In /etc/ssh/sshd_config
, add Port <new_port_number>
(or modify the port if the line already exists). This will prevent random attempts at accessing the server through ssh.
Run sudo systemctl restart ssh
to restart the ssh service. Next time you ssh in, it will be on the new port.
Original bitwarden guide. This is where the user and group setup came from.
sudo apt install docker.io docker-compose certbot apache2-utils
sudo adduser bitwarden
sudo groupadd docker
sudo usermod -aG docker bitwarden
su bitwarden
cd ~
certbot certonly -d <domain>
The certs will be placed in /etc/letsencrypt/live/<domain>
Everything from here on out will assume you are logged in as the user bitwarden
and starting in the home directory.
mkdir vaultwarden
- Copy the
docker-compose.yml
andnginx.conf
files into~/vaultwarden
. - Open
vaultwarden/docker-compose.yml
and replace any instance of<domain>
with your domain. The domain will be in the formhost.domain.tld
. - Open
vaultwarden/nginx.conf
and replace any instance of<domain>
with your domain, in the same form as before. mkdir vaultwarden/vw-data
. This needs to be done because vaultwarden will be run as the bitwarden user. If thevw-data
directory is not created manually, docker will create it using the root user and vaultwarden will not be able to write to that directory.
First, generate a token to be used to access the admin page:
openssl rand -base64 48
Copy the result, open docker-compose.yml
and replace <admin_token>
with the result.
Next is to set a username and password to access the admin site. This is a bit redundant, but gives two layers of security.
htpasswd -cB vaultwarden/.htpasswd <username>
- Log into your account on sendgrid.com. Create an account if you don't already have one.
- Authenticate your domain. If you have already done this, skip to step 3.
a. On the left pane expand
Settings
and selectSender Authentication
. b. UnderSender Identity
thenDomain Authentication
clickAuthenticate Your Domain
. c. Follow the steps provided. - Setup an SMTP Relay. If you have already done this skip to step 4, but make sure you have the password (api key).
a. On the left pane expand
Email API
and selectIntegration Guide
. b. Choose SMTP Relay c. Follow the steps provided and copy the generated password (api key) to someplace secure. d. To verify that the SMTP relay is working, run the vaultwarden server and create a user. Login as that user and verify the email address. This should send an email and sendgrid.com can use that email as verification. - Open
docker-compose.yml
and replace<sendgrid_apikey>
with the send grid apikey.
Switch to the bitwarden user if needed (su bitwarden
) and navigate to the bitwarden home directory (cd ~
). Then run:
docker-compose up -d
docker-compose down
docker-compose stop
docker-compose pull
docker-compose start