Ever feel uneasy about storing all your passwords in someone else’s cloud? I totally get it. After years of using various password managers, I finally took the plunge and self-hosted my own Bitwarden instance on my Proxmox cluster. And let me tell you – it’s been a game-changer!
In this tutorial, I’ll walk you through exactly how I set up a fully functional, secure Bitwarden server using Proxmox, complete with SSL certificates and a custom domain. By the end, you’ll have your own private password vault that you control entirely.
Why Self-Host Bitwarden?
Before we dive in, let’s talk about why you might want to do this. Sure, Bitwarden’s cloud service is excellent and reasonably priced, but self-hosting gives you:
- Complete control over your data
- No monthly fees (beyond your server costs)
- Custom features and configurations
- Learning experience with containerization and server management
- Peace of mind knowing exactly where your passwords live
What You’ll Need
Here’s what I used for this setup:
- Proxmox VE cluster (or single node)
- A domain name with DNS control
- Basic understanding of Linux command line
- About 30-60 minutes of your time
Step 1: Creating the Proxmox Container
First things first – let’s create a new LXC container in Proxmox. I went with Ubuntu 22.04 LTS for this build because it’s rock-solid and well-supported.
Container Specifications
I allocated these resources for my Bitwarden instance:
- CPU: 2 cores
- RAM: 2GB
- Storage: 20GB
- Network: Bridge to your main network
Log into your Proxmox web interface and create the container with these specs. Once it’s running, SSH into it and let’s get started with the software installation.
Step 2: Installing Docker and Docker Compose
Bitwarden runs beautifully in Docker containers, so that’s our deployment method of choice.
# Update the system
sudo apt update && sudo apt upgrade -y
# Install Docker
sudo apt install docker.io docker-compose -y
# Add your user to the docker group
sudo usermod -aG docker $USER
# Enable Docker to start on boot
sudo systemctl enable docker
sudo systemctl start docker
# Log out and back in for group changes to take effect
Step 3: Setting Up Bitwarden
Now for the fun part! Bitwarden provides an excellent installation script that makes setup incredibly straightforward.
# Create a directory for Bitwarden
mkdir ~/bitwarden
cd ~/bitwarden
# Download the Bitwarden installation script
curl -Lso bitwarden.sh https://go.btwrdn.co/bw-sh
chmod +x bitwarden.sh
# Run the installer
./bitwarden.sh install
The installer will ask you a few questions:
- Domain name: Enter your custom domain (e.g., passwords.yourdomain.com)
- SSL certificate: Choose “Let’s Encrypt” for automatic SSL
- Installation ID and Key: Get these from https://bitwarden.com/host (it’s free!)
Step 4: DNS Configuration
Before starting Bitwarden, make sure your DNS is properly configured. In your domain’s DNS settings, create an A record pointing your chosen subdomain to your Proxmox server’s IP address.
For example:
passwords.yourdomain.com → 192.168.1.100
Give DNS propagation a few minutes to work its magic.
Step 5: Initial Configuration and Startup
With DNS sorted, let’s configure and start our Bitwarden instance:
# Configure Bitwarden
./bitwarden.sh start
The first startup takes a few minutes as Docker downloads all the necessary images. Grab a coffee while you wait!
Step 6: SSL Certificate Setup
If you chose Let’s Encrypt during installation, Bitwarden will automatically request and configure SSL certificates. You can verify this worked by checking:
# Check if certificates were generated
sudo ls -la ./bwdata/ssl/
You should see your domain’s certificate files there.
Step 7: Creating Your Admin Account
Navigate to your new Bitwarden instance at https://passwords.yourdomain.com (or whatever domain you chose). You’ll see the beautiful Bitwarden web vault interface!
Click “Create Account” and set up your master account. This will be your admin account, so choose a strong master password – you know the drill!
Step 8: Configuring the Admin Panel
Bitwarden includes a handy admin panel for server management. Access it at: https://passwords.yourdomain.com/admin
Here you can:
- Configure server settings
- Manage user registrations
- View server statistics
- Configure SMTP for email notifications
I highly recommend setting up SMTP so users can receive email confirmations and password reset links.
Step 9: Client Applications
The beauty of self-hosting Bitwarden is that you can use all the official client applications – they just need to know where to find your server.
Browser Extensions
- Install the Bitwarden browser extension
- Click the settings gear
- Set the server URL to your custom domain
- Log in with your credentials
Mobile Apps
The process is similar on mobile:
- Install the Bitwarden app
- Before logging in, tap the settings gear
- Enter your custom server URL
- Log in normally
Maintenance and Backups
Running your own password manager means you’re responsible for keeping it updated and backed up. Here’s my maintenance routine:
Regular Updates
cd ~/bitwarden
./bitwarden.sh updateself
./bitwarden.sh update
Backup Strategy
I set up automated backups of the bwdata directory to both local storage and an offsite location. Your passwords are too important to lose!
# Simple backup script example
tar -czf bitwarden-backup-$(date +%Y%m%d).tar.gz ./bwdata/
Performance and Monitoring
My Bitwarden instance runs like a dream on the allocated resources. Here’s what I’ve observed:
- RAM usage: Typically around 400-600MB
- CPU usage: Minimal during normal operation
- Response time: Lightning fast on the local network
- Uptime: Rock solid (thanks, Proxmox!)
Troubleshooting Common Issues
SSL Certificate Problems
If Let’s Encrypt fails, check that:
- Your domain is properly pointing to your server
- Port 80 and 443 are accessible from the internet
- Your firewall isn’t blocking the certificate validation
Database Connection Issues
Occasionally, you might see database connection errors. A simple restart usually fixes this:
./bitwarden.sh restart
Memory Issues
If you’re running low on RAM, consider increasing your container’s memory allocation or adding swap space.
Security Considerations
Self-hosting comes with security responsibilities:
- Keep everything updated – OS, Docker, and Bitwarden
- Use strong passwords for your server accounts
- Enable fail2ban to protect against brute force attacks
- Monitor your logs for suspicious activity
- Regular security audits of your setup
Final Thoughts
Setting up self-hosted Bitwarden on Proxmox has been one of my favorite homelab projects. There’s something deeply satisfying about having complete control over such a critical piece of infrastructure.
The installation process is surprisingly straightforward thanks to Bitwarden’s excellent tooling, and the performance has been flawless. Plus, I love being able to customize settings and not worry about subscription renewals.
If you’re on the fence about self-hosting your password manager, I’d encourage you to give it a try. Start with a test setup, migrate a few passwords, and see how it feels. You might just find yourself wondering why you waited so long!
What’s Next?
Now that you’ve got Bitwarden running smoothly, consider exploring:
- Setting up automated backups to cloud storage
- Implementing monitoring with something like Uptime Kuma
- Adding two-factor authentication for extra security
- Configuring email notifications for security events
Have you set up your own Bitwarden instance? I’d love to hear about your experience in the comments below. And if you run into any snags following this tutorial, drop a comment and I’ll do my best to help you troubleshoot!
Remember: With great password power comes great responsibility. Keep your Bitwarden instance updated, backed up, and secure. Your future self will thank you!