HOW TO INSTALL BITWARDEN ON A RASPBERRY PI WITH REMOTE ACCESS – EPISODE 12

8, Mar 2021 | Raspberry Pi Series | 2 comments

Difficulty=Medium

In today’s episode, we will be showing you how to install Bitwarden on a Raspberry Pi with remote access. This is episode 12 in our Raspberry Pi Series.

Bitwarden is an open-source password vault. It can be used to securely store all your passwords for various online services including banking information in an encrypted vault. You can use unique passwords for every service as Bitwarden has a built-in password manager. It has E2EE (end to end encryption) and with our set up today supports SSL/TLS communication via a Let’s Encrypt certificate.

Bitwarden has apps for every Operating system available. Android and Apple are also supported. With the aid of a browser extension, it can also auto-fill login forms at a click of a button.

There is a Bitwarden app for all Operating systems and mobile devices as well as addon/extensions for all the major browsers which can autofill logins.

Prerequisites:

You will need to have followed our previous episodes in our Raspberry Pi Series but if you just want to follow this guide we will give an overview of what you should already have:

Step 1 – Create Bitwarden Appdata folder

Open up a terminal window and SSH into your Raspberry Pi.

ssh -p PORT [email protected]

Once you have established an SSH connection navigate to your “Appdata” folder (if you have not created an Appdata folder previously then you will need to create this first).

cd /srv/DRIVENAME/Appdata/

Now create the Bitwarden data folder.

mkdir bitwarden

Now navigate into the “bitwarden” folder.

cd bitwarden

Now we need to get the “absolute path” of the bitwarden data folder so we can add this to our stack in step two.

pwd

Once you run the “pwd” command you can now copy into memory the output should look similar to this.

/srv/dev-disk-by-uuid-66a2bf8a-bed9-420a-b77d-ba48bcf3f836/Appdata/bitwarden

Step 2 – Create and deploy the Bitwarden stack.

Log in to your Portainer GUI dashboard.

Click on “Stacks” and “Add Stack“.

Add a name for your stack “bitwarden“.

Copy and paste the following docker-compose data into the “Web editor“. Paste your Bitwarden data folders absolute path into the volumes section before the colon. Also, change the port if needed to suit your setup.

Note: Bitwarden_RS has been renamed to Vaultwarden, the new image is located here: vaultwarden/server

---
version: "2"
services:
  bitwardenrs:
    image: bitwardenrs/server:latest
    container_name: bitwardenrs
    volumes:
      - /srv/dev-disk-by-uuid-66a2bf8a-bed9-420a-b77d-ba48bcf3f836/Appdata/bitwarden:/data/
    ports:
      - 8484:80
    restart: unless-stopped

Once you have finished configuring your stack click on “Deploy the stack“.

Navigate to “Containers” in the left menu.

Your container may say “starting“. This may take some time for the container to deploy this is due to the encryption keys being generated and some other internal processes completing. Please be patient.

Once it has fully deployed it should state “healthy“.

We can test that the container has deployed sucessfully by checking the internal port to see if the Bitwarden login page appears.

Navigate to your browser of choice and enter the following into the address bar.

Note: Please use your Raspberry Pi’s IP address and any custom port you have used.

http://192.168.2.5:8484

We will close this window now as we will not be using bitwarden through the local address. Instead, we are going to use a domain so we can access our Bitwarden vault remotely.

Step 3 – Setting up a subdomain with Cloudflare.

You will need to have an existing Cloudflare account and a domain added to their service. If you have not already done this check out our Episode which will walk you through the process.

Purchasing a Domain name from Namecheap.

Navigate to Cloudflare and log in using your account details. Click on your domain name.

Click on “DNS” tab in the top menu.

In the DNS dashboard click on “Add Record

Under “Type” select “CNAME” from the drop down menu.

Under “Name” add what name you would like the subdomain to be. In our example, we have named our subdomain “vault“.

Unselect “Proxied” so it turns to “DNS only

Note: Later on in this guide once we have added our subdomain to NGINX Proxy Manager we will need to come back into Cloudflare and set this setting back to Proxied.

Click “Save” to finish.

In our example we have just created the subdomain “vault.addicted2tech.net“.

We will now check our new subdomain has propagated and is working correctly.

In a Browser, window enter your new subdomain into the address bar and press enter. What you should see here is the NGINX proxy manager’s “Congratulations!” message.

Note: If you do not see this please wait longer for your domain to fully propagate through the DNS system.

Step 4 – Configuring NGINX Proxy Manager to work with the new Subdomain.

Now we have our Bitwarden container installed and our subdomain configured. We now need to add our subdomain to our NGINX Proxy manager so we can link our domain name to our service.

Log into your NGINX Proxy Manager dashboard and click on the “Proxy Hosts” tab.

Now click on “Add Proxy Host“.

Under “Domain Name” add your subdomain.

Under “Forward Hostname/IP” add your Raspberry Pi’s IP address.

Under “Forward Port” add your custom port. In our example we have used “8484“.

Activate the “Block Common Exploits” button so it turns green.

Then click on the “SSL” tab.

In the SSL tab under “SSL Certificate” click where it says “None” to activate the drop down menu.

Select “Request a new Certificate“.

Activate the “Force SSL”, “HTTP/2 Support” and “I Agree to the Let’s Encrypt Terms of Service” buttons so they turn green.

Then click “Save“.

This may take some time. As a Letsencrypt TLS/SSL certificate is being created and added to your subdomain.

Due to a bug in Nginx Proxy Manager you will have to navigate back into your subdomains settings to re-enable some of the SSL settings.

On the NGINX Proxy manager “Proxy Hosts” dashboard. Click on the “menu icon” at the end of your Subdomain. Then click on “Edit“.

Click on the “SSL” tab and then double-check that both “Force SSL” and “HTTP/2Support” are selected. If they are not then please reselect them to “on“. Then click “Save“.

You can now open a browser window and navigate to your subdomain. You should see the Bitwarden Log In page. You should also have an SSL certificate installed which can be noted by the padlock symbol in the address bar.

Step 5 – Adding an account to Bitwarden.

Click on “Create Account”.

Under “Create Account” Fill out the form with your information and set a secure Strong master password. Use something that you can remember as this is the only password you will ever need to memorize. You will also need to use this password regularly to log into your vault.

Note: We also recommend writing down a physical copy of your master password and storing it in a secure location for example in a safe. This can be used in case you ever forget the master password. (This happens more often than people realize).

Click on “Submit” to create your new account.

Now that your account and vault has been created return to the log in screen and enter your new login credentials.

Click “Log In“.

Welcome to your new self-hosted password vault. You can now start adding your accounts and passwords to your vault.

Note: Remember to use your custom server URL when using Bitwarden applications on other devices. You will not be able to use your account on the proprietary Bitwarden servers.

Note: Add all accounts you will need now. Following Step 6 will disable account creation and only reversing the process will enable future account creation.

Step 6 – Securing your Bitwarden server to prevent public account creation.

Navigate to your Portainer dashboard and log in.

Under “Containers” click on “bitwardenrs“.

In the “Container details” under “Actions” click on “Duplicate/Edit“.

Scroll down to the bottom of the page and under “Advanced container settings” click on the “Env” tab.

In “Env” tab click on “add environment variable” .

In the new empty section under “name” add:

SIGNUPS_ALLOWED

Under “value” add:

false

Click on “Deploy the container” to redeploy the Bitwarden container.

Click “Replace” when prompted.

Click on “Containers” in the left menu and wait for the “bitwardenrs” containers state to change from “starting” to “healthy.

The “Create account” button will still appear on the Bitwarden login page however if someone tries to create a new account it will not work and display an error notice.

Step 7 – Finalizing your subdomain with Cloudflare.

Log back into your Cloudflare account and click on the”DNS” tab.

Click on your subdomain and in the drop down menu click on “DNS only” to change it to “Proxied“.

Then click on “Save“.

This concludes today’s tutorial.

We need your support.

We hope you enjoyed this episode and that it was helpful and you got benefit out of it.

If you did, please consider supporting our channel by Subscribing to our YouTube channel, liking and sharing our content.

You can also make a donation via Paypal if you wished to do so.

If you have any questions or any requests please ask in the comments below or in the comments section on our YouTube episode.

2 Comments

  1. Tyler

    It should be noted that bitwardenrs has changed its name to vaultwarden

    Reply
    • Addicted2Tech

      Thanks for your comment. Vaultwarden is an unofficial Bitwarden server implementation written in Rust. bitwardenrs the docker images has been deprecated and is now known as Vaultwarden. Thank you for letting us know.

      Reply

Submit a Comment

Your email address will not be published.

<a href="https://www.addictedtotech.net/author/attadmin/" target="_self">Addicted2Tech</a>

Addicted2Tech

We love technology and enjoy sharing helpful FREE content for others to enjoy. We believe in community. If you like what we do please support us by sharing and liking our tutorials & Subscribing to our YouTube channel. You can also follow us on social media.

Support Our Work!

Donate Via Patreon

Raspberry Pi 4 Model B [8GB] RAM Single Board Computer

Last update on 2022-05-16 / Affiliate links / Images from Amazon Product Advertising API

CanaKit Raspberry Pi 4 Extreme Kit – 128GB Edition (4GB RAM)

Last update on 2022-05-16 / Affiliate links / Images from Amazon Product Advertising API

We Are An Affiliate!

Just so you know, we may collect a share of sales or other compensation from the links on this page. As an Amazon Associate I earn from qualifying purchases.

The Affiliate link recommendations come at no extra cost to you.

We hope you love the products we recommend!

Thank you if you use our links, we really appreciate it!

Related Posts