22. March 2022

How to install Bitwarden Password Manager on CentOS Stream 8

By H. Cemre Günay

Bitwarden is an open-source solution that lets you manage your accounts and protect them with passwords of varying complexity. For this purpose, the program also offers a two-step authentication process, among other things.

As with most popular password managers, Bitwarden secures data using 256-bit AES encryption. The data vault is then accessed via a master password, which they must assign during the installation process.

The Bitwarden desktop client for Windows, Linux or macOS is available for download on the project’s website. The free app for Android and iOS, on the other hand, can be downloaded directly from the Google Play Store or the Apple Store. Alternatively, you can also open Bitwarden via a web browser and thus, for example, also conveniently retrieve your data recorded on the iPad via the PC.

I want to show you on how to install Bitwarden password manager locally on your server and host it yourself on CentOS Steam 8. You can find all the details about installation and configuration on the Bitwarden website https://bitwarden.com/help/install-on-premise-linux/.

Step 1: Configure your Domain

By default, Bitwarden will be served through ports 80 (http) and 443 (https) on the host machine. Open these ports so that Bitwarden can be accessed from within and/or outside of the network. You may opt to choose different ports during installation.

I recommend configuring a domain name with DNS records that point to your host machine (for example, (bitwarden.example.com), especially if you are serving Bitwarden over the internet.

Step 2: Install Docker and Docker Compose

For this Part I have written 3 Blog post for Docker, Docker Compose and Portainer which you can find here:

Step 3: Get Installation ID and Key

Visit https://bitwarden.com/host/ to get your personalized Installation ID and Key, which you will need later in the installation process

After you submit your Email Address you will immidiately get your Installation ID and key.

Step 4: Create Bitwarden Local User & Directory

Bitwarden recommends configuring your Linux server with a dedicated bitwarden service account, from which to install and run Bitwarden. Doing so will isolate your Bitwarden instance from other applications running on your server.

These steps are Bitwarden-recommended best practices, but are not required. 

# Create a bitwarden user:
sudo adduser bitwarden

# Set password for bitwarden user (strong password):
sudo passwd bitwarden

# Create a docker group (if it doesn’t already exist):
sudo groupadd docker

# Add the bitwarden user to the docker group:
sudo usermod -aG docker bitwarden

# Create a bitwarden directory:
sudo mkdir /opt/bitwarden

# Set permissions for the /opt/bitwarden directory:
sudo chmod -R 700 /opt/bitwarden

# Set the bitwarden user ownership of the /opt/bitwarden directory:
sudo chown -R bitwarden:bitwarden /opt/bitwarden

Step 5: Install Bitwarden

Bitwarden provides a shell script for easy installation on Linux and macOS (Bash), or Windows (PowerShell). Complete the following steps to install Bitwarden using the shell script:

# Download the Bitwarden installation script (bitwarden.sh) to your machine:
curl -Lso bitwarden.sh https://go.btwrdn.co/bw-sh && chmod 700 bitwarden.sh

# Run the installer script. A ./bwdata directory will be created relative to the location of bitwarden.sh.
./bitwarden.sh install

Complete the prompts in the installer:

  • Enter the domain name for your Bitwarden instance:Typically, this value should be the configured DNS record.
  • Do you want to use Let’s Encrypt to generate a free SSL certificate? (y/n):Specify y to generate a trusted SSL certificate using Let’s Encrypt. You will be prompted to enter an email address for expiration reminders from Let’s Encrypt. For more information, see Certificate Options.Alternatively, specify n and use the Do you have a SSL certificate to use? option.
  • Enter your installation id:Retrieve an installation id using a valid email at https://bitwarden.com/host. For more information, see What are my installation id and installation key used for?.
  • Enter your installation key:Retrieve an installation key using a valid email at https://bitwarden.com/host. For more information, see What are my installation id and installation key used for?.
  • Do you have a SSL certificate to use? (y/n):If you already have your own SSL certificate, specify y and place the necessary files in the ./bwdata/ssl/your.domain directory. You will be asked whether it is a trusted SSL certificate (y/n). For more information, see Certificate Options.Alternatively, specify n and use the self-signed SSL certificate? option, which is only recommended for testing purposes.
  • Do you want to generate a self-signed SSL certificate? (y/n):Specify y to have Bitwarden generate a self-signed certificate for you. This option is only recommended for testing. For more information, see Certificate Options.If you specify n, your instance will not use an SSL certificate and you will be required to front your installation with a HTTPS proxy, or else Bitwarden applications will not function properly.

After all these steps now we can start Bitwarden:

./bitwarden.sh start

You will have to wait a bit. You will see a Bitwarden Logo and at the End something like this:

Bitwarden is up and running!
===================================================

Step 6: Update your Bitwarden Appliance

./bitwarden.sh updateself

# and then

./bitwarden.sh update

Step 7: Access the Bitwarden Admin page

Verify that all containers are running correctly:

docker ps

At status every container has to be healthy – Congratulations! Bitwarden is now up and running at https://your.domain.com. Visit the web vault in your web browser to confirm that it’s working.

You may now register a new account and log in. You will need to have configured smtp environment variables (see Environment Variables) in order to verify the email for your new account.

If you have any questions, please leave it in the comments. 🙂