kelin/EZ-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
56604b77e9ad16a8073527e074ef73cfafa5ce8f
EZ-Homelab/docs/service-docs/vaultwarden.md
kelinfoxy cba45556c7 Complete documentation refactoring with 57 service docs 
- Refactored README.md, getting-started.md, quick-reference.md
- Enhanced setup-homelab.sh with 9-step automated process
- Created services-overview.md with all stacks
- Added comprehensive documentation for 57 services in docs/service-docs/
- All services include: overview, configuration, resources, educational content
- Coverage: Core, Infrastructure, Dashboards, Media, Media-Extended, Home Assistant, Productivity, Utilities, Monitoring, Development stacks
- Educational focus with links to tutorials, videos, and guides
2026-01-12 18:03:12 -05:00

7.1 KiB
Raw Blame History

Vaultwarden - Password Manager

Table of Contents

Overview

Category: Password Management
Docker Image: vaultwarden/server
Default Stack: utilities.yml
Web UI: https://vaultwarden.${DOMAIN} or http://SERVER_IP:8343
Client Apps: Bitwarden apps (iOS, Android, desktop, browser extensions)
Ports: 8343

What is Vaultwarden?

Vaultwarden (formerly Bitwarden_RS) is an unofficial Bitwarden server implementation written in Rust. It's fully compatible with official Bitwarden clients but designed for self-hosting with much lower resource requirements. Store all your passwords, credit cards, secure notes, and identities encrypted on your own server.

Key Features

  • Bitwarden Compatible: Use official apps
  • End-to-End Encryption: Zero-knowledge
  • Cross-Platform: Windows, Mac, Linux, iOS, Android
  • Browser Extensions: Chrome, Firefox, Safari, Edge
  • Password Generator: Strong password creation
  • 2FA Support: TOTP, U2F, Duo
  • Secure Notes: Encrypted notes storage
  • File Attachments: Store encrypted files
  • Collections: Organize passwords
  • Organizations: Family/team sharing
  • Low Resource: <100MB RAM
  • Free & Open Source: No premium required

Why Use Vaultwarden?

  1. Self-Hosted: Control your passwords
  2. Free Premium Features: All features included
  3. Privacy: Passwords never leave your server
  4. Zero-Knowledge: Only you can decrypt
  5. Lightweight: Runs on anything
  6. Bitwarden Apps: Use official clients
  7. Family Sharing: Free organizations
  8. Open Source: Auditable security

Configuration in AI-Homelab

/opt/stacks/utilities/vaultwarden/data/
  db.sqlite3          # Password database (encrypted)
  attachments/        # File attachments
  sends/             # Bitwarden Send files
  config.json        # Configuration

Official Resources

Educational Resources

YouTube Videos

  1. Techno Tim - Vaultwarden Setup

  2. DB Tech - Bitwarden RS (Vaultwarden)

  3. Wolfgang's Channel - Vaultwarden Security

Articles

  1. Official Wiki: https://github.com/dani-garcia/vaultwarden/wiki
  2. Comparison: https://github.com/dani-garcia/vaultwarden/wiki/Which-container-image-to-use

Docker Configuration

vaultwarden:
  image: vaultwarden/server:latest
  container_name: vaultwarden
  restart: unless-stopped
  networks:
    - traefik-network
  ports:
    - "8343:80"
  environment:
    - DOMAIN=https://vaultwarden.${DOMAIN}
    - SIGNUPS_ALLOWED=true  # Disable after creating accounts
    - INVITATIONS_ALLOWED=true
    - SHOW_PASSWORD_HINT=false
    - WEBSOCKET_ENABLED=true
    - SENDS_ALLOWED=true
    - EMERGENCY_ACCESS_ALLOWED=true
  volumes:
    - /opt/stacks/utilities/vaultwarden/data:/data
  labels:
    - "traefik.enable=true"
    - "traefik.http.routers.vaultwarden.rule=Host(`vaultwarden.${DOMAIN}`)"
    - "traefik.http.routers.vaultwarden.entrypoints=websecure"
    - "traefik.http.routers.vaultwarden.tls.certresolver=letsencrypt"
    - "traefik.http.services.vaultwarden.loadbalancer.server.port=80"

Setup

  1. Start Container:

    docker compose up -d vaultwarden

  2. Access Web Vault: https://vaultwarden.yourdomain.com

  3. Create Account:

    • Click "Create Account"
    • Email (for account identification)
    • Strong master password (REMEMBER THIS!)
    • Master password cannot be recovered!
    • Hint (optional, stored in server)

  4. Disable Public Signups: After creating accounts, edit docker-compose.yml:

    - SIGNUPS_ALLOWED=false

    Then: docker compose up -d vaultwarden

  5. Setup Browser Extension:

    • Install Bitwarden extension
    • Settings → Server URL → Custom
    • https://vaultwarden.yourdomain.com
    • Log in with your account

  6. Setup Mobile Apps:

    • Download Bitwarden app
    • Before login, tap settings gear
    • Server URL → Custom
    • https://vaultwarden.yourdomain.com
    • Log in

  7. Enable 2FA (Recommended):

    • Web Vault → Settings → Two-step Login
    • Authenticator App (Free) or
    • Duo, YubiKey, Email (all free in Vaultwarden)
    • Scan QR code with authenticator
    • Save recovery code!

Troubleshooting

Can't Connect from Apps

# Check domain is set
docker exec vaultwarden cat /data/config.json | grep domain

# Verify HTTPS working
curl -I https://vaultwarden.yourdomain.com

# Check logs
docker logs vaultwarden | tail -20

Forgot Master Password

There is NO recovery! Master password cannot be reset. Your vault is encrypted with your master password. Without it, the data cannot be decrypted.

Prevention:

  • Write master password somewhere safe
  • Use a memorable but strong passphrase
  • Consider password hint (stored on server)
  • Print recovery codes for 2FA

Websocket Issues

# Ensure websocket enabled
docker inspect vaultwarden | grep WEBSOCKET

# Should show: WEBSOCKET_ENABLED=true

Backup Vault

# Stop container
docker stop vaultwarden

# Backup data directory
tar -czf vaultwarden-backup-$(date +%Y%m%d).tar.gz \
  /opt/stacks/utilities/vaultwarden/data/

# Start container
docker start vaultwarden

# Or use Backrest/Duplicati for automatic backups

Summary

Vaultwarden is your self-hosted password manager offering:

  • Bitwarden-compatible server
  • All premium features free
  • End-to-end encryption
  • Cross-platform apps
  • Browser extensions
  • Family/team organizations
  • Secure note storage
  • File attachments
  • Very lightweight
  • Free and open-source

Perfect for:

  • Password management
  • Family password sharing
  • Self-hosted security
  • Privacy-conscious users
  • Replacing LastPass/1Password
  • Secure note storage

Key Points:

  • Compatible with Bitwarden clients
  • Master password CANNOT be recovered
  • Disable signups after creating accounts
  • Enable 2FA for security
  • Regular backups critical
  • Set custom server URL in apps
  • HTTPS required for full functionality

Remember:

  • Master password = cannot recover
  • Write it down somewhere safe
  • Enable 2FA immediately
  • Disable public signups
  • Regular backups essential
  • Use official Bitwarden apps
  • HTTPS required for apps

Vaultwarden gives you control of your passwords!

Reference in New Issue View Git Blame Copy Permalink