Vaultwarden is an open-source password manager that is a fork of Bitwarden. It is written in Rust and is designed to be lightweight, easy to set up, and run on various platforms. Vaultwarden is an alternative backend for the password manager Bitwarden, and while it does not implement the same feature set as the Bitwarden server, its setup is much simpler. Vaultwarden is a great option for small businesses because it is lightweight and runs well on devices with limited resources, such as Raspberry Pi and Synology NAS. It is also easy to set up and use, making it a great choice for businesses that do not have dedicated IT staff. Additionally, Vaultwarden is open-source, which means that businesses can customize it to meet their specific needs.
Join my Discord now: https://discord.gg/YbSYGsQYES
Pulling And Running The Vaultwarden Container
Create a new network for the containers.
podman network create n_vaultwarden
Pull and start the Vaultwarden container with permanent storage created in the project directory (vw-data).
The port 8000 of the host is forwarded to the port 80 of the container.
podman run --network n_vaultwarden -d --rm \
--name vaultwarden -v ./vw-data/:/data/ \
-p 8000:80 docker.io/vaultwarden/server:latest
Navigate in a web browser to the http://localhost:8000 and check if it works.
The solution uses an integrated SQLite database and non-encrypted HTTP connection.
Pulling And Setting An SSL Reverse Proxy With Nginx
Using an SSL reverse proxy is a great way to protect your application from cyber attacks and intellectual property theft. Reverse proxies are situated directly before backend servers in the direction of incoming traffic flow, which allows them to filter out potentially malicious connection requests.
Reverse proxies also provide an important layer of additional cyber security. They help increase performance, reliability, and security by providing load balancing for web applications and APIs. They can offload services from applications to improve performance through SSL acceleration, caching, and intelligent compression. By enforcing web application security, a reverse proxy also enables federated security services for multiple applications.
Create an Nginx configuration file for your SSL proxy.
server {
listen 443 ssl;
server_name your_domain.com;
ssl_certificate /etc/nginx/cert.pem;
ssl_certificate_key /etc/nginx/key.pem;
location / {
proxy_pass http://<published_ip>:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
Create a test x509 certificate and key for testing the configuration. Do NOT use it in production setup!
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
Start the Nginx proxy container.
podman run --network n_vaultwarden -d --rm \
--name nginx -p 4430:443 \
-v ./nginx-conf:/etc/nginx/conf.d \
-v ./certs/cert.pem:/etc/nginx/cert.pem \
-v ./certs/key.pem:/etc/nginx/key.pem \
docker.io/library/nginx
Test the HTTPS connection with navigating to the https://<published_ip>:4430 and accept the server certificate before signing in Vaultwarden.
It is time for a valid certificate!
Creating A Docker Compose File
Using the compose service it is easier to bring up and down the service.
---
services:
server:
networks:
- n_vaultwarden
container_name: vaultwarden
volumes:
- ./vw-data/:/data/
ports:
- 8000:80
image: docker.io/vaultwarden/server:latest
nginx:
networks:
- n_vaultwarden
container_name: nginx_proxy
ports:
- 4430:443
volumes:
- ./nginx-conf:/etc/nginx/conf.d
- ./certs/cert.pem:/etc/nginx/cert.pem
- ./certs/key.pem:/etc/nginx/key.pem
image: docker.io/library/nginx
networks:
n_vaultwarden:
external:
name: n_vaultwarden
Now you can start the services with Podman Compose.
podman-compose up -d
Join my Discord now: https://discord.gg/YbSYGsQYES
Tom's IT Cafe 