kelin/EZ-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
52e3d6e2af3047ef2fc4f9e13e987c5bf35198e6
EZ-Homelab/docs/service-docs/vaultwarden.md
kelinfoxy cba45556c7 Complete documentation refactoring with 57 service docs 
- Refactored README.md, getting-started.md, quick-reference.md
- Enhanced setup-homelab.sh with 9-step automated process
- Created services-overview.md with all stacks
- Added comprehensive documentation for 57 services in docs/service-docs/
- All services include: overview, configuration, resources, educational content
- Coverage: Core, Infrastructure, Dashboards, Media, Media-Extended, Home Assistant, Productivity, Utilities, Monitoring, Development stacks
- Educational focus with links to tutorials, videos, and guides
2026-01-12 18:03:12 -05:00

256 lines
7.1 KiB
Markdown
Raw Blame History

# Vaultwarden - Password Manager
## Table of Contents
- [Overview](#overview)
- [What is Vaultwarden?](#what-is-vaultwarden)
- [Why Use Vaultwarden?](#why-use-vaultwarden)
- [Configuration in AI-Homelab](#configuration-in-ai-homelab)
- [Official Resources](#official-resources)
- [Educational Resources](#educational-resources)
- [Docker Configuration](#docker-configuration)
- [Setup](#setup)
- [Troubleshooting](#troubleshooting)
## Overview
**Category:** Password Management
**Docker Image:** [vaultwarden/server](https://hub.docker.com/r/vaultwarden/server)
**Default Stack:** `utilities.yml`
**Web UI:** `https://vaultwarden.${DOMAIN}` or `http://SERVER_IP:8343`
**Client Apps:** Bitwarden apps (iOS, Android, desktop, browser extensions)
**Ports:** 8343
## What is Vaultwarden?
Vaultwarden (formerly Bitwarden_RS) is an unofficial Bitwarden server implementation written in Rust. It's fully compatible with official Bitwarden clients but designed for self-hosting with much lower resource requirements. Store all your passwords, credit cards, secure notes, and identities encrypted on your own server.
### Key Features
- **Bitwarden Compatible:** Use official apps
- **End-to-End Encryption:** Zero-knowledge
- **Cross-Platform:** Windows, Mac, Linux, iOS, Android
- **Browser Extensions:** Chrome, Firefox, Safari, Edge
- **Password Generator:** Strong password creation
- **2FA Support:** TOTP, U2F, Duo
- **Secure Notes:** Encrypted notes storage
- **File Attachments:** Store encrypted files
- **Collections:** Organize passwords
- **Organizations:** Family/team sharing
- **Low Resource:** <100MB RAM
- **Free & Open Source:** No premium required
## Why Use Vaultwarden?
1. **Self-Hosted:** Control your passwords
2. **Free Premium Features:** All features included
3. **Privacy:** Passwords never leave your server
4. **Zero-Knowledge:** Only you can decrypt
5. **Lightweight:** Runs on anything
6. **Bitwarden Apps:** Use official clients
7. **Family Sharing:** Free organizations
8. **Open Source:** Auditable security
## Configuration in AI-Homelab
```
/opt/stacks/utilities/vaultwarden/data/
db.sqlite3 # Password database (encrypted)
attachments/ # File attachments
sends/ # Bitwarden Send files
config.json # Configuration
```
## Official Resources
- **GitHub:** https://github.com/dani-garcia/vaultwarden
- **Wiki:** https://github.com/dani-garcia/vaultwarden/wiki
- **Bitwarden Apps:** https://bitwarden.com/download/
## Educational Resources
### YouTube Videos
1. **Techno Tim - Vaultwarden Setup**
- https://www.youtube.com/watch?v=yzjgD3hIPtE
- Complete setup guide
- Browser extension configuration
- Organization setup
2. **DB Tech - Bitwarden RS (Vaultwarden)**
- https://www.youtube.com/watch?v=2IceFM4BZqk
- Docker deployment
- App configuration
- Security best practices
3. **Wolfgang's Channel - Vaultwarden Security**
- https://www.youtube.com/watch?v=ViR021iiR5Y
- Security hardening
- 2FA setup
- Backup strategies
### Articles
1. **Official Wiki:** https://github.com/dani-garcia/vaultwarden/wiki
2. **Comparison:** https://github.com/dani-garcia/vaultwarden/wiki/Which-container-image-to-use
## Docker Configuration
```yaml
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: unless-stopped
networks:
- traefik-network
ports:
- "8343:80"
environment:
- DOMAIN=https://vaultwarden.${DOMAIN}
- SIGNUPS_ALLOWED=true # Disable after creating accounts
- INVITATIONS_ALLOWED=true
- SHOW_PASSWORD_HINT=false
- WEBSOCKET_ENABLED=true
- SENDS_ALLOWED=true
- EMERGENCY_ACCESS_ALLOWED=true
volumes:
- /opt/stacks/utilities/vaultwarden/data:/data
labels:
- "traefik.enable=true"
- "traefik.http.routers.vaultwarden.rule=Host(`vaultwarden.${DOMAIN}`)"
- "traefik.http.routers.vaultwarden.entrypoints=websecure"
- "traefik.http.routers.vaultwarden.tls.certresolver=letsencrypt"
- "traefik.http.services.vaultwarden.loadbalancer.server.port=80"
```
## Setup
1. **Start Container:**
```bash
docker compose up -d vaultwarden
```
2. **Access Web Vault:** `https://vaultwarden.yourdomain.com`
3. **Create Account:**
- Click "Create Account"
- Email (for account identification)
- Strong master password (REMEMBER THIS!)
- Master password cannot be recovered!
- Hint (optional, stored in server)
4. **Disable Public Signups:**
After creating accounts, edit docker-compose.yml:
```yaml
- SIGNUPS_ALLOWED=false
```
Then: `docker compose up -d vaultwarden`
5. **Setup Browser Extension:**
- Install Bitwarden extension
- Settings → Server URL → Custom
- `https://vaultwarden.yourdomain.com`
- Log in with your account
6. **Setup Mobile Apps:**
- Download Bitwarden app
- Before login, tap settings gear
- Server URL → Custom
- `https://vaultwarden.yourdomain.com`
- Log in
7. **Enable 2FA (Recommended):**
- Web Vault → Settings → Two-step Login
- Authenticator App (Free) or
- Duo, YubiKey, Email (all free in Vaultwarden)
- Scan QR code with authenticator
- Save recovery code!
## Troubleshooting
### Can't Connect from Apps
```bash
# Check domain is set
docker exec vaultwarden cat /data/config.json | grep domain
# Verify HTTPS working
curl -I https://vaultwarden.yourdomain.com
# Check logs
docker logs vaultwarden | tail -20
```
### Forgot Master Password
**There is NO recovery!** Master password cannot be reset. Your vault is encrypted with your master password. Without it, the data cannot be decrypted.
**Prevention:**
- Write master password somewhere safe
- Use a memorable but strong passphrase
- Consider password hint (stored on server)
- Print recovery codes for 2FA
### Websocket Issues
```bash
# Ensure websocket enabled
docker inspect vaultwarden | grep WEBSOCKET
# Should show: WEBSOCKET_ENABLED=true
```
### Backup Vault
```bash
# Stop container
docker stop vaultwarden
# Backup data directory
tar -czf vaultwarden-backup-$(date +%Y%m%d).tar.gz \
/opt/stacks/utilities/vaultwarden/data/
# Start container
docker start vaultwarden
# Or use Backrest/Duplicati for automatic backups
```
## Summary
Vaultwarden is your self-hosted password manager offering:
- Bitwarden-compatible server
- All premium features free
- End-to-end encryption
- Cross-platform apps
- Browser extensions
- Family/team organizations
- Secure note storage
- File attachments
- Very lightweight
- Free and open-source
**Perfect for:**
- Password management
- Family password sharing
- Self-hosted security
- Privacy-conscious users
- Replacing LastPass/1Password
- Secure note storage
**Key Points:**
- Compatible with Bitwarden clients
- Master password CANNOT be recovered
- Disable signups after creating accounts
- Enable 2FA for security
- Regular backups critical
- Set custom server URL in apps
- HTTPS required for full functionality
**Remember:**
- Master password = cannot recover
- Write it down somewhere safe
- Enable 2FA immediately
- Disable public signups
- Regular backups essential
- Use official Bitwarden apps
- HTTPS required for apps
Vaultwarden gives you control of your passwords!
Reference in New Issue View Git Blame Copy Permalink