Vaultwarden on Oracle Cloud VPS

Complete guide to deploying Vaultwarden password manager on Oracle Cloud's free tier VPS with Cloudflare Argo Tunneling for secure access.

Vaultwarden Password Manager

Video [IBRACORP Video Tutorial - Coming Soon]

Useful Links

Related Videos

Password Security Best Practices
Oracle Cloud Setup
Cloudflare Configuration

Disclaimer

Thank you for choosing to collaborate with IBRACORP 🙏

Please read our disclaimer https://docs.ibracorp.io/disclaimer

Credits

Role	Contributor
Writer / Producer	Sycotix
Video Recording and Voice	Sycotix
Contributor	North
Testing / Proofreading	Hawks, DiscDuck

Feature List

Comprehensive Password Management Solution

Self-Hosted Bitwarden Server - Open-source alternative to Bitwarden
Oracle Cloud Free Tier - Leverage free VPS hosting
Cloudflare Argo Tunneling - Secure external access without port forwarding
Docker Containerization - Easy deployment and management
Web Vault Interface - Access from any browser
Mobile App Support - iOS and Android compatibility
Browser Extensions - Chrome, Firefox, Safari support
Two-Factor Authentication - Enhanced security options
Secure File Attachments - Store files alongside passwords
Organization Support - Share passwords with teams
Import/Export Tools - Migrate from other password managers
API Access - Programmatic password management

Prerequisites

Required Accounts and Tools

Oracle Cloud account (free tier available)
Cloudflare account with domain management
SSH client (PuTTY for Windows, Terminal for Mac/Linux)
Basic Linux command line knowledge
Docker and Docker Compose understanding

Oracle Cloud VPS Setup

Create Oracle Cloud Instance

Instance Configuration

Sign in to Oracle Cloud: Visit cloud.oracle.com
Create Compute Instance: Navigate to Compute → Instances
Choose Image: Select Ubuntu 22.04 LTS

Shape Configuration:

Shape: VM.Standard.A1.Flex (Ampere ARM)
OCPUs: 4 (maximum for free tier)
Memory: 24 GB (maximum for free tier)

Network Configuration:

Virtual Cloud Network: Create new or use existing
Subnet: Public subnet
Assign Public IP: Yes

SSH Key Generation

Using PuTTYgen (Windows)

Download PuTTYgen: From PuTTY download page
Generate Keys:
- Key type: RSA
- Number of bits: 2048
- Click "Generate"
- Move mouse for randomness
Save Keys:
- Save public key (.pub file)
- Save private key (.ppk file)
- Copy public key text for Oracle Cloud
Add to Oracle Cloud: Paste public key in SSH Keys section

Initial Server Configuration

Connect via SSH

# Connect to your Oracle Cloud instance
ssh ubuntu@your-public-ip

# Switch to root user
sudo -i

# Update system packages
apt-get update && apt-get upgrade -y

Install Docker and Docker Compose

Docker Installation

# Install Docker dependencies
apt-get install -y apt-transport-https ca-certificates curl gnupg lsb-release

# Add Docker's official GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

# Add Docker repository
echo "deb [arch=arm64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null

# Update package database
apt-get update

# Install Docker
apt-get install -y docker-ce docker-ce-cli containerd.io

# Enable Docker service
systemctl enable docker
systemctl start docker

Docker Compose Installation

# Download Docker Compose for ARM64
curl -L "https://github.com/docker/compose/releases/download/v2.20.0/docker-compose-linux-aarch64" -o /usr/local/bin/docker-compose

# Make executable
chmod +x /usr/local/bin/docker-compose

# Verify installation
docker-compose --version

Vaultwarden Deployment

Create Directory Structure

Setup Project Directories

# Navigate to home directory
cd /home/ubuntu/

# Create project structure
mkdir -p containers/vaultwarden
cd containers/vaultwarden

# Create data directory
mkdir data

Docker Compose Configuration

Create docker-compose.yml

version: '3.8'

services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: unless-stopped
    environment:
      # Basic Configuration
      - DOMAIN=https://vault.yourdomain.com
      - WEBSOCKET_ENABLED=true
      - WEBSOCKET_PORT=3012
      - WEBSOCKET_ADDRESS=0.0.0.0

      # Security Settings
      - SIGNUPS_ALLOWED=false
      - SIGNUPS_VERIFY=true
      - SIGNUPS_DOMAINS_WHITELIST=yourdomain.com
      - EMERGENCY_ACCESS_ALLOWED=true
      - SENDS_ALLOWED=true

      # Email Configuration (Optional)
      - SMTP_HOST=smtp.gmail.com
      - SMTP_FROM=your-email@gmail.com
      - SMTP_PORT=587
      - SMTP_SECURITY=starttls
      - SMTP_USERNAME=your-email@gmail.com
      - SMTP_PASSWORD=your-app-password

      # Admin Panel
      - ADMIN_TOKEN=your-secure-admin-token

      # Performance
      - ROCKET_WORKERS=10

    volumes:
      - ./data:/data

    ports:
      - "80:80"
      - "3012:3012"

    networks:
      - vaultwarden

networks:
  vaultwarden:
    driver: bridge

Environment Variables

Create .env File

# Create environment file
nano .env

# Domain Configuration
DOMAIN=https://vault.yourdomain.com

# Admin Configuration
ADMIN_TOKEN=your-very-secure-random-token-here

# Email Configuration
SMTP_HOST=smtp.gmail.com
SMTP_FROM=your-email@gmail.com
SMTP_USERNAME=your-email@gmail.com
SMTP_PASSWORD=your-google-app-password

# Security Settings
SIGNUPS_ALLOWED=false
SIGNUPS_DOMAINS_WHITELIST=yourdomain.com

Deploy Vaultwarden

Start the Service

# Deploy Vaultwarden
docker-compose up -d

# Check status
docker-compose ps

# View logs
docker-compose logs -f vaultwarden

Cloudflare Argo Tunnel Setup

Install Cloudflared

Install Cloudflare Tunnel Client

# Download cloudflared for ARM64
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64

# Make executable and move to PATH
chmod +x cloudflared-linux-arm64
mv cloudflared-linux-arm64 /usr/local/bin/cloudflared

# Verify installation
cloudflared --version

Authenticate with Cloudflare

Login to Cloudflare

# Authenticate with Cloudflare
cloudflared tunnel login

This will open a browser window to authenticate with your Cloudflare account.

Create Tunnel

Setup Tunnel Configuration

# Create a new tunnel
cloudflared tunnel create vaultwarden-tunnel

# Note the tunnel UUID from output
# Create tunnel configuration directory
mkdir -p /home/ubuntu/.cloudflared

# Create tunnel configuration
nano /home/ubuntu/.cloudflared/config.yml

Tunnel Configuration (config.yml)

tunnel: vaultwarden-tunnel
credentials-file: /home/ubuntu/.cloudflared/your-tunnel-uuid.json

ingress:
  # Vaultwarden web interface
  - hostname: vault.yourdomain.com
    service: http://localhost:80
    originRequest:
      noTLSVerify: true

  # Vaultwarden websocket
  - hostname: vault.yourdomain.com
    path: /notifications/hub
    service: http://localhost:3012
    originRequest:
      noTLSVerify: true

  # Catch-all rule (required)
  - service: http_status:404

Configure DNS

Create DNS Records

# Create DNS record for your domain
cloudflared tunnel route dns vaultwarden-tunnel vault.yourdomain.com

Install Tunnel as Service

Create systemd Service

# Install tunnel as a service
cloudflared service install

# Start and enable the service
systemctl start cloudflared
systemctl enable cloudflared

# Check service status
systemctl status cloudflared

Initial Vaultwarden Configuration

Create Admin Account

First User Setup

Access Vaultwarden: Navigate to https://vault.yourdomain.com
Create Account: Click "Create Account"

Fill Details:

Email: your-email@yourdomain.com
Name: Your Name
Master Password: Strong, unique password

Verify Email: Check email for verification link

Admin Panel Configuration

Access Admin Panel

Navigate: https://vault.yourdomain.com/admin
Enter Admin Token: Use token from .env file
Configure Settings:
- Disable user registrations
- Configure SMTP settings
- Set up backup schedules
- Configure two-factor authentication

Security Hardening

Additional Security Measures

# Create backup script
nano /home/ubuntu/backup-vaultwarden.sh

#!/bin/bash
# Vaultwarden backup script

BACKUP_DIR="/home/ubuntu/backups"
DATE=$(date +%Y%m%d_%H%M%S)

# Create backup directory
mkdir -p $BACKUP_DIR

# Stop Vaultwarden
cd /home/ubuntu/containers/vaultwarden
docker-compose stop

# Create backup
tar -czf $BACKUP_DIR/vaultwarden_backup_$DATE.tar.gz data/

# Start Vaultwarden
docker-compose start

# Keep only last 30 backups
find $BACKUP_DIR -name "vaultwarden_backup_*.tar.gz" -mtime +30 -delete

echo "Backup completed: vaultwarden_backup_$DATE.tar.gz"

# Make backup script executable
chmod +x /home/ubuntu/backup-vaultwarden.sh

# Add to crontab for daily backups
crontab -e
# Add this line:
# 0 2 * * * /home/ubuntu/backup-vaultwarden.sh

Client Configuration

Browser Extensions

Install Bitwarden Extensions

Chrome: Chrome Web Store
Firefox: Firefox Add-ons
Safari: Mac App Store

Configure Extension

Open Extension: Click Bitwarden icon
Settings: Click gear icon
Server URL: Enter https://vault.yourdomain.com
Login: Use your Vaultwarden credentials

Mobile Apps

iOS and Android Setup

Download App: Search "Bitwarden" in app store
Install and Open: Launch the app
Configure Server:
- Tap settings gear
- Select "Self-hosted"
- Enter server URL: https://vault.yourdomain.com
Login: Use your credentials

Maintenance and Monitoring

Update Vaultwarden

Regular Updates

# Navigate to project directory
cd /home/ubuntu/containers/vaultwarden

# Pull latest image
docker-compose pull

# Recreate container with new image
docker-compose up -d

# Clean up old images
docker image prune -f

Monitor Logs

Log Management

# View real-time logs
docker-compose logs -f vaultwarden

# View last 100 lines
docker-compose logs --tail=100 vaultwarden

# View logs from last hour
docker-compose logs --since 1h vaultwarden

Performance Monitoring

System Monitoring

# Check container resource usage
docker stats vaultwarden

# Check disk usage
df -h

# Check memory usage
free -h

# Check Cloudflare tunnel status
systemctl status cloudflared

Troubleshooting

Common Issues

Connection Problems

Tunnel Not Working: Check Cloudflare tunnel status:

systemctl status cloudflared
journalctl -u cloudflared -f

Container Not Starting: Check Docker logs:
```
docker-compose logs vaultwarden
```
Email Not Working: Verify SMTP settings in admin panel

Performance Issues

Slow Response: Check system resources:
```
htop
iotop
```
High Memory Usage: Restart container:
```
docker-compose restart vaultwarden
```

Recovery Procedures

Restore from Backup

# Stop Vaultwarden
docker-compose stop

# Remove current data
rm -rf data/

# Extract backup
tar -xzf /home/ubuntu/backups/vaultwarden_backup_YYYYMMDD_HHMMSS.tar.gz

# Start Vaultwarden
docker-compose start

Security Best Practices

Regular Security Tasks

Monthly Security Checklist

Update System: Keep Oracle Cloud VPS updated
Backup Verification: Test backup restore process
Access Review: Review user accounts and permissions
Log Analysis: Check access logs for suspicious activity
SSL Certificate: Verify Cloudflare SSL is working
Password Audit: Use Vaultwarden's password audit tools

Advanced Security

Additional Hardening

# Configure firewall (if needed)
ufw enable
ufw allow ssh
ufw allow from any to any port 80
ufw allow from any to any port 3012

# Disable password authentication
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
systemctl restart ssh

# Enable fail2ban
apt-get install fail2ban
systemctl enable fail2ban
systemctl start fail2ban

Special Thanks

Daniel García for creating and maintaining Vaultwarden
Oracle Cloud for providing free tier VPS hosting
Cloudflare for secure tunnel technology
To our fantastic Discord community and our Admins DiscDuck and Hawks for their input and testing

Please support the developers and creators involved in this work to help show them some love. ❤️

Final Words

We hope you enjoyed this guide. It was conceptualized, written, and implemented by our Admin Sycotix.

Support Us

Our work sometimes takes months to research and develop.

If you want to help support us please consider:

Liking and Subscribing to our Youtube channel
Joining our Discord server
Becoming a paid member on our IBRACORP website
Donating via Paypal

Thank you for being part of our community!

Credits​

Feature List​

Prerequisites​

Oracle Cloud VPS Setup​

Create Oracle Cloud Instance​

SSH Key Generation​

Initial Server Configuration​

Install Docker and Docker Compose​

Vaultwarden Deployment​

Create Directory Structure​

Docker Compose Configuration​

Environment Variables​

Deploy Vaultwarden​

Cloudflare Argo Tunnel Setup​

Install Cloudflared​

Authenticate with Cloudflare​

Create Tunnel​

Configure DNS​

Install Tunnel as Service​

Initial Vaultwarden Configuration​

Create Admin Account​

Admin Panel Configuration​

Security Hardening​

Client Configuration​

Browser Extensions​

Mobile Apps​

Maintenance and Monitoring​

Update Vaultwarden​

Monitor Logs​

Performance Monitoring​

Troubleshooting​

Common Issues​

Recovery Procedures​

Security Best Practices​

Regular Security Tasks​

Advanced Security​

Special Thanks​

Final Words​

Support Us​