Vaultwarden (formerly Bitwarden_RS) is a lightweight, open-source password management server designed to be an alternative to the official Bitwarden server. It offers an efficient, self-hosted solution to securely manage passwords, notes, and sensitive data. Vaultwarden is ideal for home labs due to its minimal resource requirements and robust feature set.
Deploying Vaultwarden with Docker Compose ensures ease of setup, portability, and maintainability. Below is the configuration file:
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: unless-stopped
environment:
DOMAIN: "https://vaultwarden.lan" # Replace with your domain or IP
ADMIN_TOKEN: "<secure-random-token>" # Replace with a secure admin token
LOG_LEVEL: "info" # Adjust log verbosity (debug, info, warn, error)
ports:
- "80:80" # HTTP port
- "443:443" # HTTPS port
volumes:
- vaultwarden-data:/data
networks:
- vaultwarden-net
volumes:
vaultwarden-data:
networks:
vaultwarden-net:
driver: bridge
vaultwarden/server:latest image provides the latest stable release.vaultwarden for clarity and easy identification in Docker commands.https://vaultwarden.lan with your domain or IP.openssl rand -base64 48
info, but you can use debug, warn, or error based on your monitoring needs.vaultwarden-data: Persists all Vaultwarden data, including user credentials and server configurations, across container restarts and updates.Prepare Your Environment
Create the docker-compose.yml File
docker-compose.yml in your preferred directory.Generate an Admin Token
openssl rand -base64 48
<secure-random-token> in the ADMIN_TOKEN field with the generated token.Start the Service
docker-compose up -d
Access Vaultwarden
http://<server-ip> (or https://<your-domain> if HTTPS is configured).Admin Panel
http://<server-ip>/admin (or https://<your-domain>/admin) using the ADMIN_TOKEN.Enable HTTPS:
Firewall Configuration:
/admin) to trusted IPs using a firewall or reverse proxy.Regular Backups:
vaultwarden-data volume to prevent data loss:docker run --rm -v vaultwarden-data:/data -v $(pwd):/backup alpine tar czf /backup/vaultwarden-backup.tar.gz /data
Use a Strong Admin Token:
ADMIN_TOKEN is a long, unique string to prevent unauthorized admin access.Lightweight and Efficient:
Self-Hosted Privacy:
Feature-Rich:
Cost-Effective:
Container Won't Start:
docker logs vaultwarden
Access Issues:
DOMAIN variable.Admin Panel Not Accessible:
ADMIN_TOKEN is correctly set and retry.Vaultwarden is a powerful, lightweight solution for self-hosting your password manager. By following this guide, you'll have a secure and reliable service tailored to your home lab environment.