 Tommy here from Lauren Systems and we're going to talk about self-hosting Bitwarden. A couple of things I'm going to get away. First, this is not sponsored by Bitwarden. I'm just a longtime Bitwarden user. I've been using it for several years. It's also survived numerous updates. The install has worked flawlessly. I've been really happy with them as a product and thought, hey, a lot of people seem to be asking about an updated install video. Good news is it's the same as when I installed it several years ago. It goes really smooth. But there are important prerequisites. The first one is going to be that you need an SMTP server to be accessible for Bitwarden. If it's not accessible, it's not going to be able to send out those links for user registrations and user setup. Now, it's not sending any passwords via these links, but in order to get a user setup on there, this is something it does is it wants to send an email to that email address because that's how you register your username with it. So, it's an important prerequisite. Now, technically, you could be using an internal server that isn't necessarily externally accessible, that you could intercept those with. I'll throw it out. There's an option for those you're thinking like, could I use some internal mail server just to grab all the mail so it doesn't even go external? That is a possibility. We just have it going to our normal company mail. The server itself also needs a valid SSL certificate and a domain. Now, it can be a subdomain like your Bitwarden.yourdomain.com. And if you have this public facing, you could use Let's Encrypt, which is built in to the Bitwarden installer. So, it will ask you, hey, would you like to set up Let's Encrypt? What's your domain? And it'll set that up, and we'll go through that during the install process. The alternative option, and you can still give it whatever domain name you're going to give it, fully qualified domain name via a reverse proxy. I personally use HA proxy, but other reverse proxies will work fine. You can use a wildcard certificate where you get a wildcard cert for your domain and you can create your Bitwarden name, whatever DNS internally and use it. The important aspect is that the Bitwarden browser plugin has access without any certificate errors to the server. This is an important aspect to get this working properly and synchronizing properly. Now, let's dive into the details of actually getting to install. They're pretty easy. I'll be doing it right based on Bitwarden's write-up they have. But before we do that, let's first, are you an individual or company looking for support on a network engineering, storage or virtualization project? Is your company or internal IT team looking for someone to proactively monitor your system security or offer strategic guidance to keep your IT systems operating smoothly? Not only would we love to help consulting your project, we also offer fully managed or co-managed IT service plans for businesses in need of IT administration or IT teams in need of additional support. With our expert install team, we can also assist you with all of your structure, cabling and Wi-Fi planning projects. If any of this piques your interest, fill out our Hire Us form at launtesystems.com so we can start crafting a solution that works for you. If you're not interested in hiring us but you're looking for other ways you want to support this channel, there's affiliate links down below to get you deals and discounts on products and services we talk about on this channel. And now back to our content. Now we're going to be following the official Bitwarden guide on how to install and deploy this on Linux. As you can see, the other prerequisites besides the ones I mentioned are going to be four gigs of memory, dual core processor, two gigahertz processor and 25 gigs of storage. So generally speaking, it doesn't have really high end specs and it doesn't take a lot to run Bitwarden. Of course, that's going to scale depending on how much storage you need in terms of attachments and how many passwords you have in there and the number of users you have. Jumping right down here though to the commands, we're going to make this rather quick by jumping through steps one through seven, which is create Bitwarden user, set password, create Docker group, add the Bitwarden to the Docker group, create Bitwarden directory, set permissions and set the Bitwarden user as owner of that directory. Each one of these commands has a copy and so I don't have to go back and forth. I've copied these all into a single script. So we're going to jump over here to the terminal. I'm using Ubuntu 20.045 LTS. It's the template I already had set up and ready. So we're just going to go ahead and use that template. And we're just going to run this install bitwarden.sh that I created, which just is me copying all the commands into here, all the ones right from the Bitwarden guide. sudo.install bitwarden.sh. And are my sudo password create the password for Bitwarden? Is this information correct? Yes, it is. That part is now complete. So now one through seven are all set. We've created the user, we've created the directory, we've created a place to put all of this. The next one is we're going to get the Bitwarden installation script. And we're just curling the script, grabbing it from Bitwarden officially. So go.bitwarden.co, go ahead and copy that script, paste that in here. And if we want to take a look at it, it's just the bitwarden.sh script, pretty simple bash script that pulls all the different containers and gets Bitwarden going for us. And if we run it locally here, so just running it like this, it shows you the available commands on there. The command specifically where to run is the install command, because we need to install this. So sudo bitwarden install. This is going to go and grab all the proper containers. But before it does that, it wants to know what the domain is for this. Now, if it's public facing, you're going to want to use your fully qualified domain name that's public facing. If it's internal, and you're going to use a self-sensitive reverse proxy, which is the setup I'm going to follow here. I'm just going to throw in the IP address of the machine because I don't feel like giving it an internal name. So let's give it its IP address. Do you want to use Let's Encrypt? Well, unless I'm going to publicly expose this, which I'm not, we're not going to bother with a Let's Encrypt certificate here. So we're going to say no. What's the name of the database for your Bitwarden instance? Tom's Vault sounds good. Tom's Vault. All right. And from there, it's going to pull all the containers and get them ready. Run through a setup, enter your host installation ID, you get that by going here. So let's go ahead and copy this link. You'll put in some email address here, and this will allow you to generate an installation ID that it's asking for. So there's your installation ID there, we can copy that, paste it in, enter your key, paste it in. Do you have an SSL certificate to use? You could import your own SSL cert. That is another option. Do you want to generate a self-signed? That's the option we're going to choose, because as I said, we'll do this with a reverse proxy. Now it's ready for the Bitwarden start. But before we do that, now we need to edit those environment variables. The BW data folder is going to be located under the user that you installed with. So in this case, it was user LTS. So then we're going to go into the BW data, ENV, global dot override dot ENV. So we're going to edit this file. And we want to replace the host with whatever the valid host name is for your SMTP server. That can be an IP address or a full of qualified domain name. Next from there, you're going to want to maybe set the reply email to by default. This is no reply at and because you don't actually send email back to Bitwarden, but you may want to change that to your domain or something that looks more valid and you can set whether or not your SMTP uses SSL, SMTP username, SMTP replace. Now last piece down here is the admin setting and from here you would want to do your email at your.com or whatever yours is. Now this is important because this is the setting for who is the admin. Look at the back end of Bitwarden for certain functions that may be needed for the admin side, not just the user side. It separates that out and I'll show you at the end how that looks on our setup Bitwarden. So once we've done this, we're going to go ahead and exit from here. Now we can actually run through and do the proper starting of Bitwarden. So we'll scroll down here. Once again, I'm mentioning the environment variables and we just want to run this Bitwarden restart. So text copied. So we'll go ahead and kick that off. Well, sudo because LTS has not been added to the Docker permissions group. So we're going to go ahead and do this. Now it's going to make sure it has not just the container in terms of the setup and I was pulling the actual containers and getting him going. That's it. Bitwarden is complete. Now let's go ahead and pull up that IP address. We'll go through the self-signed certificate and show you what it looks like when you first log in. We'll throw in our IP address here, the 172.16.69.2.19. And now we're presented with our login. Now we're going to go ahead and hit create account because we don't have an account yet on this. And then you can create an email address that you want. Tom at xxx.com. Some long master password that will reveal here whatever I matched on the keyboard and paste it in here. No, I'm not remembering this. My master password hint. I think it probably give me an error. Let's find if it does. If I have a hint as the password. Yeah, your password can't be the same as your hint. All right, fair enough. Good job, Bitwarden. Create. Now you're probably thinking, Hey, I can just log in now. Log in with my master password. And I'm in except your account can't be verified until you get that email set up because I didn't put anything valid in there. Well, that isn't going to work. Now the next step after that is going to be going to the plugin itself and you can switch within the plugin where it points to. And that's pretty easy to do. You go over to the plugin. You click the gears. You enter your server URL. In our case, it's going to be 172.16.69.2.19. Now this would obviously give an SSL certificate errors. I think if I even try to do this and it may or may not let me log in. See if it tries to validate it. I think it's got a back end error that I can't see where it says can't validate this SSL. So it'll probably tell me failed to contact the server. Hence why I said you need a valid SSL. Now the last thing I want to mention is the admin side. So 172.16.69.2.19 slash admin. So your Bitwarden URL slash admin and it'll want you to log in. The problem is and it has to be that email address has to match the email address we set in the settings there. This is how you get to the admin side of it. There's no password for this. It actually creates a link that it sends to you via email that then allows you to have a session for that browser to log into there. Sessions don't last very long. So pretty much any time you log into this you're doing a session. Let me show you what it looks like on our server. Now I've blurred out some of the things in here but this is what the dashboard looks like. It shows me my SMTP server settings. It shows me my installation ID, user registration that is enabled. You can actually disable so no new users can register. I have this behind a VPN so that doesn't really matter to me. No one's going to try and re-register as a new user in there without me noticing it because it'll actually prompt me for a license because we use the enterprise version. The other thing you may have noticed at the top here I'm slightly out of date on the server version and it tells you what the latest is and the web installed versus the web latest. This is the last part I want to show you is one when I know this which generally monthly they'll have an update to this. I was going to show you how easy it is to update bitwarden. Now when you're updating an already installed version of bitwarden you may not have the latest bitwarden.sh script. So you can just run update self to self update the bitwarden script. So it says it updated self and then we just change it to .bitwardensh update and it's going to go and see if there's any container updates. Now it's pulling the latest containers. It's now pruning the old containers then it does the migration of database let you know if it's successful database update complete jump back over here to my admin panel and we can see now on the latest version and that covers getting bitwarden set up and maintaining it. We've been running itself hosted for several years now all the updates have gone really smooth. It's been absolutely an excellent project. I really hats off to the team and not having any issues in terms of even having to call support even once because every update has gone as smooth as the ones you've seen here. They do great work on service delivery. Now one more thing that is really important and that is backing things up good news by default enters documentation. I'll link to down below on this bitwarden automatically backs up the database file nightly that is way the default install of the script is configured. You are responsible though to have that data and copy it somewhere or you can just back up the entire system that it's on virtual machine that's on or wherever you installed it whichever methodology is just something else I want people to keep in mind to make sure when they go through all the trouble setting this up that they back up that database file. The install is relatively simple but go ahead and walk through the process and they have that documented for backing it up and even restoring it is also in their documentation. Really cool if they've done that. My final thought is going to be what about vault warden Tom and I'm sure there's some comments down below regarding that. I prefer to support bitwarden who wrote all this code and took the time to secure this product took the time to pay external auditors for code review and keep this system going insecure. I'm leaving it up to you if you want to use of course a third party but my opinion is not to use third party when it comes to my password management security. I take this very seriously that's why we self host it that's why we have it behind a VPN that's why we have it locked down the way we do to just arbitrarily throw in a third party server even if it's still using the same front end plugin doesn't really sit well with me in terms of my thought process on it but you do you I just want to answer the question of will you do a video on vault warden no I do not want to but my understanding is it's relatively easy to install and the instructions are probably floating around out there somewhere but leave your comments and thoughts down below if I'm wrong about something let me know if you have a different opinion because that does seem to start a heated debate over the vault warden thing and let me know if maybe I have something confused or something misread or something misconstrued about how that works other than that head over to my forums for a more in-depth discussion and thank you and thank you for making it all the way to the end of this video if you've enjoyed the content please give us a thumbs up if you would like to see more content from this channel hit the subscribe button and the bell icon if you'd like to hire a short project head over to laurancesystems.com and click the hires button right at the top to help this channel out in other ways there's a join button here for youtube and a patreon page where your support is greatly appreciated for deals discounts and offers check out our affiliate links in the description of all of our videos including a link to our shirt store where we have a wide variety of shirts that we sell and designs come out well randomly so check back frequently and finally our forums forums dot laurancesystems.com is where you can have a more in-depth discussion about this video and other tech topics covered on this channel thanks again for watching and look forward to hearing from you