Step 1 – Verify Vaultwarden Works

Your server’s IP address and root password are shown on the Server Details page in your client panel. Open your browser and go to:

https://your.server.ip

If the login page loads, Vaultwarden is working correctly.

If you placed the server behind a VyOS router on a private network, either configure port forwarding (ports 80 and 443), or connect over a VPN and reach Vaultwarden on the server’s private IP.

Step 2 – Create Your Account

On the login page, click Create account. Enter your email address, name, and choose a master password.

After registration, log in with your email and master password. This is your personal vault where you can store passwords, notes, cards and identities.

Step 3 – Connect Bitwarden Clients

Vaultwarden is compatible with all official Bitwarden clients:

• Browser extension: Chrome, Firefox, Edge, Safari
• Desktop app: Windows, macOS, Linux
• Mobile app: iOS, Android

Before logging in, point the client to your server:

1. On the login screen, click the region selector (or gear icon) and choose Self-hosted
2. Enter your server URL: https://your.server.ip
3. Save and log in with your email and master password

Once connected, all your passwords sync automatically across all devices.

Step 4 – Set Up a Domain and SSL (Recommended)

For the best experience with Bitwarden clients, set up a domain with a proper SSL certificate:

1. Create a DNS A record pointing your domain to the server IP (e.g. vault.yourdomain.com → your.server.ip).

2. SSH into your server and run:

ssh root@your.server.ip

/opt/setup/get-ssl.sh vault.yourdomain.com

3. Update the Vaultwarden config:

sed -i "s|^DOMAIN=.*|DOMAIN=https://vault.yourdomain.com|" /opt/vaultwarden/.env
systemctl restart vaultwarden

4. Update the server URL in your Bitwarden clients to https://vault.yourdomain.com.

Step 5 – Admin Panel (Optional)

Vaultwarden includes an admin panel for managing users, organizations and server settings. To enable it, SSH into your server and set an admin token:

echo 'ADMIN_TOKEN=your-secret-token-here' >> /opt/vaultwarden/.env
systemctl restart vaultwarden

Then open https://your.server.ip/admin and enter the token. From the admin panel you can:

• Invite or delete users
• Disable open registration
• Manage organizations
• View server diagnostics

Fail2Ban – Brute-Force Protection

Your server comes with Fail2Ban pre-configured to protect both SSH and the Vaultwarden web interface from brute-force attacks.

Useful commands:

# Check banned IPs
fail2ban-client status sshd
fail2ban-client status vaultwarden

# Unban an IP
fail2ban-client set sshd unbanip 1.2.3.4

If you accidentally lock yourself out, connect via VNC console in your client panel and unban your IP.

Service Management

# Check status
systemctl status vaultwarden nginx

# Restart Vaultwarden
systemctl restart vaultwarden

# View logs
journalctl -u vaultwarden -f

# Edit config
nano /opt/vaultwarden/.env

# Backup database (SQLite)
cp /opt/vaultwarden/data/db.sqlite3 /root/vaultwarden-backup-$(date +%Y%m%d).sqlite3

Updates

Vaultwarden is installed as a standalone binary and does not update automatically. To update, replace the binary with a newer version extracted from the official Docker image:

# On a machine with Docker, extract the new binary:
docker pull vaultwarden/server:latest-alpine
CID=$(docker create vaultwarden/server:latest-alpine)
docker cp $CID:/vaultwarden /tmp/vaultwarden
docker rm $CID

# Copy to your server and replace:
scp /tmp/vaultwarden root@your.server.ip:/tmp/
ssh root@your.server.ip "systemctl stop vaultwarden && cp /tmp/vaultwarden /opt/vaultwarden/vaultwarden && chmod +x /opt/vaultwarden/vaultwarden && systemctl start vaultwarden"

OS updates:

apt update && apt upgrade -y

Software Included

• Vaultwarden Wiki: github.com/dani-garcia/vaultwarden/wiki
• Bitwarden Help Center: bitwarden.com/help
• Bitwarden Clients: bitwarden.com/download