Vaultwarden - Deathraymind/HomeLab GitHub Wiki
Documentation: Setting Up a Vaultwarden Server for Two-Factor Authentication
Introduction
This guide explains how to set up a Vaultwarden server for handling two-factor authentication (2FA) codes as an alternative to Authy. Vaultwarden is a lightweight, self-hosted Bitwarden server alternative. Additionally, it includes steps to secure the server with HTTPS using Cloudflare and Nginx.
Prerequisites
- A server with Docker installed.
- A domain managed with Cloudflare.
- Nginx for reverse proxy setup.
- Basic understanding of Docker, Nginx, and SSL.
Steps to Set Up Vaultwarden
1. Installing Docker and Docker Compose
- Install Docker:
sudo apt install docker - Install Docker Compose:
sudo apt install docker-compose
2. Pulling the Vaultwarden Docker Image
- Pull the latest Vaultwarden server image:
sudo docker pull vaultwarden/server:latest
3. Setting Up the Vaultwarden Directory
- Create a directory for Vaultwarden data:
sudo mkdir /srv/vaultwarden - Set appropriate permissions:
sudo chmod go-rwx /srv/vaultwarden
4. Running the Vaultwarden Container
- Start the Vaultwarden Docker container:
sudo docker run -d --name vaultwarden -v /srv/vaultwarden:/data -e WEBSOCKET_ENABLED=true -p 8080:80 -p 3012:3012 --restart unless-stopped vaultwarden/server:latest
5. Accessing Vaultwarden
- Access the Vaultwarden server by navigating to
http://[your-server-ip]:8080(e.g.,172.16.16.70:8080).
6. Configuring HTTPS with Cloudflare and Nginx
- DNS Configuration in Cloudflare:
- Create a new CNAME record pointing to your domain (e.g.,
bitwarden.example.netCNAMEexample.net).
- Create a new CNAME record pointing to your domain (e.g.,
- Setting Up Nginx Reverse Proxy:
- Go to your Nginx configuration and set up a new proxy for Vaultwarden:
- Proxy Name:
bitwarden.example.net - Proxy Pass URL:
http://172.16.16.70:8080(replace with your Vaultwarden server IP and port). - Block common exploits.
- Proxy Name:
- Go to your Nginx configuration and set up a new proxy for Vaultwarden:
- SSL Configuration:
- In the SSL tab, set SSL to DNS wildcard (e.g.,
*.example.com). - Enable the option to force SSL.
- In the SSL tab, set SSL to DNS wildcard (e.g.,
7. Finalizing Setup
- After setting up the proxy and SSL, visit
https://bitwarden.example.netto access your secured Vaultwarden server.
Conclusion
By following these steps, you have successfully set up a Vaultwarden server for managing 2FA codes, providing an alternative to Authy. The server is accessible via a secure connection through Nginx and Cloudflare, ensuring data safety and privacy. Regularly check for updates to Vaultwarden, Docker, and Nginx to maintain security and performance.