This repository helps to host your own Vaultwarden instance on your server or a raspberry-pi.
Edit your settings in the .env
file.
Start the containers with
docker-compose up -d
In the docker-compose.yml file the admin-token is disabled. If this setting is disabled you are not able to open the
admin page (yourhost.local/admin
).
By default, anyone who can access your instance can register for a new account. To disable this, set the
SIGNUPS_ALLOWED
env variable to false.
You can restrict registration to email addresses from certain domains by setting SIGNUPS_DOMAINS_WHITELIST
accordingly.
Require email verification to finish the registration.
Even when registration is disabled (SIGNUPS_ALLOWED
), organization administrators or owners can invite users to join
organization.
Activated the admin page. This page allows server administrators to view all the registered users and to delete them. It also shows inviting new users, even when registration is disabled.
If you have another method to authenticate the admin page then you can set the DISABLE_ADMIN_TOKEN
variable to true.
Informs the browser and desktop Bitwarden clients that some event of interest has occurred, such as when an entry in the password database has been modified or deleted.
This setting is not applicable to mobile Bitwarden clients (Android/iOS) because these use the native push notification service instead.
The domain of your vaultwarden instance (should be the same as VIRTUAL_HOST
).
This is required for U2F and FIDO2 WebAuthn authentication.
You need a YUBICO_CLIENT_ID
and YUBICO_SECRET_KEY
to allow authentication with a Yubikey.
If YUBICO_SERVER
is not set the default YubiCloud servers are used.
SMTP_HOST
: The host server of the mail serverSMTP_FROM
: the mail address which should be used for sending mailsSMTP_PORT
: the port of the smtp serverSMTP_SECURITY
: the protocol that should be used (default: starttls, options: force_tls, off, starttls)SMTP_USERNAME
: the username of the smtp userSMTP_PASSWORD
: the password of the smtp user
This requires to set the DOMAIN
variable.
Usually, password hints are sent by email. But as vaultwarden is made with small or personal deployment in mind, hints are also available from the password hint page, so you don't have to configure an email service.
LOG_LEVEL
: options are: "trace", "debug", "info", "warn", "error" or "off". NOTE: Using the log level "warn" or "error" still allows Fail2Ban to work properly.USE_SYSLOG
EXTENDED_LOGGING