Vaultwarden is a lightweight server that speaks the Bitwarden protocol — so you use the same polished Bitwarden browser extensions and mobile apps, but the vault lives on your server. It’s tiny: it happily runs on the cheapest VPS you can find.
Prerequisites
- A small VPS — 1 vCPU / 1 GB RAM is more than enough (cheap options).
- A domain like
vault.yourdomain.com(point a domain to your VPS). - Docker + Docker Compose, and a reverse proxy for HTTPS.
Step 1 — Compose file
services:
vaultwarden:
image: vaultwarden/server:latest
restart: always
volumes:
- ./vw-data:/data
environment:
DOMAIN: "https://vault.yourdomain.com"
SIGNUPS_ALLOWED: "true" # set to false after you create your account
ports:
- "8080:80"Step 2 — Start and create your account
docker compose up -dOnce HTTPS is live (next step), open the site, create your account, then set SIGNUPS_ALLOWED: "false" and docker compose up -d again to lock down registrations.
Step 3 — HTTPS (required)
A password manager must be served over HTTPS. Put Nginx Proxy Manager in front, map vault.yourdomain.com → the Vaultwarden container, and issue a Let’s Encrypt cert: Nginx Proxy Manager setup.
Step 4 — Connect the apps
In the Bitwarden browser extension or mobile app, set the self-hosted server URL to https://vault.yourdomain.com before logging in. Everything else works exactly like Bitwarden.
Back it up. Snapshot the
vw-datafolder regularly (off-server). A password vault you can’t restore is a liability.
Which VPS to run it on
Vaultwarden is the rare service where the cheapest box is fine. A small Hetzner or Vultr instance does the job; if you’d rather not manage the server, Cloudways is the hands-off route. See Best VPS for Self-Hosting.
