Vaultwarden, formerly known as Bitwarden_RS, is a self-hosted password manager that allows you to store and manage your passwords securely. By installing Vaultwarden, you can have your own personal password manager that you control.

In this blog post, I’ll guide you through the process of installing Vaultwarden on a Raspberry Pi using Portainer and show you how to set up the mobile client and browser extension for Vaultwarden.

Prerequisites Link to heading

  • Raspberry Pi 4 setup and updated
  • Portainer installed
  • Nginx Proxy Manager service installed

Step 0 - Define local mount folder Link to heading

Service will use local folders, mounted to docker container, to store its data.

For service we will need to create folder:

  • /ssd/vaultwarden/data
mkdir -p /ssd/vaultwarden/data

Step 1 - Install Vaultwarden Link to heading

With Portainer installed, it is possible to start Vaultwarden stack. To do this, follow these steps:

  • Open Portainer in your web browser and navigate to the “Stacks” page
  • Click the “Add stack” button
  • Enter a name for the stack (e.g., “vaultwarden”) and paste the following code into the “Web editor” section:
version: '3'

    external: true
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: always
      - /etc/localtime:/etc/localtime:ro
      - /ssd/vaultwarden/data:/data/:rw

      - "8081:80"
          - vaultwarden
      WEBSOCKET_ENABLED: "true" 
      SIGNUPS_ALLOWED: "true" 

Step 2 - Configure Vaultwarden Link to heading

Once the Vaultwarden container is running, you can access the web interface by navigating to http://<homelab>:8000.

The first time you access the web interface, you’ll be prompted to create an admin account and set up your vault. After you create an account, you can start using Vaultwarden to securely store and manage your passwords.

See the vaultwarden wiki for more information on how to configure and run the vaultwarden server.

Step 3 - Configure Proxy Link to heading

Now your Vaultwarden is accessible on http://<homelab>:8000. Such URLs with port number do not look too friendly. However, there should be Nginx Proxy Manager installed and running already, if followed Homelab. Proxy. It allows to create proxied hosts and assign them nice names:

  • Add new Proxied Host
  • Fill required information
    • Domain names. Assume router is configured to pass domain home to homelab. Then, lets assume vaultwarden should be a subdomain vw. Then define domain name vw.home. It is possible to assing multiple domain names
    • Forward hostname. Both services - vaultwarden and nginx proxy manager are connected to the same network intranet. Thus we can use alias defined to access them. Define vaultwarden
    • Forward port. As defined in stack, vaultwarden should listen on port 8000.

Proxy Host configuration should look like:

Vaultwarden Proxy Host

Step 4 - Set Up the Mobile Client Link to heading

To access your Vaultwarden vault on your mobile device, you can download the Bitwarden mobile app:

Enter your Vaultwarden URL and admin token when prompted.

Step 5 - Set Up Browser Extension Link to heading

To use the browser extension, you can download the Bitwarden browser extension:

Enter your Vaultwarden URL and admin token when prompted.

TO BE CONTINUED… Link to heading

And that’s it! You now have your own personal password manager running on your homelab.

In the following post Homelab. Gitea, I will describe how to install Gitea - a self-hosted Git service that provides a web-based interface for managing Git repositories. It will allow keep source codes for your projects on your own territory.