Bitwarden-Lite

Bitwarden-Lite

Docker app from mimartin12's Repository

Overview

Unofficial Unraid template for the official Bitwarden Lite self-hosted password manager image.

Unraid Bitwarden Lite Template

This repository contains an unofficial Unraid Docker template for the official Bitwarden Lite self-hosted deployment.

This template is not supported, endorsed, or maintained by Bitwarden. It only wraps the official Bitwarden Lite container image for deployment on Unraid.

Template

  • bitwarden-lite.xml

Defaults

  • Image: ghcr.io/bitwarden/lite:latest
  • Network: bridge
  • Web UI: https://[IP]:[PORT:8443]/
  • Data path: /mnt/user/appdata/bitwarden-lite mounted to /etc/bitwarden
  • Logs path: /mnt/user/appdata/bitwarden-lite/logs mounted to /var/log/bitwarden
  • Database provider: sqlite
  • SSL: enabled by default

Required setup

Before starting the container, set these template fields:

SQLite is the default database. To use MariaDB, MySQL, PostgreSQL, or MSSQL, change BW_DB_PROVIDER and fill in the advanced external database fields. Find more details on configuration by visiting the offical docs.

Sources

Install Bitwarden-Lite on Unraid in a few clicks.

Find Bitwarden-Lite in Community Apps on your Unraid server, review the template, and click Install. Unraid handles the Docker app or plugin setup from the published template.

Open the Apps tab on your Unraid server Search Community Apps for Bitwarden-Lite Review the template variables and paths Click Install

Related apps

Explore more like this

Explore all

Details

Repository
ghcr.io/bitwarden/lite:latest
Last Updated2026-07-06
First Seen2026-06-01

Runtime arguments

Web UI
https://[IP]:[PORT:8443]/
Network
bridge
Shell
sh
Privileged
false

Template configuration

HTTPS Web UI PortPorttcp

Container HTTPS port used by the Unraid WebUI button. Required when BW_ENABLE_SSL is true.

Target
8443
Default
8443
Value
8443
HTTP PortPorttcp

Container HTTP port. Use only if SSL is disabled or when proxying internally.

Target
8080
Default
8080
Value
8080
Bitwarden DataPathrw

Persistent Bitwarden Lite data, generated files, certificates, and the default SQLite vault.db.

Target
/etc/bitwarden
Default
/mnt/user/appdata/bitwarden-lite
Value
/mnt/user/appdata/bitwarden-lite
Bitwarden LogsPathrw

Persistent Bitwarden Lite service logs.

Target
/var/log/bitwarden
Default
/mnt/user/appdata/bitwarden-lite/logs
Value
/mnt/user/appdata/bitwarden-lite/logs
DomainVariable

Hostname or IP address where Bitwarden will be accessed, without a scheme or trailing slash. For local testing, this can be your Unraid server IP.

Target
BW_DOMAIN
Default
bitwarden.example.com
Value
bitwarden.example.com
Installation IDVariable

Installation ID from https://bitwarden.com/host/.

Target
BW_INSTALLATION_ID
Installation KeyVariable

Installation key from https://bitwarden.com/host/.

Target
BW_INSTALLATION_KEY
Database ProviderVariable

Database provider. Default sqlite creates vault.db under /etc/bitwarden. Other valid values include mysql, mariadb, postgresql, and sqlserver.

Target
BW_DB_PROVIDER
Default
sqlite
Value
sqlite
SQLite FileVariable

SQLite database file path inside the container. The default stores vault.db in the persistent /etc/bitwarden appdata mount.

Target
BW_DB_FILE
Default
/etc/bitwarden/vault.db
Value
/etc/bitwarden/vault.db
PUIDVariable

Container user ID. Unraid default is nobody.

Default
99
Value
99
PGIDVariable

Container group ID. Unraid default is users.

Default
100
Value
100
Enable IPv6Variable

Enable IPv6 support in the Bitwarden Lite web server.

Target
BW_ENABLE_IPV6
Default
false
Value
false
External DB ServerVariable

External database hostname or IP. Required for mysql, mariadb, postgresql, or sqlserver.

Target
BW_DB_SERVER
External DB PortVariable

Optional custom database port. Leave blank to use the default for the selected database provider.

Target
BW_DB_PORT
External DB NameVariable

External database name. Required for mysql, mariadb, postgresql, or sqlserver.

Target
BW_DB_DATABASE
External DB UsernameVariable

External database username. Required for mysql, mariadb, postgresql, or sqlserver.

Target
BW_DB_USERNAME
External DB PasswordVariable

External database password. Required for mysql, mariadb, postgresql, or sqlserver.

Target
BW_DB_PASSWORD
Enable SSLVariable

Set true for Bitwarden Lite to terminate HTTPS itself. If using a reverse proxy for HTTPS, set false.

Target
BW_ENABLE_SSL
Default
true
Value
true
SSL CertificateVariable

SSL certificate filename under /etc/bitwarden when BW_ENABLE_SSL is true.

Target
BW_SSL_CERT
Default
ssl.crt
Value
ssl.crt
SSL KeyVariable

SSL private key filename under /etc/bitwarden when BW_ENABLE_SSL is true.

Target
BW_SSL_KEY
Default
ssl.key
Value
ssl.key
Enable SSL CAVariable

Use SSL with a certificate authority-backed service.

Target
BW_ENABLE_SSL_CA
Default
false
Value
false
SSL CA CertificateVariable

SSL CA certificate filename under /etc/bitwarden when BW_ENABLE_SSL_CA is true.

Target
BW_SSL_CA_CERT
Default
ca.crt
Value
ca.crt
Enable SSL DHVariable

Use SSL with Diffie-Hellman parameters.

Target
BW_ENABLE_SSL_DH
Default
false
Value
false
SSL DH ParametersVariable

Diffie-Hellman parameters filename under /etc/bitwarden when BW_ENABLE_SSL_DH is true.

Target
BW_SSL_DH_CERT
Default
dh.pem
Value
dh.pem
SSL ProtocolsVariable

Optional NGINX SSL protocols override. Leave blank for Bitwarden recommended defaults.

Target
BW_SSL_PROTOCOLS
SSL CiphersVariable

Optional NGINX SSL ciphers override. Leave blank for Bitwarden recommended defaults.

Target
BW_SSL_CIPHERS
HTTP Port VariableVariable

Internal HTTP listener port used by Bitwarden Lite. Keep in sync with the container port mapping target.

Target
BW_PORT_HTTP
Default
8080
Value
8080
HTTPS Port VariableVariable

Internal HTTPS listener port used by Bitwarden Lite when SSL is enabled. Keep in sync with the container port mapping target.

Target
BW_PORT_HTTPS
Default
8443
Value
8443
Enable Admin ServiceVariable

Enable the admin service. Bitwarden docs say not to disable this service.

Target
BW_ENABLE_ADMIN
Default
true
Value
true
Enable API ServiceVariable

Enable the API service. Bitwarden docs say not to disable this service.

Target
BW_ENABLE_API
Default
true
Value
true
Enable Identity ServiceVariable

Enable the identity service. Bitwarden docs say not to disable this service.

Target
BW_ENABLE_IDENTITY
Default
true
Value
true
Enable Icons ServiceVariable

Enable the website icon service for vault item URIs.

Target
BW_ENABLE_ICONS
Default
true
Value
true
Enable Notifications ServiceVariable

Enable push notifications, login with device, mobile vault sync notifications, and related notification features.

Target
BW_ENABLE_NOTIFICATIONS
Default
true
Value
true
Enable Events ServiceVariable

Enable Bitwarden event logs for teams and enterprise event monitoring.

Target
BW_ENABLE_EVENTS
Default
false
Value
false
Enable SCIM ServiceVariable

Enable SCIM for Enterprise organizations.

Target
BW_ENABLE_SCIM
Default
false
Value
false
Enable SSO ServiceVariable

Enable SSO services for Enterprise organizations.

Target
BW_ENABLE_SSO
Default
false
Value
false
Proxy Icons To CloudVariable

Proxy icon requests to Bitwarden cloud to reduce local memory use. Bitwarden recommends setting BW_ENABLE_ICONS=false when this is true.

Target
BW_ICONS_PROXY_TO_CLOUD
Default
false
Value
false
SMTP Reply-To EmailVariable

Reply-to email address used by this Bitwarden server.

Target
globalSettings__mail__replyToEmail
SMTP HostVariable

SMTP server hostname.

Target
globalSettings__mail__smtp__host
SMTP PortVariable

SMTP server port.

Target
globalSettings__mail__smtp__port
Default
587
Value
587
SMTP SSLVariable

Set true for SMTP over SSL. Set false for TLS.

Target
globalSettings__mail__smtp__ssl
Default
false
Value
false
SMTP UsernameVariable

SMTP username.

Target
globalSettings__mail__smtp__username
SMTP PasswordVariable

SMTP password. Bitwarden notes that dollar signs are not supported in SMTP passwords.

Target
globalSettings__mail__smtp__password
Yubico Client IDVariable

Yubico Web Services client ID.

Target
globalSettings__yubico__clientId
Yubico Secret KeyVariable

Yubico Web Services secret key.

Target
globalSettings__yubico__key
Admin Portal EmailsVariable

Comma-separated email addresses allowed to access the Bitwarden system administrator portal.

Target
adminSettings__admins
Disable User RegistrationVariable

Set true after creating your initial account to prevent open public registration.

Target
globalSettings__disableUserRegistration
Default
false
Value
false
HIBP API KeyVariable

Have I Been Pwned API key for breach reports and master password checks.

Target
globalSettings__hibpApiKey
Real IPsVariable

Comma-separated trusted proxy IPs for NGINX real client IP handling.

Target
BW_REAL_IPS
Content Security PolicyVariable

Optional Content-Security-Policy override. Changing this can break Bitwarden features.

Target
BW_CSP