How to Self-host Bitwarden on a Raspberry Pi

Today we are going to take a look at how to install Bitwarden on a Raspberry Pi.

Before we get started, I want to make sure that I highlight that we will be installing Bitwarden RS. Bitwarden RS is an unofficial version of Bitwarden that’s great for self-hosting. Overall, if you’re interested in self-hosting Bitwarden, this is what I consider to be the best option. There are two prerequisites that must be installed (Docker/Portainer, Nginx Proxy Manager). I will link to tutorials in the instructions if you haven’t set those up yet.

To have this exposed outside of your local network, you will need a domain name. If you haven’t purchased one, you can use a free DuckDNS domain name which we will configure in later steps.

1. Instructions - How to Set Up Bitwarden on a Raspberry Pi

1. Ensure that you have Docker and Portainer installed on your Raspberry Pi. Technically, you don’t have to install Portainer, but I find it easier to manage my Docker containers that way, so I’ll be using that to set up Bitwarden.

2. Select Volumes then Add Volume.

bitwarden raspberry pi

3. Add a Name, then Create the volume. This is where all of your important information will be stored, so back up this folder if you’d like to ensure your data is backed up.

bitwarden raspberry pi

4. Select Containers then Add Container.

bitwarden raspberry pi

5. Give the container a Name, then in the Image section, add bitwardenrs/server:latest. Finally, publish a new network port and map the host port 8080 to the container port 80.

bitwarden raspberry pi

6. Select Volumes, then map the /data container path to the Bitwarden volume we created earlier.

 

7. Change the Restart Policy to Always, then Deploy the container.

bitwarden raspberry pi

8. Give the container a few minutes, and it should be healthy.

bitwarden raspberry pi

9. Connect to the IP address of your Raspberry Pi and Port 8080. This is to confirm that everything is loading as expected.

http://[RASPBERRY_PI_IP:8080

2. Reverse Proxy Setup

The recommended approach for exposing Bitwarden outside of your local network is by using a reverse proxy. In this tutorial, I will be using Nginx Proxy Manager which will be hosted on the same Raspberry Pi. If you’d like to use Nginx Proxy Manager, you can learn how to set it up here. Alternatively, you do not have to use Nginx Proxy Manager, or a reverse proxy server hosted on your Raspberry Pi. You can use a separate reverse proxy server if you’d like.

1. Select Proxy Hosts, then Add Proxy Host.

bitwarden raspberry pi

2. Enter in the Domain Name you’d like to use. Leave the scheme as http, enter in the IP address of your Raspberry Pi and port 8080. Select Block Common Exploits and Save.

3. Edit the record we just created, select SSL, then Request a new SSL Certificate. Make sure you enable Force SSL, HTTP/2 Support, and HSTS Enabled. Agree to the terms and Save. The SSL certificate will now be retrieved.

4. When you click the domain name, you will now be brought to the login page for Bitwarden! Create your account so that you can log in.

3. Disable Account Creations

After you’ve created your account, you can disable account creation if you’d like. To do so, stop the Bitwarden container.

1. Inside of the container, select Duplicate/Edit.

2. Add an environment variable named SIGNUPS_ALLOWED with the value false. Then, Deploy the container. When you get a popup stating that a container already exists under that name, Replace it.

3. If you now try and create a new account, you will no longer be able to. However, the account you already created will still exist!

4. Enabling Admin Page

There are various things that you can do with the admin page of Bitwarden RS if you’d like. You can learn about some of those options here. Follow the instructions below to enable the admin page.

1. From the command-line of your Raspberry Pi, enter the command below. In my opinion, it’s easiest to do this from a separate PC so that you can SSH in and copy the string.

openssl rand -base64 48

2. This will create a random string that is 48 characters long. Copy that string and save it.

3. Stop the container. Inside of the container, select Duplicate/Edit.

4. Add an environment variable named ADMIN_TOKEN, then add the 48-character string that you created in the last step. Then, Deploy the container. When you get a popup stating that a container already exists under that name, Replace it. Make sure that you save this 48 character string since you will need it to access the admin page.

5. The admin page will now be accessible by the domain name you’re using and /admin. You can access the admin settings by entering in that 48 character string.

https://[YOUR_DOMAIN_NAME]/admin

5. Conclusion - Self-host Bitwarden on a Raspberry Pi

Bitwarden is awesome, and Bitwarden RS is a great alternative that will allow you to self-host the password manager on a Raspberry Pi. Make sure that you are always using two-factor authentication for your account. This cannot be stated enough.

Thanks a lot for reading the tutorial. As always, if you have any questions, please leave a comment!

This Post Has 13 Comments

  1. Hi. Is the following setup possible?
    I want a combination of the following on a raspberry pi 4. It must act like a server or something and than use openvpn , atc as a NAS AND bitwarden.

    1. You shouldn’t have a problem implementing everything, but you might run into some performance issues. Especially when clients are connected to OpenVPN. Do you have a more powerful device running 24/7 that you can offload some of this to?

  2. Thanks for the article! You picked a great time to post. I am having an issue when I get to requesting the SSL Certificate. After clicking save I get “internal error” with no other details. Do you have any suggestions on how to troubleshoot?

    1. Please disregard. I had bad port forwarding rules on my firewall. Make sure to forward both 80 and 443 to the Raspberry Pi hosting everything! Thanks again.

    2. That error generally occurs because the Let’s Encrypt certificate failed in some capacity. If you have the time (and desire), you can search through the Nginx Proxy Manager logs (through terminal) to find the exact reason the certificate failed, but it generally has something to do with one of the items below:

      1. Did you properly create an A/CNAME record for the domain name, pointing to your external IP address?
      2. Is ports 80/443 port forwarded to your Raspberry Pi?
      3. If you have a firewall, are ports 80/443 allowed?
      4. If you’re using Cloudflare, do you have the DNS record as “DNS Only”?

  3. Hey, thanks a lot for the great tutorial! By far the best and the only one that worked for me.
    I would like to ask, if I have PiVPN setup that is tested and running, can I use that to access my vault instead of Reverse Proxy? I don’t want the Bitwarden server exposed to the internet since it isn’t that necessary.
    The big question is, can I do your setup + a Wiregurard PiVPN on the same Raspbery Pi Zero?

    1. Thanks so much, I’m glad it helped! You CAN do it, but you will most likely have some performance issues. Unfortunately, the Raspberry Pi Zero is not that powerful, plus it does not have gigabit ethernet (which is very important for WireGuard as far as speed goes). So in summary, yes, you can do it, but you might run into some performance issues.

      If you do decide to do this, I would also suggest enabling HTTPS: https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-HTTPS

      Let me know if I can answer anything else!

      1. Hey, thanks for getting back to me! I tried WG on my Pi Zero and Pi 3 B and it’s bottlenecked by my very modest ADSL connection (1Mbps upload speed) running on a 150Mbps router, so Ethernet wouldn’t make it any better I guess!
        I asked a question on your other post about nginx which I was also having a problem with, basically the nginx app staying “unhealthy” and generating an error in the log. I’d appreciate if you take a look at that too!
        Thanks again for your time!

        1. Glad you got your answer! I actually just responded to that, just not sure how much help it will provide. Hopefully with some feedback we will be able to get it working!

          1. Thanks for your help! Do you think it would be something in the sequence of installing/running things? I installed Docker, then Bitwarden Server, then Nginx.
            Btw, is that actually Bitwarden_rs and named Bitwarden/server in Docker? Sorry I’m fairly new to this.
            Thanks again!

          2. I believe that bitwarden/server is different. The image that I use in the tutorial is bitwardenrs/server. Are you using that one or bitwarden/server?

            It’s certainly possible that it’s the order, but I can’t confirm that. Have you tried starting from scratch with a fresh version of Raspberry Pi OS and installing NPM first?

  4. Hi Wundertech. This was the best tutorial I found so far on the internet! Thanks a lot for this, It helped me fix this in one evening on my raspi 2B :)!

    I was wondering, do you also have a tutorial to add nextcloud as a docker container on the pi?

    1. Thank you very much!

      I don’t have a tutorial for that, but I will keep it in mind for future a tutorial!

Leave a Reply

Close Menu