Install Bitwarden password manager on Ubuntu 22.04

0
48

In this tutorial, you will learn how to install Bitwarden password manager on Ubuntu 22.04. Bitwarden is an “open-source password manager which provides an easiest and safest way for individuals to store, share and secure sensitive data”. Follow through to learn how to install Bitwarden on Ubuntu 22.04.

Install Bitwarden Password Manager on Ubuntu 22.04

Bitwarden is available for individual and organizational use in both free and paid plans.

In this tutorial, we will be learning how to install and setup free version of Bitwarden for individual use.

Minimum System Requirements

Before you can install Bitwarden password manager on Ubuntu 22.04, below are the minimum recommended system requirements that your system should meet;

  • Processor: x64, 2 GHz dual core
  • Memory: 4 GB RAM (system memory)
  • Storage: 25 GB
  • Docker: Engine 19+ and Compose 1.24+

Run System Update

Ensure that your system package cache is up-to-date.

sudo apt update

Set System Domain Name

Bitwarden requires a system domain name while being installed. Therefore, set your system FQDN as follows. Be sure to replace the domain accordingly.

sudo hostnamectl set-hostname passman.kifarunix-demo.com

Install Docker and Docker Compose on Ubuntu 22.04

Bitwarden is deployed using Docker containers through the use of Docker compose.

Install Docker CE on Ubuntu 22.04

In this tutorial, we are using the community Docker edition. Thus, run the command below to install Docker CE on Ubuntu 22.04;

sudo apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/docker-ce.gpg

Using Focal Fossa repos at the moment;

echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable" | sudo tee /etc/apt/sources.list.d/docker-ce.list
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io -y
sudo systemctl enable --now docker

Install Docker Compose on Ubuntu 22.04

Execute the command below to install the current (as of this writing) release of Docker compose;

sudo curl -sL "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

Create Bitwarden Deployment User

As much as this is not necessary, it is recommended that you create a separate user that will be used for the deployment of Bitwarden on Ubuntu 22.04;

Hence;

sudo useradd -G docker,sudo -s /bin/bash -m -d /opt/bitwarden bitwarden

Create the users directory and set proper ownership;

[[ -d /opt/bitwarden ]] || sudo mkdir /opt/bitwarden
sudo chown -R bitwarden: /opt/bitwarden

Install Bitwarden Password Manager on Ubuntu 22.04

Once the above procedures are done, you can now install Bitwarden password manager.

Obtain Bitwarden Hosting Installation ID and Key

Navigate to Bitwarden hosting page and provide your email ID to get the hosting installation ID and key.

Once you enter your email ID, click submit. Such a page is loaded.

Install Bitwarden password manager on Ubuntu 22.04

Keep the installation ID and Key as we will need it later in the installation.

Download Bitwarden Installation Script

Switch to Bitwarden user created above;

sudo su - bitwarden

Run the command below to download the Bitwarden installation script.

sudo apt install curl
curl -Lso bitwarden.sh https://go.btwrdn.co/bw-sh

Make the script executable;

chmod +x bitwarden.sh

Next, install Bitwarden password manager;

sudo ./bitwarden.sh install

When the script runs, you are prompted to;

  • Set your system hostname.
  • Choose whether to use Let’s Encrypt for SSL certificates if your domain is publicly registered
  • Provide the database name for your Bitwarden instance.
  • Provide installation ID generated above.
  • Provide Bitwarden installation key generated above.
  • Confirm if you have an SSL cert or not
  • If you dont have an SSL cert, then use self-signed certs. Note the warning on using self-signed SSL certs.
 _     _ _                         _            
| |__ (_) |___      ____ _ _ __ __| | ___ _ __  
| '_ \| | __\ \ /\ / / _` | '__/ _` |/ _ \ '_ \ 
| |_) | | |_ \ V  V / (_| | | | (_| |  __/ | | |
|_.__/|_|\__| \_/\_/ \__,_|_|  \__,_|\___|_| |_|

Open source password management solutions
Copyright 2015-2022, 8bit Solutions LLC
https://bitwarden.com, https://github.com/bitwarden

===================================================

bitwarden.sh version 1.46.2
Docker version 20.10.12, build e91ed57
docker-compose version 1.29.2, build 5becea4c

(!) Enter the domain name for your Bitwarden instance (ex. bitwarden.example.com): passman.kifarunix-demo.com

(!) Do you want to use Let's Encrypt to generate a free SSL certificate? (y/n): n

(!) Enter the database name for your Bitwarden instance (ex. vault): bitpassdb

1.46.2: Pulling from bitwarden/setup
6552179c3509: Pull complete 
21e1bc814f94: Pull complete 
a66d6e2c6505: Pull complete 
1468e0fc777d: Pull complete 
52220ccf12d8: Pull complete 
274037baa1dc: Pull complete 
cd6708d3da5c: Pull complete 
b96cf08d1413: Pull complete 
12f9a402a6ab: Pull complete 
beab38d582a0: Pull complete 
Digest: sha256:47ab15e658ba482e31ed8d3c1ab6f7555d7be7a63de56cd74aa5920a01d8203c
Status: Downloaded newer image for bitwarden/setup:1.46.2
docker.io/bitwarden/setup:1.46.2

(!) Enter your installation id (get at https://bitwarden.com/host): 8e1...da274

(!) Enter your installation key: lP...kNUd

(!) Do you have a SSL certificate to use? (y/n): n

(!) Do you want to generate a self-signed SSL certificate? (y/n): y

Generating self signed SSL certificate.
Generating a RSA private key
.............++++
.........++++
writing new private key to '/bitwarden/ssl/self/passman.kifarunix-demo.com/private.key'
-----
Generating key for IdentityServer.
Generating a RSA private key
.......................................++++
.............................++++
writing new private key to 'identity.key'
-----

!!!!!!!!!! WARNING !!!!!!!!!!
You are using an untrusted SSL certificate. This certificate will not be 
trusted by Bitwarden client applications. You must add this certificate to 
the trusted store on each device or else you will receive errors when trying 
to connect to your installation.

Building nginx config.
Building docker environment files.
Building docker environment override files.
Building FIDO U2F app id.
Building docker-compose.yml.

Installation complete

If you need to make additional configuration changes, you can modify
the settings in `./bwdata/config.yml` and then run:
`./bitwarden.sh rebuild` or `./bitwarden.sh update`

Next steps, run:
`./bitwarden.sh start`

Running Bitwarden on Ubuntu 22.04

You can now start Bitwarden Docker containers;

sudo ./bitwarden.sh start
...
Creating bitwarden-identity      ... done
Creating bitwarden-icons         ... done
Creating bitwarden-notifications ... done
Creating bitwarden-attachments   ... done
Creating bitwarden-mssql         ... done
Creating bitwarden-sso           ... done
Creating bitwarden-api           ... done
Creating bitwarden-web           ... done
Creating bitwarden-events        ... done
Creating bitwarden-admin         ... done
Creating bitwarden-nginx         ... done
1.46.2: Pulling from bitwarden/setup
Digest: sha256:47ab15e658ba482e31ed8d3c1ab6f7555d7be7a63de56cd74aa5920a01d8203c
Status: Image is up to date for bitwarden/setup:1.46.2
docker.io/bitwarden/setup:1.46.2


Bitwarden is up and running!
===================================================

visit https://passman.kifarunix-demo.com
to update, run `./bitwarden.sh updateself` and then `./bitwarden.sh update

To check Bitwarden containers;

sudo docker ps
CONTAINER ID   IMAGE                            COMMAND            CREATED         STATUS                     PORTS                                                                                    NAMES
6b2b7a18d417   bitwarden/nginx:1.46.2           "/entrypoint.sh"   8 minutes ago   Up 8 minutes (healthy)     80/tcp, 0.0.0.0:80->8080/tcp, :::80->8080/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp   bitwarden-nginx
bec9b762e4fe   bitwarden/admin:1.46.2           "/entrypoint.sh"   9 minutes ago   Up 8 minutes (unhealthy)   5000/tcp                                                                                 bitwarden-admin
f8e6dd8a1b4a   bitwarden/api:1.46.2             "/entrypoint.sh"   9 minutes ago   Up 8 minutes (healthy)     5000/tcp                                                                                 bitwarden-api
ea2b527ea0ef   bitwarden/web:2.26.1             "/entrypoint.sh"   9 minutes ago   Up 8 minutes (healthy)                                                                                              bitwarden-web
22ace70438f2   bitwarden/sso:1.46.2             "/entrypoint.sh"   9 minutes ago   Up 8 minutes (unhealthy)   5000/tcp                                                                                 bitwarden-sso
2b7c3b31500c   bitwarden/attachments:1.46.2     "/entrypoint.sh"   9 minutes ago   Up 8 minutes (healthy)                                                                                              bitwarden-attachments
a2e1fc239c42   bitwarden/events:1.46.2          "/entrypoint.sh"   9 minutes ago   Up 8 minutes (healthy)     5000/tcp                                                                                 bitwarden-events
c710843e8a3f   bitwarden/mssql:1.46.2           "/entrypoint.sh"   9 minutes ago   Up 8 minutes (unhealthy)                                                                                            bitwarden-mssql
58d523eff765   bitwarden/notifications:1.46.2   "/entrypoint.sh"   9 minutes ago   Up 8 minutes (healthy)     5000/tcp                                                                                 bitwarden-notifications
3457ed97d3f8   bitwarden/icons:1.46.2           "/entrypoint.sh"   9 minutes ago   Up 8 minutes (healthy)     5000/tcp                                                                                 bitwarden-icons
8d7ec7b820ab   bitwarden/identity:1.46.2        "/entrypoint.sh"   9 minutes ago   Up 8 minutes (healthy)     5000/tcp                                                                                 bitwarden-identity

Accessing Bitwarden Web Interface

The installation of Bitwarden is now complete. You can access the web interface using the https://bitwarden-server-fqdn. Replace the bitwarden-server-fqdn with your system fully qualified domain name provided during the setup process.

Ensure that from the workstation you are accessing Bitwarden from can resolve the Bitwarden hostname. Otherwise use the hosts file if you do not have DNS.

Install Bitwarden password manager on Ubuntu 22.04

Create a new account to access your Bitwarden secure vault by clicking Create Account.

Install Bitwarden password manager on Ubuntu 22.04

Once you have created an account, login to your Bitwarden vault.

Install Bitwarden password manager on Ubuntu 22.04

Verifying Self-hosted Bitwarden Email

In order to verify Self-hosted Bitwarden email, we are going to use local Postfix relay via Gmail SMTP. Therefore, install and configure Postfix to use Gmail SMTP relay by following the guide below;

Configure Postfix to Use Gmail SMTP on Ubuntu 20.04

Next, configure Postfix to allow Bitwarden docker containers to sent emails through it. How I did this, i just greped the docker IP addresses;

ip add | grep 172.
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
    inet 172.18.0.1/16 brd 172.18.255.255 scope global br-675f01731daf
    inet 172.19.0.1/16 brd 172.19.255.255 scope global br-5a213c833ae2

Then, edit postfix main conf and add the Bitwarden docker container networks to mynetworks parameter.

sudo vim /etc/postfix/main.cf
...
mydestination = $myhostname, bitwarden.kifarunix-demo.com, localhost.kifarunix-demo.com, , localhost
relayhost = [smtp.gmail.com]:587
mynetworks = 127.0.0.0/8 172.17.0.0/16 172.18.0.0/16 172.19.0.0/16 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
...

Save and exit the file.

Check Postfix Configuration

Run the postfix check command to check the Postfix configuration for any error. Any error should printed on the output.

sudo postfix check

Restart postfix;

sudo systemctl restart postfix

Next, configure Postfix SMTP mail server IP address and Port settings by editing the environment settings file, ./bwdata/env/global.override.env. The file is on the home directory of the user with which you ran the installations, in this setup is bitwarden user created above.

sudo vim ./bwdata/env/global.override.env

In our setup, we are using Postfix on the localhost, hence only the lines, highlighted we used.

...
[email protected]
globalSettings__mail__smtp__host=192.168.57.43
globalSettings__mail__smtp__port=25
globalSettings__mail__smtp__ssl=false
globalSettings__mail__smtp__username=REPLACE
globalSettings__mail__smtp__password=REPLACE
....

Save and exit the file.

Restart Bitwarden Services;

sudo ./bitwarden.sh restart

Once the services start, go back to the web interface and sent the verification mail.

Once you have verified the email, the verify email notification on the dashboard should now be gone.

Install Bitwarden password manager on Ubuntu 22.04

And that is how easy it is to install Bitwarden password manager on Ubuntu 22.04. You can now safely store your passwords in your safe vault. Enjoy.

Read more on Getting Started with Bitwarden.

Reference

Installing and Deploying Bitwarden

Other Tutorials

Install Passbolt Password Manager on Rocky Linux 8

Configure OpenLDAP Password Expiry Email Notification

LEAVE A REPLY

Please enter your comment!
Please enter your name here