How to migrate Vaultwarden

Posted on In Views: Word count in article: 2.1k Reading time ≈ 2 mins.

Before, I wrote a post about how to install Vaultwarden. Today, I migrate it to a new server and let me tell you how to do it.

  1. Log in your old server as root.

    1
    2
    tar -czvf vw-data.tar.gz /vw-data/
    scp vw-data.tar.gz root@new.server:~

  2. Log in your new server as root.

    1
    2
    3
    sudo certbot certonly --nginx -d vaultwarden.new.server
    ln -s /etc/nginx/sites-available/vaultwarden.new.server /etc/nginx/sites-enabled/
    vim /etc/nginx/sites-available/vaultwarden.new.server
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    server {
        listen 80;
        listen [::]:80;
        server_name vaultwarden.new.server;

        # Redirect all HTTP requests to HTTPS
        return 301 https://$server_name$request_uri;
    }
    server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        ssl_certificate /etc/letsencrypt/live/vaultwarden.new.server/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/vaultwarden.new.server/privkey.pem;
        server_name vaultwarden.new.server;
        client_max_body_size 525M;
        location / {
        proxy_set_header Upgrade $http_upgrade;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_buffers 8 16k;
        proxy_buffer_size 32k;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://localhost:3000/;
        }
    }
    1
    2
    3
    4
    5
    6
    7
    8
    service nginx restart
    docker run -d --name vaultwarden -v /vw-data/:/data/ --restart unless-stopped -p 3000:80 -e DOMAIN=https://your_domain -e SIGNUPS_ALLOWED=false -e SMTP_HOST=your_mail_server_domain -e SMTP_FROM=your_mail_address -e SMTP_PORT=587 -e SMTP_SECURITY=starttls -e SMTP_USERNAME=your_mail_username -e SMTP_PASSWORD=your_mail_password vaultwarden/server:latest
    # if your SMTP_PORT is 587 or 25 with ssl, set SMTP_SECURITY=starttls, if your SMTP_PORT is 465, set SMTP_SECURITY=force_tls, it your SMTP_PORT is 25 without ssl, set SMTP_SECURITY=off. I learned these today. Last time it is very luck for me. This time I changed SMTP_PORT without chaning STMP_SECURITY, it would not work for me.
    docker stop vaultwarden
    rm -rf /vw-data/
    tar -xzvf vw-data.tar.gz
    mv vw-data/ /
    docker start vaultwarden

    All done, you can check if all your passwords migrate successfully.

    Reference

    1. https://github.com/dani-garcia/vaultwarden/discussions/4333
    2. https://blog.vlinyu.com/archives/docker-compose-bitwarden-two-step-login
    3. https://rs.ppgg.in/configuration/smtp-configuration