← Back to Home ☕ Buy Me a Coffee

Vaultwarden on Ugreen NAS

Vaultwarden is a lightweight, self‑hosted password manager server that’s fully compatible with all Bitwarden clients. It’s written in Rust, designed to run efficiently on minimal hardware, and gives you complete control over your data without relying on Bitwarden’s official cloud service.

⚙️ Key Features

NOTE:

This guide uses caddy along with vaultwarden so that you can access vaultwarden using HTTPS. Since vaultwarden is storing passwords, HTTPS is recommended. Also, I just couldn't get vultwarden to work without using caddy so, if you've figured out how, let me know

🚀 Docker Installation Steps

I have two NVME SSDs installed in my DXP2800, mirrored, that I use to hold apps and docker containers. It's configured as /volume2. All of my docker containers are run from /volume2/docker

  1. In the Ugreen NAS app, open the App Center
  2. Search for "Docker"
  3. Install Docker

📁 Setup Vaultwarden

 mkdir /volume2/docker/vaultwarden

🧾 Docker Compose File

In /volume2/docker/vaultwarden create docker-compose.yml

services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: unless-stopped
    environment:
      - SIGNUPS_ALLOWED=true
      - DOMAIN=https://vaultwarden.local 
      - WEBSOCKET_ENABLED=true
    volumes:
      - ./vw-data:/data
    expose:
      - "80"  # internal only
    networks:
      - vaultwarden_net

  caddy:
    image: caddy:latest
    container_name: caddy
    restart: unless-stopped
    ports:
      - "8080:80"    # HTTP exposed on alternate port
      - "8443:443"   # HTTPS exposed on alternate port
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - ./caddy-data:/data
      - ./caddy-config:/config
    networks:
      - vaultwarden_net

networks:
  vaultwarden_net:
    driver: bridge

🧾 Create the Caddyfile

In /volume2/docker/vaultwarden create Caddyfile

vaultwarden.local {
    reverse_proxy vaultwarden:80

    header {
        Access-Control-Allow-Origin "*"
        Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
        Access-Control-Allow-Headers "Authorization, Content-Type"
    }

    tls internal
}

Add a line in /etc/hosts (C:\Windows\System32\drivers\etc\hosts on Windows) for vaultwarden.local (or whatever you used for "DOMAIN" in the docker-compose.yml file) on every host that you want to access Vaultwarden from.

EXAMPLE:
192.168.xx.xx              vaultwarden.local

▶️ Start Vaultwarden

From within /volume2/docker/vaultwarden run:

docker compose up -d

📜 View Logs

View logs for vaultwarden

docker logs vaultwarden docker logs caddy

🌐 Access Web Interface

Open your browser and go to vaultwarden.local:8443

This should open an HTTPS connection to your Vaultwarden container.

You can add the Bitwarden extension to your browser and configure it to use your instance of Vaultwarden.

You can export your Passwords in Chrome, Firefox, Safari, etc. and import them into Vaultwarden. Here's how to do it for Chrome:

Step 1: Export from Chrome

  1. Go here chrome://password-manager/settings
  2. Select Download file next to Export passwords
  3. Save the file as passwords.csv

Step 2: Import into Vaultwarden

  1. Browse to vaultwarden.local:8443 and log in.
  2. Click on Tools
  3. Click on Import data
  4. Under Data select Chrome (csv) from the File Format dropdown
  5. Click on Choose File and select passwords.csv
  6. Click on Import data

If you find my content useful, please consider supporting this page:

☕ Buy Me a Coffee