Vaultwarden is an unofficial Bitwarden server implementation written in Rust. Vaultwarden is compatible with the official Bitwarden clients, and is ideal for self-hosted deployments where running the official resource-heavy service is undesirable. Note: If you want to Install the official Bitwarden, check out my new article on How to Install Bitwarden on Your UGREEN NAS. In this step by step guide I will show you how to install Vaultwarden on your UGREEN NAS using Docker & Portainer.

💡Note: This guide works perfectly with the latest version of Vaultwarden 1.35.4

💡Note: Check out my guide on how to Install Vaultwarden on Your Synology NAS.

• STEP 1

Please Support My work by Making a Donation.

• STEP 2

Install Portainer using my step by step guide. If you already have Portainer installed on your UGREEN NAS, skip this STEP. Attention: Make sure you have installed the latest Portainer version.

• STEP 3

⚠️Mandatory: Enable HTTPS on your UGREEN NAS.

• STEP 4

Create a new hostname on the noip website using your noip account. For example, I have created mariusvault as Host and I use the free ddns.net domain. In the IP Address area, type in your own IPV4 IP address from your ISP, then click Create. Follow the instructions in the image below.

• STEP 5

⚠️Mandatory: Add Read & Write Permissions to the Docker Folder.

• STEP 6

Go to Files and open the docker folder. Inside the docker folder, create one new folder and name it prestashop. Follow the instructions in the image below.
Note: Be careful to enter only lowercase, not uppercase letters.

• STEP 7

Now create two new folders inside the vaultwarden folder that you have previously created at STEP 6 and name them data and db. Follow the instructions in the image below.
Note: Be careful to enter only lowercase, not uppercase letters.

• STEP 8

Follow my step by step guide on how to activate SMTP for your Gmail account. This step is mandatory. Note: If you don’t want to use the easiest way for SMTP with Google and you already have SMTP details from your own Mail Server, you can just skip this STEP and use your personalized email SMTP details instead.

• STEP 9

Log into Portainer using your username and password. On the left sidebar in Portainer, click on Home then Live connect. Follow the instructions in the image below.

On the left sidebar in Portainer, click on Stacks then + Add stack. Follow the instructions in the image below.

• STEP 10

In the Name field type in vaultwarden. Follow the instructions in the image below.

Note: Copy Paste the code below in the Portainer Stacks Web editor.

services:
  db:
    image: postgres:18
    container_name: Vaultwarden-DB
    hostname: vaultwarden-db
    user: 999:10
    security_opt:
      - no-new-privileges:true
    healthcheck:
      test: ["CMD", "pg_isready", "-q", "-d", "vaultwarden", "-U", "vaultwardenuser"]
      timeout: 45s
      interval: 10s
      retries: 10
    volumes:
      - /volume1/docker/vaultwarden/db:/var/lib/postgresql:rw
    environment:
      POSTGRES_DB: vaultwarden
      POSTGRES_USER: vaultwardenuser
      POSTGRES_PASSWORD: vaultwardenpass
    restart: on-failure:5

  vaultwarden:
    image: vaultwarden/server:latest
    container_name: Vaultwarden
    hostname: vaultwarden
    security_opt:
      - no-new-privileges:true
    user: 999:10
    ports:
      - 4080:4020
    volumes:
      - /volume1/docker/vaultwarden/data:/data:rw
    environment:
      ROCKET_PORT: 4020
      DATABASE_URL: postgresql://vaultwardenuser:vaultwardenpass@vaultwarden-db:5432/vaultwarden
      ADMIN_TOKEN: dOxZYTTZgXKMHkqLBIQVImayQXAVWdzGBPuFJKggzcgvgPJPXpWzqzKaUOIOGGIr
      DISABLE_ADMIN_TOKEN: false
      DOMAIN: https://mariusvault.ddns.net
      SMTP_HOST: smtp.gmail.com
      SMTP_FROM: Your-own-gmail-address
      SMTP_PORT: 587
      SMTP_SECURITY: starttls
      SMTP_USERNAME: Your-own-gmail-address
      SMTP_PASSWORD: Your-own-app-password
    restart: on-failure:5
    depends_on:
      db:
        condition: service_started

Note: Before you paste the code above in the Web editor area below, change the value numbers for user with your own UID and GID values. (Follow my step by step guide on houidw to do this.) 999 is my personal UID value and 10 is my personal GID value. You have to type in your own values.
Note: Before you paste the code above in the Web editor area below, change the value for ADMIN_TOKEN. (Generate your own Random 64 length ADMIN_TOKEN.)
Note: Before you paste the code above in the Web editor area below, change the value for DOMAIN and type in your own NO IP DDNS with https:// at the beginning that you have previously created at STEP 4.
Note: Before you paste the code above in the Web editor area below, change the value for SMTP_FROM and type in your own Gmail address. STEP 8.
Note: Before you paste the code above in the Web editor area below, change the value for SMTP_USERNAME and type in your own Gmail address. STEP 8.
Note: Before you paste the code above in the Web editor area below, change the value for SMTP_PASSWORD and type in your own Gmail app password. STEP 8. ⚠️Warning: Do NOT confuse with your own Gmail password. This is the Gmail APP password.

• STEP 11

Scroll down on the page until you see a button named Deploy the stack. Click on it. Follow the instructions in the image below. The installation process can take up to a few minutes. It will depend on your Internet speed connection.

• STEP 12

If everything goes right, you will see the following message at the top right of your screen: “Success Stack successfully deployed“.

• STEP 13

Open your Nginx Proxy Manager container that you have previously installed at STEP 3. Click Add Proxy Host. A new pop up window will open. Add the following details:

Domain Names: Type in your own noip domain name that you have previously created at STEP 4.
Scheme: http
Forward Hostname/IP: Type in the local NAS IP of your UGREEN NAS.
Forward Port: Type in the Vaultwarden local Port that is 4080
Check Block Common Exploits
Check Websockets Support
Click the SSL tab. Follow the instructions in the image below.

• STEP 14

After you click the SSL tab, add the following details:

SSL Certificate: Request a new SSL Certificate
Check: Force SSL
Check: HSTS Enabled
Check: HTTP/2 Support
Click Save. Follow the instructions in the image below.

• STEP 15

In the Proxy Hosts area, if everything goes right, you will see that your hostname has been generated. Click on it. Follow the instructions in the image below.

• STEP 16

🟢Please Support My work by Making a Donation. Almost 99,9% of the people that install something using my guides forget to support my work, or just ignore STEP 1. I’ve been very honest about this aspect of my work since the beginning: I don’t run any ADS, I don’t require subscriptions, paid or otherwise, I don’t collect IPs, emails, and I don’t have any referral links from Amazon or other merchants. I also don’t have any POP-UPs or COOKIES. I have repeatedly been told over the years how much I have contributed to the community. It’s something I love doing and have been honest about my passion since the beginning. But I also Need The Community to Support me Back to be able to continue doing this work.

• STEP 17

Now open your browser and type in your HTTPS/SSL certificate like this https://yourownhostname.ddns.net In my case it’s https://mariusvault.ddns.net If everything goes right, you will see the Vaultwarden homepage. Click Create account. Follow the instructions in the image below.

• STEP 18

Type in your own Email Address and Name, then click Continue. Follow the instructions in the image below.

• STEP 19

Type in your own Master password. Click Create account. Follow the instructions in the image below.

• STEP 20

Get the extension or Add it later. Follow the instructions in the image below.

• STEP 21

Get the extension or Skip to web app. Follow the instructions in the image below.

• STEP 22

Once you are in your Vaults, click Send email to get a verification email. Follow the instructions in the image below.

• STEP 23

Open your email then check the email that was automatically sent to you. Click on Verify Email Address Now. Follow the instructions in the image below.

• STEP 24

Once the account email is verified, type in your own Email address that you have previously added at STEP 18. Click Continue. Follow the instructions in the image below.

• STEP 25

Type in your own Master password that you have previously added at STEP 19. Click Log in with master password. Follow the instructions in the image below.

• STEP 26

Your Vaultwarden dashboard at a glance!

• STEP 27

On the left sidebar, click Settings, then Preferences. Change the theme to Dark, then click Save. Follow the instructions in the image below.

• STEP 28

Now open your browser and connect to your own synology.me DDNS address, for example https://mariusvault.ddns/admin You will be asked for an Authentication key. Copy paste your own ADMIN_TOKEN that you have previously created at STEP 10 then click Enter. Follow the instructions in the image below.

• STEP 29

Click General settings. Follow the instructions in the image below.

• STEP 30

To disable user registration, Uncheck Allow new signups. Click Save to save the settings. Follow the instructions in the image below.

• STEP 31

You can now invite your friends/family to your Vaultwarden vault.

• STEP 32

Starting with Vaultwarden version 1.28.0, you must have noticed that, when you log in to your Vaultwarden admin page, you get the following error message: You are using a plain text ‘ADMIN_TOKEN’ which is insecure. Please generate a secure Argon2 PHC string by using ‘vaultwarden hash’ or ‘argon2’. Go to the next STEP.

• STEP 33

On the left sidebar in Portainer, click Containers. Identify your Vaultwarden instance, then click on the little terminal icon. Follow the instructions in the image below.

• STEP 34

After you click on the little terminal icon at STEP 33, a new page will open. Click Connect. Follow the instructions in the image below.

• STEP 35

After you click Connect at STEP 34, a Console will open. Copy Paste the code below then press Enter on your keyboard.

/vaultwarden hash

• STEP 36

You will be prompted to enter a Password. Type in a password longer than 8 characters then press Enter on your keyboard. ⚠️Warning: Write down this password and save it because you will need it later. Follow the instructions in the image below.

• STEP 37

Confirm the password then press Enter on your keyboard. Follow the instructions in the image below.

• STEP 38

Copy your token without the ‘ at the beginning and without the ‘ at the end. ⚠️Warning: Save this long token somewhere because you will need it later at STEP 41 and in the future when accessing the admin page.

• STEP 39

Now open your browser and connect to your own synology.me DDNS address, for example https://mariusvault.ddns.net/admin You will be asked for an Authentication key. Copy paste your own ADMIN_TOKEN that you have previously created at STEP 10 then click Enter. Follow the instructions in the image below. ⚠️Warning: Paste the token that you have previously created at STEP 10, NOT the token at STEP 38.

• STEP 40

Once you are logged in, click General settings. Follow the instructions in the image below.

• STEP 41

Scroll down the page until you find the Admin page token. In the field, paste your new token that you have previously generated at STEP 38, then click Save. Follow the instructions in the image below.

• STEP 42

That’s it! The error message notice you were getting is gone. ⚠️Warning: Keep in mind that, when you log in to your Vaultwarden admin page, from now on, you will need to use the password that you have inserted at STEP 38.

Enjoy Vaultwarden on Your UGREEN NAS!

🆘TROUBLESHOOTING

🆙Note/Update/Container: How to Update Your Docker Containers on UGREEN NAS Using Portainer.
🐳Note: How to Create Docker Shortcuts on Desktop.
🆕Note: How to Update Portainer to the latest version.
🆕Note: How to Clean Docker.