How to Deploy Bitwarden Server with Docker Compose on Linux in 2025

Bitwarden's self-hosted server infrastructure provides a complete password management solution you can run on your own infrastructure. Unlike relying on cloud-hosted versions, deploying Bitwarden server locally gives you full control over your cryptographic data and authentication flows.

If you're an intermediate developer looking to host Bitwarden's API, database, and core services locally on Linux, this guide covers the complete deployment process using Docker Compose.

Prerequisites and System Requirements

Before starting, ensure you have the following installed on your Linux machine:

• Docker: The containerization runtime for running Bitwarden microservices
• Docker Compose: Orchestration tool for managing multi-container deployments
• curl or wget: For downloading the installation script
• Sudo access: Required for Docker daemon operations and system-level configurations
• Minimum 2GB RAM and 10GB disk space for production-grade deployments

Most modern Docker installations include Docker Compose by default. Verify both are installed:

docker --version
docker-compose --version

Download and Execute the Bitwarden Installation Script

Bitwarden provides a curated bash script that handles the entire setup process, including pulling the correct Docker images from GitHub Container Registry, configuring networking, and initializing the SQL Server database.

Run the following commands to download and execute the Linux installation script:

curl -s -L -o bitwarden.sh \
    "https://func.bitwarden.com/api/dl/?app=self-host&platform=linux" \
    && chmod +x bitwarden.sh
./bitwarden.sh install

This script performs several critical operations:

• Validates system dependencies including Docker and Docker Compose versions
• Creates directory structure for Docker volumes and persistent storage
• Generates security certificates for HTTPS communication between services
• Configures environment variables for API endpoints, database credentials, and encryption keys
• Pulls official container images from ghcr.io/bitwarden/ registry

Understanding the Bitwarden Server Architecture

The Bitwarden server deployment consists of several interconnected services, each running as a separate Docker container:

Core Services

| Service | Purpose | Technology Stack | |---------|---------|------------------| | API | RESTful endpoints for client applications | ASP.NET Core | | Identity | Authentication and token management | ASP.NET Core | | Admin | Administrative dashboard and organization management | ASP.NET Core | | Billing | Subscription and licensing handling | ASP.NET Core | | Events | Logging and audit trail storage | ASP.NET Core | | EventsProcessor | Asynchronous event processing | ASP.NET Core | | Database | Persistent data storage | SQL Server (T-SQL) | | Nginx | Reverse proxy and load balancing | Nginx |

Each service communicates internally through Docker's bridge network. The entire stack is managed by a single Docker Compose manifest that the installation script generates.

Starting Your Bitwarden Server Instance

Once the installation completes successfully, start all services:

./bitwarden.sh start

This command:

• Starts the SQL Server database container and waits for it to be ready
• Initializes the database schema with Bitwarden's core tables
• Launches all ASP.NET Core microservices in dependency order
• Configures Nginx reverse proxy to route traffic to appropriate backends
• Establishes inter-service networking via Docker's overlay network

Monitor startup progress with:

docker-compose logs -f

Wait for messages indicating all services have started successfully. This typically takes 2-5 minutes on the first run due to database initialization.

Verifying Your Deployment

After services launch, verify everything is working correctly:

# Check running containers
docker-compose ps

# Test API connectivity
curl -k https://localhost/api/health

# View logs for any service
docker-compose logs identity

You should see HTTP 200 responses from the health endpoint, confirming the API is operational.

Essential Configuration for Production

The installation script generates a .env file containing critical configuration. Review and adjust these settings:

# Edit the configuration
vi .env

# Key variables to verify:
# - domain: Your FQDN (e.g., bitwarden.example.com)
# - ssl_certificate_path: Path to valid SSL certificate
# - database_password: Strong SQL Server password
# - installation_id and installation_key: Obtained from bitwarden.com

For production deployments:

1. Configure a valid SSL certificate instead of the self-signed default
2. Set strong database passwords using cryptographically secure generation
3. Enable SMTP configuration for password reset emails
4. Configure backup strategies for the SQL Server database volume
5. Set up log aggregation for audit and troubleshooting

Managing Your Bitwarden Deployment

Common operational tasks:

# Stop all services gracefully
./bitwarden.sh stop

# Restart services after configuration changes
./bitwarden.sh restart

# View container status and resource usage
docker-compose stats

# Backup the SQL Server database
docker exec bitwarden-mssql /opt/mssql-tools/bin/sqlcmd -S localhost \
  -U sa -P "${MSSQL_SA_PASSWORD}" -Q "BACKUP DATABASE [vault] TO DISK = '/var/opt/mssql/backup/vault.bak'"

Troubleshooting Common Issues

Port conflicts: If ports 80/443 are already in use, modify the docker-compose.yml to bind to alternate ports:

services:
  nginx:
    ports:
      - "8443:443"
      - "8080:80"

Database connection timeouts: SQL Server can take 30+ seconds to initialize. Check logs:

docker-compose logs mssql | tail -50

Memory exhaustion: Allocate sufficient Docker resources (minimum 4GB RAM for stable operation).

Next Steps

After successful deployment:

1. Configure your DNS to point to your Bitwarden server's IP address
2. Create an organization and invite team members
3. Deploy Bitwarden clients (browser extensions, mobile apps, desktop)
4. Set up automated database backups using cron jobs
5. Monitor service health and performance using Docker stats and logs

For advanced configurations like Kubernetes deployments or multi-node clustering, refer to the official Bitwarden contributing documentation.