Menu
InformatiWeb Pro
  • Index
  • System admin
  • Virtualization

Login

Registration Password lost ?
FR
  • Windows Server
    • WS2012 R2
    • WS2016
  • Citrix
    • Citrix XenApp / XenDesktop
    • Citrix XenServer
  • VMware
    • VMware ESXi
    • VMware vSphere
    • VMware Workstation
  • Microsoft
    • Hyper-V
  • RAID
    • Adaptec SmartRAID
    • Broadcom MegaRAID
  • UPS
    • APC Back-UPS Pro
  • Firewall
    • pfSense
  • NAS
    • Unraid
  • InformatiWeb Pro
  • System admin
  • NAS
  • Install a password manager (Vaultwarden / Bitwarden) on Unraid 6.9.2
  • NAS
  • Unraid
  • 08 July 2026 at 07:44 UTC
  • InformatiWeb
  • 1/6

Install a password manager (Vaultwarden / Bitwarden) on Unraid 6.9.2

On your Unraid server, you have the option to deploy an open-source password manager called Vaultwarden to store your passwords on your own server.
Vaultwarden (formerly bitwarden_rs) is a container that allows you to deploy your own Bitwarden server to maintain control over your password storage.
In addition, you'll also benefit from free applications created by Bitwarden for your computers (Windows, Linux, and Mac), as well as for your web browsers (Firefox, Chrome, Opera, etc.) and your smartphone (Android or iOS).

Important : before you begin, please note that registration on Vaultwarden only works if access is secure (via HTTPS).
This requires a valid certificate. This is possible using the "SWAG" reverse proxy.
However, to be able to use the Android app on your smartphone (which may be at home or away depending on the network used (Wi-Fi or 3G)), it's important that the reverse proxy (SWAG in this case) be accessible locally, as well as from outside the app using the exact same address.
To do this, first follow our tutorial: Unraid 6.9.2 - SWAG - Locally access the reverse proxy (SWAG).

  1. Install Vaultwarden on Unraid
  2. 1st Vaultwarden setup (secure admin password)
  3. HTTPS protocol required for registration on Vaultwarden
  4. Configure your domain name (at OVH)
  5. Use the same virtual network as the reverse proxy (SWAG)
  6. Add configuration for Vaultwarden on reverse proxy (swag)
  7. Add the subdomain for Vaultwarden in the certificate generated via the swag container
  8. Remotely access Vaultwarden via swag reverse proxy
  9. Configure your local DNS server and local access to Vaultwarden
  10. Create an account on your own Vaultwarden server
  11. Vaultwarden reports
  12. Create a new item in your Vaultwarden vault
  13. Block future registrations on your Vaultwarden server
    1. Block future registrations on Vaultwarden via its admin page
    2. Block future registrations on Vaultwarden in container configuration
  14. Install and use the Bitwarden application for Windows with your Vaultwarden server
  15. Download, install and configure Bitwarden extensions to connect to your Vaultwarden server
    1. Download the Bitwarden extension for Mozilla Firefox and connect to Vaultwarden
    2. Download the Bitwarden extension for Google Chrome and connect to Vaultwarden
    3. Download the Bitwarden extension for Opera and connect to Vaultwarden
    4. Download the Bitwarden extension for Microsoft Edge and connect to Vaultwarden
  16. Use the Bitwarden app on your smartphone to connect to your Vaultwarden server (on Android)

1. Install Vaultwarden on Unraid

Before installing Vaultwarden, here's our current setup (which you'll get after following the tutorial above).

As you can see:

  • the Unraid web interface uses port 8080 for HTTP access.
  • the reverse proxy (SWAG) uses ports 80 (HTTP) and 443 (HTTPS).
  • the "pihole" container is the local DNS server used to perform split DNS (returning Unraid's local IP address when you are at home to hide the external (WAN) IP address, which is only visible on the Internet).

Go to the "Apps" tab and search for "vaultwarden".
Then, click "Install".

Choose the "Default" branch.

As with most services you want to access via the reverse proxy (SWAG), you must connect it to the same network as the "swag" container.
Select the same "Custom" network as your "swag" container. In our case, "Custom: iwnetwork".

By default, both (public) registrations and registrations via invitation are allowed:

  • SIGNUPS_ALLOWED : true.
  • INVITATIONS_ALLOWED : true

Specify a password of at least 8 characters to protect the Vaultwarden administration interface in the "ADMIN_TOKEN" field.

Once Vaultwarden has finished downloading and installing, click "Done".

Vaultwarden is installed.

2. 1st Vaultwarden setup (secure admin password)

To get started, in the "Docker" tab, click on the Vaultwarden icon, then on: WebUI.

Enter the admin password (ADMIN_TOKEN) and click Enter.

As you can see, by default, a warning appears at the top of the page (since Vaultwarden version 1.28.0):

Plain Text

You are using a plain text 'ADMIN_TOKEN' which is insecure.
Please generate a secure Argon2 PHC string by using 'vaultwarden hash' or 'argon2'.
See: Enabling admin page - Secure the 'ADMIN_TOKEN'.

On this page, you will arrive at a section "Secure the ADMIN_TOKEN" explaining that the admin password was previously stored in clear text (which is not secure) and that you can now generate a hash of this admin password using "Argon2".

To do this, a little further down, you'll find a section titled "Using vaultwarden hash" with several examples for generating the hash you need.
Each example performs the same thing. The only differences are the syntax and where you can run this command.

For Unraid, choose the command below:

Bash

./vaultwarden hash

In the Unraid web interface, click the Vaultwarden icon, then click: Console.

In the terminal that appears, type the command below.

Bash

./vaultwarden hash

Type the new admin password twice to protect the Vaultwarden administration interface.
Note: you can reuse the same password as before if you wish, as long as it is at least 8 characters long.

Copy the generated value between the apostrophes (' ').

On the "Vaultwarden Admin" page, go to the "General Settings" section.

Paste the previously generated "$argon2id$...xy" value into the "Admin token/Argon2 PHC" box.

At the bottom of the page, click "Save".

The message "Config saved correctly" appears.
Click OK.

The warning at the top of the page has disappeared.

3. HTTPS protocol required for registration on Vaultwarden

If you try to create an account on your Vaultwarden server (using HTTP), you'll notice that it doesn't work.
In fact, this error will appear.

Plain Text

This browser requires HTTPS to use the web vault.

4. Configure your domain name (at OVH)

At your hosting provider, add a DNS A or CNAME record to create a "vaultwarden" subdomain.

If you choose a DNS A record, enter your external (WAN) IPv4 address provided by your ISP.

If you create a CNAME record, specify your root domain (already pointing to your public IP address) used in your reverse proxy configuration (SWAG).

The subdomain "vaultwarden" is created.

Next page

Share this tutorial

Partager
Tweet

To see also

  • Unraid 6.9.2 - Change web interface ports

    NAS 3/25/2026

    Unraid 6.9.2 - Change web interface ports

  • Unraid 6.9.2 - Define a private static IP address

    NAS 12/4/2025

    Unraid 6.9.2 - Define a private static IP address

  • Unraid 6.9.2 - Presentation of Dynamix plugins (sys info, ...)

    NAS 3/11/2026

    Unraid 6.9.2 - Presentation of Dynamix plugins (sys info, ...)

  • Unraid 6.9.2 - SWAG - Locally access the reverse proxy (SWAG) via NAT reflection

    NAS 5/20/2026

    Unraid 6.9.2 - SWAG - Locally access the reverse proxy (SWAG) via NAT reflection

Comments

You must be logged in to post a comment

Share your opinion

Pinned content

  • Software (System admin)
  • Linux softwares
  • Our programs
  • Terms and conditions
  • Share your opinion

Contact

  • Guest book
  • Technical support
  • Contact

® InformatiWeb-Pro.net - InformatiWeb.net 2008-2022 - © Lionel Eppe - All rights reserved.

Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.