This guide walks through self-hosted installation of Bitwarden on Linux servers. Choose between Bitwarden Standard (enterprise-ready, 11 containers) or Bitwarden Lite (personal/home lab, single container).
| Feature | Bitwarden Standard | Bitwarden Lite |
|---|---|---|
| Use Case | Enterprise, Organizations | Personal, Home Lab |
| Containers | 11 services | 1 container |
| Database | Microsoft SQL Server | SQLite (default), PostgreSQL, MySQL |
| RAM Required | 4GB+ | 512MB+ |
| CPU Required | 2+ cores | 1 core |
| Premium Features | License required | License required |
| Official Support | β Yes | β Yes |
Bitwarden Standard:
Bitwarden Lite:
For Docker installation, see Docker.
Recommended for organizations, teams, and production environments requiring full feature set.
Install Git to clone the project repository.
sudo apt-get update && sudo apt-get install -y git
Download the official Bitwarden installer script.
git clone https://github.com/bitwarden/self-host bitwarden
cd bitwarden
Execute the installation script to configure and deploy Bitwarden.
sudo ./bitwarden.sh
The script will:
Access the web vault at https://your-domain.com and create your admin account.
Released December 2025 β Single container deployment for personal use.
sudo mkdir -p /opt/bitwarden-lite
sudo chown $USER:$USER /opt/bitwarden-lite
cd /opt/bitwarden-lite
Create docker-compose.yml:
version: "3.8"
services:
bitwarden-lite:
image: ghcr.io/bitwarden/lite:latest
container_name: bitwarden-lite
restart: unless-stopped
ports:
- "8080:8080"
volumes:
- ./data:/etc/bitwarden
environment:
# Domain configuration
BW_DOMAIN: bitwarden.example.com
# Database (SQLite default)
BW_DB_PROVIDER: sqlite
# Installation credentials (from bitwarden.com/host)
BW_INSTALLATION_ID: "your-installation-id"
BW_INSTALLATION_KEY: "your-installation-key"
# Optional: External database
# BW_DB_PROVIDER: postgresql
# BW_DB_CONNECTION_STRING: "Host=db;Database=bitwarden;Username=bw;Password=secret"
# SMTP configuration (recommended)
BW_SMTP_HOST: smtp.example.com
BW_SMTP_PORT: 587
BW_SMTP_SSL: "false"
BW_SMTP_FROM: bitwarden@example.com
BW_SMTP_USERNAME: smtp-username
BW_SMTP_PASSWORD: smtp-password
# User permissions
PUID: 1000
PGID: 1000
# Admin token (optional, for admin API)
# BW_ADMIN_TOKEN: "your-admin-token"
docker compose up -d
Set up Nginx or Traefik for TLS termination. Example Nginx configuration:
server {
listen 80;
server_name bitwarden.example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name bitwarden.example.com;
ssl_certificate /etc/letsencrypt/live/bitwarden.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bitwarden.example.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
For advanced users who want full control over configuration.
sudo mkdir -p /opt/bitwarden
sudo chown $USER:$USER /opt/bitwarden
cd /opt/bitwarden
Create docker-compose.yml with all required services:
version: "3.8"
services:
bitwarden-api:
image: ghcr.io/bitwarden/bitwarden:2026.2.0
container_name: bw-api
restart: unless-stopped
environment:
- ASPNETCORE_URLS=http://+:8080
- globalSettings__baseServiceUri__internalApi=http://bw-api:8080
- globalSettings__baseServiceUri__internalIdentity=http://bw-identity:8080
- globalSettings__baseServiceUri__internalNotifications=http://bw-notifications:8080
volumes:
- ./bw-data:/etc/bitwarden
depends_on:
- bw-mssql
- bw-redis
bitwarden-web:
image: ghcr.io/bitwarden/web-vault:2026.2.0
container_name: bw-web
restart: unless-stopped
environment:
- ENV=production
- SELF_HOST=true
- URL=https://bitwarden.example.com
depends_on:
- bw-api
bw-mssql:
image: mcr.microsoft.com/mssql/server:2022-latest
container_name: bw-mssql
restart: unless-stopped
environment:
- ACCEPT_EULA=Y
- MSSQL_SA_PASSWORD=YourStrongPassword123!
- MSSQL_USER=sa
volumes:
- ./mssql-data:/var/opt/mssql
bw-redis:
image: redis:7-alpine
container_name: bw-redis
restart: unless-stopped
volumes:
- ./redis-data:/data
# Additional services: identity, sso, events, admin, migrations, nginx
# See full compose file in documentation
β οΈ Note: This is a simplified example. Full deployment requires 11 services. Use the official installer script for complete setup.
docker compose up -d
https://your-domain.com# Check container status
docker compose ps
# View logs
docker compose logs -f
# Test API endpoint
curl -k https://your-domain.com/api/health
Create backup script for database and configuration:
#!/bin/bash
BACKUP_DIR="/backup/bitwarden"
DATE=$(date +%Y%m%d_%H%M%S)
# Create backup directory
mkdir -p $BACKUP_DIR
# Backup Docker volumes
tar -czf $BACKUP_DIR/bw-data-$DATE.tar.gz /opt/bitwarden/bw-data
# Backup database (for Lite with external DB)
# docker exec bw-lite pg_dump -U bitwarden bitwarden > $BACKUP_DIR/bw-db-$DATE.sql
# Keep last 7 backups
find $BACKUP_DIR -name "*.tar.gz" -mtime +7 -delete
echo "Backup completed: $DATE"
Prefer automation? See Bitwarden Ansible Setup for an example playbook.
Need more Docker details? See Bitwarden Docker Setup for Docker Compose configurations.
Container fails to start:
# Check logs
docker compose logs bitwarden
# Verify ports are not in use
sudo netstat -tlnp | grep :8080
Database connection errors:
# Check MSSQL container
docker compose logs bw-mssql
# Verify network connectivity
docker compose exec bw-api ping bw-mssql
SSL certificate issues:
# Renew Let's Encrypt certificates
sudo certbot renew
# Check certificate paths
ls -la /etc/letsencrypt/live/your-domain/
Any questions?
Feel free to contact us. Find all contact information on our contact page.