Install Vaultwarden with Docker

Vaultwarden is a lightweight, open-source password manager and Bitwarden-compatible server. It lets you self-host your own secure vault for passwords, notes, and other sensitive data — fully under your control.

Prerequisites:

✓ A server running a modern Linux distribution (e.g. Ubuntu 22.04) — Vaultwarden is very lightweight

✓ Docker and Docker Compose installed on the server

✓ A domain name pointing to your server's IP address — required for a secure HTTPS setup

Step 1: Create the Docker Compose File

Create Directory and File

mkdir vaultwarden && cd vaultwarden && nano docker-compose.yml

Paste the following content into the file. This configuration includes Vaultwarden itself and an automatic weekly backup of your vault data:

docker-compose.yml

version: '3' services: vaultwarden: image: vaultwarden/server:latest restart: always volumes: - ./vw-data:/data ports: - 127.0.0.1:8080:80 backup: image: ttionya/vaultwarden-backup:latest restart: always volumes: - ./vw-data:/data - ./backups:/backups environment: - CRON=0 0 * * 0 - BACKUP_ZIP=true - BACKUP_DAYS=7

Binding to 127.0.0.1:8080 ensures Vaultwarden is only accessible locally. External access is handled by the reverse proxy in Step 3.

Step 2: Start the Containers

Launch both the Vaultwarden and backup containers with a single command:

Start Docker Compose

docker compose up -d

Docker will pull the required images and start both containers in the background.

Step 3: Set Up a Reverse Proxy for HTTPS (Required)

A password manager must only be accessed over a secure HTTPS connection. The container exposes the web server on port 8080 locally — this should never be opened directly to the internet.

You must set up a reverse proxy to forward traffic from your public domain (e.g. https://vault.yourdomain.com) to the local Vaultwarden container (http://localhost:8080). The reverse proxy also handles the SSL certificate for HTTPS. Common options are Nginx Proxy Manager, Traefik, or Caddy.

Critical: Never access or use your Vaultwarden instance over an unencrypted HTTP connection. Always use a reverse proxy with a valid SSL certificate before creating any accounts or storing any passwords.

Step 4: Create Your Account

Once your reverse proxy is set up and HTTPS is working, you can create your main account:

1.Open your browser and navigate to your secure domain (e.g. https://vault.yourdomain.com)

2.Click Create Account

3.Fill in your details and set a strong master password — this is the only password you will need to remember

Step 5: Connect Bitwarden Clients

All official Bitwarden browser extensions and mobile apps are fully compatible with your self-hosted Vaultwarden instance:

1.Download the official Bitwarden client for your browser or device

2.Before logging in, click the gear icon ⚙️ to open the settings

3.Enter your full instance URL in the Server URL field (e.g. https://vault.yourdomain.com)

4.Save the settings and log in with the account you created in Step 4

Further Documentation

For advanced configuration options, environment variables, and admin panel setup, refer to the official Vaultwarden documentation.

Vaultwarden Wiki

Bitwarden Clients herunterladen

ON THIS PAGE

Frequently Asked Questions

Getting Started

Server Management & Access

Operating Systems & Control Panels

Hardware & Advanced Topics

Networking, Domains & DNS

Rescue Mode

Backup

Security

Game Servers

Application Management

Application Guides