How to Setup a Self-Hosted Bitwarden on Raspberry Pi
Bitwarden is a popular open-source password manager that allows you to securely store and manage your passwords and other sensitive information. Hosting Bitwarden on your Raspberry Pi is a cost-effective solution that gives you full control over your data. This guide will walk you through the steps to set up a self-hosted Bitwarden instance on your Raspberry Pi.
Prerequisites
Before starting, ensure you have the following:
- Raspberry Pi 3 or later (preferably Raspberry Pi 4 for better performance)
- MicroSD card with Raspberry Pi OS installed
- Stable internet connection
- A domain name (optional, but recommended for HTTPS)
- Access to the command line (via monitor and keyboard or SSH)
Step 1: Update and Upgrade Your Raspberry Pi
First, make sure your Raspberry Pi is up to date.
- Open a terminal on your Raspberry Pi or SSH into it.
- Run the following commands to update and upgrade your system:
sudo apt update
sudo apt upgrade -y
Step 2: Install Docker and Docker Compose
Bitwarden uses Docker to run its services. Install Docker and Docker Compose on your Raspberry Pi.
- Install Docker:
curl -sSL https://get.docker.com | sh
sudo usermod -aG docker pi
Log out and back in or run newgrp docker to apply the Docker group changes.
- Install Docker Compose:
sudo apt install -y python3-pip
sudo pip3 install docker-compose
Step 3: Setup Bitwarden Using Docker Compose
- Create a Directory for Bitwarden:
mkdir ~/bitwarden
cd ~/bitwarden
- Create a Docker Compose File:
Create a docker-compose.yml file in the bitwarden directory with the following content:
version: '3'
services:
bitwarden:
image: bitwardenrs/server:latest
container_name: bitwarden
restart: always
volumes:
- ./bw-data:/data
ports:
- "80:80"
- "443:443"
environment:
WEBSOCKET_ENABLED: "true" # Enable WebSocket notifications
SIGNUPS_ALLOWED: "false" # Disable signups (set to "true" to allow)
- Start Bitwarden:
docker-compose up -d
Step 4: Configure Bitwarden
- Access Bitwarden:
Open a web browser and navigate to your Raspberry Pi's IP address. If you're using a domain, navigate to your domain.
- Create an Account:
Sign up for a new account. If you set SIGNUPS_ALLOWED to false, you'll need to change it to true temporarily to create the initial account.
- Secure Bitwarden with HTTPS (Optional but Recommended):
It's highly recommended to secure your Bitwarden instance with HTTPS. You can use Let's Encrypt to obtain a free SSL certificate.
- Install Certbot:
sudo apt install certbot
- Obtain a Certificate:
Replace <your_domain> with your actual domain name.
sudo certbot certonly --standalone -d <your_domain>
- Modify Docker Compose File for HTTPS:
Update the docker-compose.yml file to include SSL certificates.
version: '3'
services:
bitwarden:
image: bitwardenrs/server:latest
container_name: bitwarden
restart: always
volumes:
- ./bw-data:/data
- /etc/letsencrypt/live/<your_domain>/fullchain.pem:/ssl/fullchain.pem:ro
- /etc/letsencrypt/live/<your_domain>/privkey.pem:/ssl/privkey.pem:ro
ports:
- "80:80"
- "443:443"
environment:
WEBSOCKET_ENABLED: "true"
SIGNUPS_ALLOWED: "false"
DOMAIN: "https://<your_domain>"
SSL_CERT: "/ssl/fullchain.pem"
SSL_KEY: "/ssl/privkey.pem"
- Restart Bitwarden:
docker-compose down
docker-compose up -d
Step 5: Maintain Your Bitwarden Instance
- Backup Your Data:
Regularly back up your Bitwarden data stored in the bw-data directory.
tar -czvf bw-data-backup.tar.gz ~/bitwarden/bw-data
- Update Bitwarden:
To update Bitwarden, pull the latest image and restart the container.
docker-compose pull
docker-compose up -d
Conclusion
By setting up a self-hosted Bitwarden instance on your Raspberry Pi, you can securely manage your passwords and sensitive information with full control over your data. With Docker and Docker Compose, the setup process is straightforward and manageable. Enjoy the peace of mind that comes with having your own password manager under your control.