connection. That's just asking for trouble. We need to set it up with a proper domain name and an SSL certificate so everything is locked down with HTTPS.
A. Point Your Domain
Grab a domain if you don't have one. It's cheap and easy with any domain registration (https://www.enginyring.com/en/domains) service. Then, hop into your DNS settings and create an 'A' record. Point a subdomain like vault.yourcoolname.com to your server's IP.
B. Install Nginx
We'll use Nginx as a reverse proxy. Think of it as a traffic cop that takes all the requests coming to your domain and securely forwards them to the Vaultwarden app running inside Docker.
For Debian/Ubuntu systems:
sudo apt install nginx -y
For RHEL/CentOS/Rocky Linux systems:
sudo dnf install nginx -y
C. Set up the Nginx Config
Let's create a config file for our vault site.
sudo nano /etc/nginx/sites-available/vaultwarden.conf
Paste this in, but make sure to change vault.yourdomain.com to whatever subdomain you're using.
server {
listen 80;
server_name vault.yourdomain.com;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Now, we just need to enable that config.
sudo ln -s /etc/nginx/sites-available/vaultwarden.conf /etc/nginx/sites-enabled/
D. Get a Free SSL Certificate
We'll use Certbot to get a free SSL cert from Let's Encrypt. It's awesome.
For Debian/Ubuntu systems:
sudo apt install certbot python3-certbot-nginx -y
For RHEL/CentOS/Rocky Linux systems:
sudo dnf install certbot python3-certbot-nginx -y
Now run Certbot and let it do its magic. It'll automatically find your Nginx config and handle everything.
sudo certbot --nginx
Just follow the prompts, and you'll be all set. You can now go to https://vault.yourdomain.com and create your account.
If messing with Nginx configs in the command line isn't your cup of tea, you can try using our one of our tools to make your life (a little bit) easier:
- Webserver Configuration tuner (https://www.enginyring.com/tools/webtuner)
- Certbot/Letsencrypt syntax generator (https://www.enginyring.com/tools/ssltls)
And that's it! Go create your account and start using your very own private, secure password manager.
Enjoy!
Step 1: Get Your Server Ready
Alright, first things first. SSH into your server. Before we start installing stuff, it's always a good idea to make sure your system is up to date.
For Debian/Ubuntu systems:
sudo apt update && sudo apt upgrade -y
For RHEL/CentOS/Rocky Linux systems:
sudo dnf update -y
Step 2: Get Docker Installed
We're going to use Docker because it keeps things clean and simple. The easiest way to get it on pretty much any Linux system is with their official script.
# This script handles setup for Debian and RHEL-based systems
curl -sSL https://get.docker.com/ | sh
Now, let's start it up and make sure it runs on boot
sudo systemctl start docker
sudo systemctl enable docker
You'll also need the Docker Compose plugin, which lets us use simple config files.
For Debian/Ubuntu systems:
sudo apt-get install docker-compose-plugin -y
For RHEL/CentOS/Rocky Linux systems:
sudo dnf install docker-compose-plugin -y
Step 3: Install Vaultwarden
Okay, now for the fun part. Getting Vaultwarden itself up and running is surprisingly easy.
First, let's make a folder for it so our files aren't all over the place.
mkdir vaultwarden
cd vaultwarden
Now, we'll create a docker-compose.yml file. This is just a simple text file that tells Docker what to do.
nano docker-compose.yml
Paste this block of text in. It tells Docker to grab the latest Vaultwarden image, keep it running, save its data in a folder called vw-data, and open up a port for it.
version: '3'
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: always
volumes:
- ./vw-data:/data
ports:
- '8080:80'
Save and close the file (Ctrl+X, then Y, then Enter).
Now, just tell Docker to fire it up!
sudo docker compose up -d
Step 4: Don't Skip This! (Making it Secure)
Okay, this next part is super important. You absolutely cannot run a password manager over an unencrypted connection. That's just asking for trouble. We need to set it up with a proper domain name and an SSL certificate so everything is locked down with HTTPS.
A. Point Your Domain
Grab a domain if you don't have one. It's cheap and easy with any domain registration (https://www.enginyring.com/en/domains) service. Then, hop into your DNS settings and create an 'A' record. Point a subdomain like vault.yourcoolname.com to your server's IP.
B. Install Nginx
We'll use Nginx as a reverse proxy. Think of it as a traffic cop that takes all the requests coming to your domain and securely forwards them to the Vaultwarden app running inside Docker.
For Debian/Ubuntu systems:
sudo apt install nginx -y
For RHEL/CentOS/Rocky Linux systems:
sudo dnf install nginx -y
C. Set up the Nginx Config
Let's create a config file for our vault site.
sudo nano /etc/nginx/sites-available/vaultwarden.conf
Paste this in, but make sure to change vault.yourdomain.com to whatever subdomain you're using.
server {
listen 80;
server_name vault.yourdomain.com;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Now, we just need to enable that config.
sudo ln -s /etc/nginx/sites-available/vaultwarden.conf /etc/nginx/sites-enabled/
D. Get a Free SSL Certificate
We'll use Certbot to get a free SSL cert from Let's Encrypt. It's awesome.
For Debian/Ubuntu systems:
sudo apt install certbot python3-certbot-nginx -y
For RHEL/CentOS/Rocky Linux systems:
sudo dnf install certbot python3-certbot-nginx -y
Now run Certbot and let it do its magic. It'll automatically find your Nginx config and handle everything.
sudo certbot --nginx
Just follow the prompts, and you'll be all set. You can now go to https://vault.yourdomain.com and create your account.
If messing with Nginx configs in the command line isn't your cup of tea, you can try using our one of our tools to make your life (a little bit) easier:
- Webserver Configuration tuner (https://www.enginyring.com/tools/webtuner)
- Certbot/Letsencrypt syntax generator (https://www.enginyring.com/tools/ssltls)
And that's it! Go create your account and start using your very own private, secure password manager.
Enjoy!