All apps · 0 apps
Bitwarden-Lite
Docker app from mimartin12's Repository
Overview
Readme
View on GitHubUnraid Bitwarden Lite Template
This repository contains an unofficial Unraid Docker template for the official Bitwarden Lite self-hosted deployment.
This template is not supported, endorsed, or maintained by Bitwarden. It only wraps the official Bitwarden Lite container image for deployment on Unraid.
Template
bitwarden-lite.xml
Defaults
- Image:
ghcr.io/bitwarden/lite:latest - Network:
bridge - Web UI:
https://[IP]:[PORT:8443]/ - Data path:
/mnt/user/appdata/bitwarden-litemounted to/etc/bitwarden - Logs path:
/mnt/user/appdata/bitwarden-lite/logsmounted to/var/log/bitwarden - Database provider:
sqlite - SSL: enabled by default
Required setup
Before starting the container, set these template fields:
BW_DOMAIN: the hostname or IP address users will use to reach Bitwarden.BW_INSTALLATION_ID: generated at https://bitwarden.com/host/.BW_INSTALLATION_KEY: generated at https://bitwarden.com/host/.
SQLite is the default database. To use MariaDB, MySQL, PostgreSQL, or MSSQL, change BW_DB_PROVIDER and fill in the advanced external database fields. Find more details on configuration by visiting the offical docs.
Sources
- Bitwarden Lite docs: https://bitwarden.com/help/install-and-deploy-lite/
- Bitwarden self-host repository: https://github.com/bitwarden/self-host/tree/main/bitwarden-lite
- Unraid Community Applications XML docs: https://ca.unraid.net/submit/help/repository-xml
Install Bitwarden-Lite on Unraid in a few clicks.
Find Bitwarden-Lite in Community Apps on your Unraid server, review the template, and click Install. Unraid handles the Docker app or plugin setup from the published template.
Categories
Related apps
Explore more like this
Explore allDetails
ghcr.io/bitwarden/lite:latestRuntime arguments
- Web UI
https://[IP]:[PORT:8443]/- Network
bridge- Shell
sh- Privileged
- false
Template configuration
Container HTTPS port used by the Unraid WebUI button. Required when BW_ENABLE_SSL is true.
- Target
- 8443
- Default
- 8443
- Value
- 8443
Container HTTP port. Use only if SSL is disabled or when proxying internally.
- Target
- 8080
- Default
- 8080
- Value
- 8080
Persistent Bitwarden Lite data, generated files, certificates, and the default SQLite vault.db.
- Target
- /etc/bitwarden
- Default
- /mnt/user/appdata/bitwarden-lite
- Value
- /mnt/user/appdata/bitwarden-lite
Persistent Bitwarden Lite service logs.
- Target
- /var/log/bitwarden
- Default
- /mnt/user/appdata/bitwarden-lite/logs
- Value
- /mnt/user/appdata/bitwarden-lite/logs
Hostname or IP address where Bitwarden will be accessed, without a scheme or trailing slash. For local testing, this can be your Unraid server IP.
- Target
- BW_DOMAIN
- Default
- bitwarden.example.com
- Value
- bitwarden.example.com
Installation ID from https://bitwarden.com/host/.
- Target
- BW_INSTALLATION_ID
Installation key from https://bitwarden.com/host/.
- Target
- BW_INSTALLATION_KEY
Database provider. Default sqlite creates vault.db under /etc/bitwarden. Other valid values include mysql, mariadb, postgresql, and sqlserver.
- Target
- BW_DB_PROVIDER
- Default
- sqlite
- Value
- sqlite
SQLite database file path inside the container. The default stores vault.db in the persistent /etc/bitwarden appdata mount.
- Target
- BW_DB_FILE
- Default
- /etc/bitwarden/vault.db
- Value
- /etc/bitwarden/vault.db
Container user ID. Unraid default is nobody.
- Default
- 99
- Value
- 99
Container group ID. Unraid default is users.
- Default
- 100
- Value
- 100
Enable IPv6 support in the Bitwarden Lite web server.
- Target
- BW_ENABLE_IPV6
- Default
- false
- Value
- false
External database hostname or IP. Required for mysql, mariadb, postgresql, or sqlserver.
- Target
- BW_DB_SERVER
Optional custom database port. Leave blank to use the default for the selected database provider.
- Target
- BW_DB_PORT
External database name. Required for mysql, mariadb, postgresql, or sqlserver.
- Target
- BW_DB_DATABASE
External database username. Required for mysql, mariadb, postgresql, or sqlserver.
- Target
- BW_DB_USERNAME
External database password. Required for mysql, mariadb, postgresql, or sqlserver.
- Target
- BW_DB_PASSWORD
Set true for Bitwarden Lite to terminate HTTPS itself. If using a reverse proxy for HTTPS, set false.
- Target
- BW_ENABLE_SSL
- Default
- true
- Value
- true
SSL certificate filename under /etc/bitwarden when BW_ENABLE_SSL is true.
- Target
- BW_SSL_CERT
- Default
- ssl.crt
- Value
- ssl.crt
SSL private key filename under /etc/bitwarden when BW_ENABLE_SSL is true.
- Target
- BW_SSL_KEY
- Default
- ssl.key
- Value
- ssl.key
Use SSL with a certificate authority-backed service.
- Target
- BW_ENABLE_SSL_CA
- Default
- false
- Value
- false
SSL CA certificate filename under /etc/bitwarden when BW_ENABLE_SSL_CA is true.
- Target
- BW_SSL_CA_CERT
- Default
- ca.crt
- Value
- ca.crt
Use SSL with Diffie-Hellman parameters.
- Target
- BW_ENABLE_SSL_DH
- Default
- false
- Value
- false
Diffie-Hellman parameters filename under /etc/bitwarden when BW_ENABLE_SSL_DH is true.
- Target
- BW_SSL_DH_CERT
- Default
- dh.pem
- Value
- dh.pem
Optional NGINX SSL protocols override. Leave blank for Bitwarden recommended defaults.
- Target
- BW_SSL_PROTOCOLS
Optional NGINX SSL ciphers override. Leave blank for Bitwarden recommended defaults.
- Target
- BW_SSL_CIPHERS
Internal HTTP listener port used by Bitwarden Lite. Keep in sync with the container port mapping target.
- Target
- BW_PORT_HTTP
- Default
- 8080
- Value
- 8080
Internal HTTPS listener port used by Bitwarden Lite when SSL is enabled. Keep in sync with the container port mapping target.
- Target
- BW_PORT_HTTPS
- Default
- 8443
- Value
- 8443
Enable the admin service. Bitwarden docs say not to disable this service.
- Target
- BW_ENABLE_ADMIN
- Default
- true
- Value
- true
Enable the API service. Bitwarden docs say not to disable this service.
- Target
- BW_ENABLE_API
- Default
- true
- Value
- true
Enable the identity service. Bitwarden docs say not to disable this service.
- Target
- BW_ENABLE_IDENTITY
- Default
- true
- Value
- true
Enable the website icon service for vault item URIs.
- Target
- BW_ENABLE_ICONS
- Default
- true
- Value
- true
Enable push notifications, login with device, mobile vault sync notifications, and related notification features.
- Target
- BW_ENABLE_NOTIFICATIONS
- Default
- true
- Value
- true
Enable Bitwarden event logs for teams and enterprise event monitoring.
- Target
- BW_ENABLE_EVENTS
- Default
- false
- Value
- false
Enable SCIM for Enterprise organizations.
- Target
- BW_ENABLE_SCIM
- Default
- false
- Value
- false
Enable SSO services for Enterprise organizations.
- Target
- BW_ENABLE_SSO
- Default
- false
- Value
- false
Proxy icon requests to Bitwarden cloud to reduce local memory use. Bitwarden recommends setting BW_ENABLE_ICONS=false when this is true.
- Target
- BW_ICONS_PROXY_TO_CLOUD
- Default
- false
- Value
- false
Reply-to email address used by this Bitwarden server.
- Target
- globalSettings__mail__replyToEmail
SMTP server hostname.
- Target
- globalSettings__mail__smtp__host
SMTP server port.
- Target
- globalSettings__mail__smtp__port
- Default
- 587
- Value
- 587
Set true for SMTP over SSL. Set false for TLS.
- Target
- globalSettings__mail__smtp__ssl
- Default
- false
- Value
- false
SMTP username.
- Target
- globalSettings__mail__smtp__username
SMTP password. Bitwarden notes that dollar signs are not supported in SMTP passwords.
- Target
- globalSettings__mail__smtp__password
Yubico Web Services client ID.
- Target
- globalSettings__yubico__clientId
Yubico Web Services secret key.
- Target
- globalSettings__yubico__key
Comma-separated email addresses allowed to access the Bitwarden system administrator portal.
- Target
- adminSettings__admins
Set true after creating your initial account to prevent open public registration.
- Target
- globalSettings__disableUserRegistration
- Default
- false
- Value
- false
Have I Been Pwned API key for breach reports and master password checks.
- Target
- globalSettings__hibpApiKey
Comma-separated trusted proxy IPs for NGINX real client IP handling.
- Target
- BW_REAL_IPS
Optional Content-Security-Policy override. Changing this can break Bitwarden features.
- Target
- BW_CSP