How to Setup Self Hosted Bitwarden

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

Tommy here from Lawrence systems and we're going to talk about self-hosting bit Warden a couple things I'm Gonna Get Away first this is not sponsored by boat Warden I'm just a long time bit wardened user I've been using it for several years it's also survived numerous updates the install has worked flawlessly I've been really happy with them as a product and thought hey a lot of people seem to be asking about an updated install video good news is it's the same as when I installed it several years ago it goes really smooth but there are a couple important prerequisites and the first one is going to be that you need an SMTP server to be accessible for bit Warden if it's not accessible it's not going to be able to send out those links for user registrations and user setup now it's not sent any passwords via these links but in order to get a user set up on there this is something it does is it wants to send an email to that email address because that's how you register your username with it so that's an important prerequisite now technically you could be using an internal server that isn't necessarily externally accessible that you could intercept those with I'll throw it out there as an option for those you thinking like could I use some internal mail server just to grab all the mail so it doesn't even go external that is a possibility we just have it going to our normal company mail the server itself also needs a valid SSL certificate and a domain now it can be a subdomain like yourbitwarden.yourdomain.com and if you have this public facing you could use let's encrypt which is built in to the bit word installer so it will ask you hey would you like to set up let's encrypt what's your domain and it'll set that up and we'll go through that during the install process the alternative option and you can still give it whatever domain name you're going to give it fully qualified domain name via a reverse proxy I personally use ha proxy but other reverse proxies will work fine you can use a wild card certificate where you get a wildcard shirt per your domain and you can create your bit Warden name whatever DNS internally and use it the important aspect is that the bit Warden browser plugin has access without any certificate errors to the server this is an important aspect to get this working properly and synchronizing properly now let's dive into the details of actually getting to install they're pretty easy I'll be doing it right based on bit words write up they have but before we do that let's first are you an individual or company looking for support on a network engineering storage or virtualization project is your company or internal it team looking for someone to proactively monitor your system's security or offer strategic guidance to keep your it systems operating smoothly Not only would we love to help Consulting your project we also offer fully managed or co-managed it service plans for businesses in need of it Administration or it teams in need of additional support with our expert install team we can also assist you with all of your structured cabling and Wi-Fi planning projects if any of this piques your interest fill out our higher us form at lawrencesystems.com so we can start crafting a solution that works for you if you're not interested in hiring us but you're looking for other ways you want to support this channel there's affiliate links down below to get your deals and discounts on products and services we talk about on this channel and now back to our content now we're going to be following the official bit Warden guide on how to install and deploy this on Linux as you can see the other prerequisites besides the ones I mentioned are going to be four gigs of memory dual core processor 2 gigahertz or faster and 25 gigs of storage so generally speaking it doesn't have really high-end specs and it doesn't take a lot to run bit Warden of course that's going to scale depending on how much storage you need in terms of attachments and how many passwords you have in there and a number of users you have jumping right down here though to the commands we're going to make this rather quick by jumping through steps one through seven which is create bit word user set password create Docker group add the bit Warden to the docker group create bit Warden directory set permissions and set the bit Warden user as owner of that directory each one of these commands has a copy and so I don't have to go back and forth I've copied these all into a single script so we're going to jump over here to the terminal I'm using Ubuntu 20.045 LTS it's the template I already had set up and ready so we're just going to go ahead and use that template and we're just going to run this install bit warden.s sh that I created which just is me capping all the commands into here all the ones right from the bit word guide sudo Dot install a bit more than sh enter my sudo password create the password for bit Warden is this information correct yes it is that part is now complete so now one through seven are all set we've created the user we've created the directory we've created a place to put all of this the next one is we're going to get the bit Warden installation script and we're just curling the script grabbing it from bit Warden officially so go.bitwarden.co go ahead and copy that script paste that in here and if we want to take a look at it it's just the bit warden.sh script pretty simple bash script that pulls all the different containers and gets bit wardened going for us and if we run it locally here so just running it like this it shows you the available commands on there the command specifically you want to run is the install command because we need to install this so sudo bit Warden install this is going to go and grab all the proper containers but before it does that it wants to know what the domain is for this now if it's public facing you're going to want to use your fully qualified domain name that's public facing it's internally and you're going to use a self-centered certificate reverse proxy which is the setup I'm going to follow here I'm just going to throw in the IP address of the machine because I don't feel like giving it an internal name so let's give it its IP address do you want to use let's encrypt well unless I'm going to publicly expose this which I'm not we're not going to bother with a let's encrypt certificate here so we're going to say no what's the name of the database for your bit Wharton instance uh Tom's Vault sounds good Tom's Bolt all right and from there it's going to pull all the containers and get them ready run through setup enter your host installation ID you get that by going here so let's go ahead and copy this link you'll put in some email address here and this will allow you to generate an installation ID that it's asking for so there's your installation ID there we can copy that paste it in enter your key paste it in do you have an SSL certificate to use you could import your SSL cert that is another option do you want to generate a self-assigned that's the option we're going to choose because as I said we'll do this with a reverse proxy now it's ready for the bit Warden start but before we do that now we need to edit those environment variables the BW data folder is going to be located under the user that you installed with so in this case it was user LTS so then we're going to go into the VW data EnV global.override.anv so we're going to edit this file and we want to replace the host with whatever the valid host name is for your SMTP server that can be an IP address or a fully qualified domain name next from there you're going to want to maybe set the reply email to by default that this is no reply at and because you don't actually send email back to bitward but you may want to change that to your domain or something that looks more valid and you can set whether or not your s p uses SSL SMTP username SMTP replace now last piece down here is the admin setting and from here you would want to do your email at your.com or whatever yours is now this is important because this is the setting for who is the admin look at the back end of bit warden for certain functions that may be needed for the admin side not just the user side it separates that out and I'll show you at the end how that looks on our setup bit warden so once we've done this we're going to go ahead and exit from here now we can actually run through and do the proper starting of bit warden so we'll scroll down here once again I'm mentioning the environment variables and we just want to run this bit Warden restart so text copied so we'll go ahead and kick that off well sudo because uh LTS has not been added to the docker permissions group so we're going to go ahead and do this now it's going to make sure it has not just the container in terms of the setup and I was pulling the actual containers and getting them going and that's it bit Warden is complete now let's go ahead and pull up that IP address we'll go through the self-signed certificate and show you what it looks like when you first log in we'll throw in our IP address here the 172 1669-219 and now we're presented with our login now we're going to go ahead and hit create account because we don't have an account yet on this and then you can create an email address that you want Tom at xxx.com um some long master password that will reveal here whatever I mesh on the keyboard and paste it in here no I'm not remembering this my password hint I think it probably will give me an error let's find out if it does if I have a hint as the password yeah your password can't be the same as your hint all right fair enough good job at Orton create now you're probably thinking hey I can just log in now log in with my master password and I'm in accept your account can't be verified until you get that email set up in because I didn't put anything valid in there well that isn't going to work now the next step after that's going to be going to the plugin itself and you can switch within the plugin where it points to and that's pretty easy to do you go over to the plugin you click the gears you enter your server URL in our case it's going to be 172 1669.219. now this would obviously give an SSL certificate errors I think if I even try to do this and it may or may not let me log in see if it tries to validate it I think it's got a back end error that I can't see where it says can't validate this SSL so it'll probably tell me fail to contact the server hence why I said you need to mail it SSL now the last thing I want to mention is the admin side so 172 1669 219 slash admin so your bidward and URL slash admin and it'll want you to log in the problem is and it has to be that email address has to match the email address we set in the settings there this is how you get to the admin side of it there's no password for this it actually creates a link that it sends to you via email that then allows you to have a session for that browser to log into there the sessions don't last very long so pretty much anytime you log into this you're doing a session let me show you what it looks like on our server now I've blurred out some of the things in here but this is what the dashboard looks like it shows me my SMTP server settings it shows me my installation ID user registration that is enabled you can actually disable so no new users can register I have this behind a VPN so that doesn't really matter to me no one's going to try and re-register as a new user in there without me noticing it because it'll actually prompt me for a license because we use the Enterprise version the other thing you may notice at the top here I'm slightly out of date on the server version and it tells you what the latest is and the web installed versus the web latest this is the last part I want to show you is one when I know this which generally monthly will have an update to this I'm going to show you how easy it is to update bit Warden now when you're updating an already installed version of bitwarden you may not have the latest bit warden.sh script so you can just run update self to self update the bit word and script so it says it update itself and then we just change it to dot bit wardensh update and it's going to go and see if there's any container updates now it's pulling the latest containers it's now pruning the old containers then it does the migration in a database lets you know if it's successful database update complete jump back over here to my admin panel and we can see now I'm on the latest version and that covers getting bit Warden setup and maintaining it we've been running itself posted for several years now all the updates have gone really smooth it's been absolutely an excellent project I really hats off to the team and not having any issues in terms of even having to call support even once because every update has gone as smooth as the ones you've seen here they do great work on Service delivery now one more thing that is really important and that is backing things up Good News by default enters documentation I'll link to Down Below on this bit Warden automatically backs up the database file nightly that is the way the default install of the script is configured you are responsible though to have that data and copy it somewhere or you can just back up the entire system that it's on virtual machine that's on or wherever you installed it whichever methodology it's just something else I want people to keep in mind to make sure when they go through all the trouble setting this up that they back up that database file the install is relatively simple but go ahead and walk through the process and they have that documented for backing it up and even restoring it is also in their documentation really cool if they've done that my final thought is going to be what about volt Warden Tom and I'm sure there's some comments down below regarding that I prefer to support bit Warden who wrote all this code and took the time to secure this product took the time to pay external Auditors for code review and keep this system going insecure I'm leaving it up to you if you want to use of course a third party but my opinion is not to use third party when it comes to my password management security I take this very seriously that's why we self-host it that's why we have it behind a VPN that's why we haven't locked down the way we do to just arbitrarily throw in a third-party server even if it's still using the same front-end plugin doesn't really sit well with me in terms of my thought process on it but you do you I'm just wanna and answer the question of will you do a video on vault Warden no I do not want to but my understanding is it's relatively easy to install and the instructions are probably floating around out there somewhere but leave your comments and thoughts down below if I'm wrong about something let me know if you have a different opinion because that does seem to start a heated debate over the Vault Warden thing and let me know if maybe I have something confused or something misread or something misconstrued about how that works other than that head over to my forums for a more in-depth discussion and thank you and thank you for making it all the way to the end of this video if you've enjoyed the content please give us a thumbs up if you would like to see more content from this channel hit the Subscribe button and the bell icon if you'd like to hire a short project head over to lawrencesystems.com and click the hires button right at the top to help this channel out in other ways there's a join button here for YouTube and a patreon page where your support is greatly appreciated for deals discounts and offers check out our affiliate links in the description of all of our videos including a link to our shirt store where we have a wide variety of shirts that we sell and Designs come out well randomly so check back frequently and finally our forums forums.lorentsystems.com is where you can have a more in-depth discussion about this video and other Tech topics covered on this channel thanks again for watching and look forward to hearing from you

Info

Channel: Lawrence Systems

Views: 115,987

Rating: undefined out of 5

Keywords: LawrenceSystems, self host bitwarden, bitwarden self hosted, self host bitwarden docker, self host bitwarden server, bitwarden password manager, bitwarden review, self hosted, bitwarden tutorial, open source, open source software, password manager, bitwarden docker, best password manager, credential management system, how to host bitwarden, password manager app, how to setup bitwarden

Id: SSLGa0LjTrA

Channel Id: undefined

Length: 15min 10sec (910 seconds)

Published: Wed Dec 28 2022