My previous guide for Vaultwarden involved the use of Task Scheduler, but today I’m offering a recommended and excellent alternative for installing Vaultwarden via Portainer. Vaultwarden is an unofficial Bitwarden server implementation written in Rust. Vaultwarden is compatible with the official Bitwarden clients, and is ideal for self-hosted deployments where running the official resource-heavy service is undesirable. Note: If you want to Install the official Bitwarden, check out my new article on How to Install Bitwarden on Your Synology NAS. In this step by step guide I will show you how to install Vaultwarden on your Synology NAS using Docker & Portainer.

Note: This guide works perfectly with the latest version of Vaultwarden 1.28.1

• STEP 1

Please Support My work by Making a Donation.

• STEP 2

Install Portainer using my step by step guide. If you already have Portainer installed on your Synology NAS, skip this STEP. Attention: Make sure you have installed the latest Portainer version.

• STEP 3

Make sure you have a synology.me Wildcard Certificate. Follow my guide to get a Wildcard Certificate. If you already have a synology.me Wildcard certificate, skip this STEP.

• STEP 4

Go to Control Panel / Login Portal / Advanced Tab / click Reverse Proxy. Follow the instructions in the image below.

• STEP 5

Now click the “Create” button. Follow the instructions in the image below.

• STEP 6

After you click the Create button, the window below will open. Follow the instructions in the image below.

On the General area, set the Reverse Proxy Name description: type in Vaultwarden. After that, add the following instructions:

Source:
Protocol: HTTPS
Hostname: vaultwarden.yourname.synology.me
Port: 443

Check Enable HSTS

Destination:
Protocol: HTTP
Hostname: localhost
Port: 4080

• STEP 7

On the Reverse Proxy Rules click the Custom Header tab. Click Create and then, from the drop-down menu, click WebSocket. After you click on WebSocket, two Header Names and two Values will be automatically added. Click Save. Follow the instructions in the image below.

• STEP 8

Go to Control Panel / Network / Connectivity tab/ Check Enable HTTP/2 then click Apply. Follow the instructions in the image below.

• STEP 9

Go to Control Panel / Security / Advanced tab/ Check Enable HTTP Compression then click Apply. Follow the instructions in the image below.

• STEP 10

Go to File Station and open the docker folder. Inside the docker folder, create one new folder and name it vaultwarden. Follow the instructions in the image below.
Note: Be careful to enter only lowercase, not uppercase letters.

• STEP 11

Now create two new folders inside the vaultwarden folder that you created at STEP 10 and name them data and db. Follow the instructions in the image below.
Note: Be careful to enter only lowercase, not uppercase letters.

• STEP 12

Follow my step by step guide on how to activate SMTP for your Gmail account. This step is mandatory. Note: If you don’t want to use the easiest way for SMTP with Google and you already have SMTP details from your own Mail Server, you can just skip this STEP and use your personalized email SMTP details instead.

• STEP 13

Log into Portainer using your username and password. On the left sidebar in Portainer, click on Stacks then + Add stack. Follow the instructions in the image below.

• STEP 14

In the Name field type in vaultwarden. Follow the instructions in the image below.

Note: Copy Paste the code below in the Portainer Stacks Web editor.

version: "3.9"
services:
  db:
    image: postgres
    container_name: Vaultwarden-DB
    hostname: vaultwarden-db
    mem_limit: 512m
    cpu_shares: 768
    security_opt:
      - no-new-privileges:true
    user: 1026:100
    healthcheck:
      test: ["CMD", "pg_isready", "-q", "-d", "vaultwarden", "-U", "vaultwardenuser"]
      timeout: 45s
      interval: 10s
      retries: 10
    volumes:
      - /volume1/docker/vaultwarden/db:/var/lib/postgresql/data:rw
    environment:
      POSTGRES_DB: vaultwarden
      POSTGRES_USER: vaultwardenuser
      POSTGRES_PASSWORD: vaultwardenpass
    restart: on-failure:5

  vaultwarden:
    image: vaultwarden/server:latest
    container_name: Vaultwarden
    hostname: vaultwarden
    mem_limit: 256m
    mem_reservation: 96m
    cpu_shares: 1024
    security_opt:
      - no-new-privileges:true
    user: 1026:100
    ports:
      - 4080:4020
    volumes:
      - /volume1/docker/vaultwarden/data:/data:rw
    environment:
      ROCKET_PORT: 4020
      DATABASE_URL: postgresql://vaultwardenuser:vaultwardenpass@vaultwarden-db:5432/vaultwarden
      ADMIN_TOKEN: MariushostingMariushostingMari13
      DISABLE_ADMIN_TOKEN: false
      DOMAIN: https://vaultwarden.yourname.synology.me
      SMTP_HOST: smtp.gmail.com
      SMTP_FROM: Your-own-gmail-address
      SMTP_PORT: 587
      SMTP_SECURITY: starttls
      SMTP_USERNAME: Your-own-gmail-address
      SMTP_PASSWORD: Your-own-app-password
    restart: on-failure:5
    depends_on:
      db:
        condition: service_started

Note: Before you paste the code above in the Web editor area below, change the value numbers for user with your own UID and GID values. (Follow my step by step guide on how to do this.) 1026 is my personal UID value and 100 is my personal GID value. You have to type in your own values.
Note: Before you paste the code above in the Web editor area below, change the value for ADMIN_TOKEN and add your own ADMIN TOKEN. MariushostingMariushostingMari13 is an example for an ADMIN TOKEN. You should invent your own Value. Add 32 random characters, both letters and numbers.
Note: Before you paste the code above in the Web editor area below, change the value for DOMAIN and type in your own synology.me DDNS with https:// at the beginning that you have previously created at STEP 6.
Note: Before you paste the code above in the Web editor area below, change the value for SMTP_FROM and type in your own Gmail address. STEP 12.
Note: Before you paste the code above in the Web editor area below, change the value for SMTP_USERNAME and type in your own Gmail address. STEP 12.
Note: Before you paste the code above in the Web editor area below, change the value for SMTP_PASSWORD and type in your own Gmail app password. STEP 12.

• STEP 15

Scroll down on the page until you see a button named Deploy the stack. Click on it. Follow the instructions in the image below. The installation process can take up to a few minutes. It will depend on your Internet speed connection.

• STEP 16

If everything goes right, you will see the following message at the top right of your screen: “Success Stack successfully deployed“.

• STEP 17

Go back to STEP 1 or you will deal with karma 🙂.

• STEP 18

Now open your browser and type in your HTTPS/SSL certificate like this https://vaultwarden.yourname.synology.me In my case it’s https://vaultwarden.mariushosting.synology.me If everything goes right, you will see the Vaultwarden homepage. Click Create account. Follow the instructions in the image below.

• STEP 19

Type in your own Email, Name and Password, then click Create Account. Follow the instructions in the image below.

• STEP 20

Your account is created! Type in your own Email that you have previously added at STEP 19 then click Continue. Follow the instructions in the image below.

• STEP 21

Your account is created! Type in your own Master password that you have previously created at STEP 19 then click Log in with master password. Follow the instructions in the image below.

• STEP 22

Once you are in your Vaults, click Send email to get a verification email. Follow the instructions in the image below.

• STEP 23

Open your email then check the email that was automatically sent to you. Click on Verify Email Address Now. Follow the instructions in the image below.

• STEP 24

Your email is now verified! Type in your own Master password that you have previously created at STEP 19 then click Log in with master password. Your Vaultwarden dashboard at a glance!

• STEP 25

Now open your browser and connect to your own synology.me DDNS address, for example https://vaultwarden.yourname.synology.me/admin You will be asked for an Authentication key. Copy paste your own ADMIN_TOKEN that you have previously created at STEP 14 then click Enter. Follow the instructions in the image below.

• STEP 26

Click General settings. Follow the instructions in the image below.

• STEP 27

To disable user registration, uncheck Allow new signups. Click Save to save the settings.

• STEP 28

You can now invite your friends/family to your Vaultwarden vault.

• STEP 29

Starting with Vaultwarden version 1.28.0, you must have noticed that, when you log in to your Vaultwarden admin page, you get the following error message: You are using a plain text ‘ADMIN_TOKEN’ which is insecure. Please generate a secure Argon2 PHC string by using ‘vaultwarden hash’ or ‘argon2’. Go to the next STEP.

• STEP 30

On the left sidebar in Portainer, click Containers. Identify your Vaultwarden instance, then click on the little terminal icon. Follow the instructions in the image below.

• STEP 31

After you click on the little terminal icon at STEP 30, a new page will open. Click Connect. Follow the instructions in the image below.

• STEP 32

After you click Connect at STEP 31, a Console will open. Copy Paste the code below then press Enter on your keyboard.

/vaultwarden hash

• STEP 33

You will be prompted to enter a Password. Type in a password longer than 8 characters then press Enter on your keyboard. ⚠️Warning: Right down this password and save it because you will need it later. Follow the instructions in the image below.

• STEP 34

Confirm the password then press Enter on your keyboard. Follow the instructions in the image below.

• STEP 35

Copy your token without the ‘ at the beginning and without the ‘ at the end. Save it somewhere because you will need it later at STEP 38.

• STEP 36

Now open your browser and connect to your own synology.me DDNS address, for example https://vaultwarden.yourname.synology.me/admin You will be asked for an Authentication key. Copy paste your own ADMIN_TOKEN that you have previously created at STEP 14 then click Enter. Follow the instructions in the image below. ⚠️Warning: Paste the token that you have created at STEP 14, NOT the token at STEP 35.

• STEP 37

Once you are logged in, click General settings. Follow the instructions in the image below.

• STEP 38

Scroll down the page until you find the Admin page token. In the field, paste your new token that you have previously generated at STEP 35, then click Save. Follow the instructions in the image below.

• STEP 39

After you click Save, you will get a small pop up window saying “Config saved correctly”. Click OK. Follow the instructions in the image below.

• STEP 40

That’s it! The error message notice you were getting is gone. ⚠️Warning: Keep in mind that, when you log in to your Vaultwarden admin page, you need to use the password that you have inserted at STEP 33.

Enjoy Vaultwarden!

Note: Can I run Docker on my Synology NAS? See the supported models.
Note: Find out how to update the Vaultwarden container with the latest image.
Note: How to Free Disk Space on Your NAS if You Run Docker.
Note: How to Schedule Start & Stop For Docker Containers.
Note: How to Activate Email Notifications.
Note: How to Add Access Control Profile on Your NAS.
Note: How to Change Docker Containers Restart Policy.
Note: How to Use Docker Containers With VPN.
Note: Convert Docker Run Into Docker Compose.
Note: How to Clean Docker.
Note: How to Clean Docker Automatically.
Note: Best Practices When Using Docker and DDNS.
Note: Some Docker Containers Need WebSocket.
Note: Find out the Best NAS Models For Docker.
Note: Activate Gmail SMTP For Docker Containers.

This post was updated on Monday / May 29th, 2023 at 11:26 PM