this post was submitted on 20 Sep 2024
1 points (100.0% liked)

Self-Hosted Alternatives to Popular Services

206 readers
3 users here now

A place to share, discuss, discover, assist with, gain assistance for, and critique self-hosted alternatives to our favorite web apps, web...

founded 1 year ago
MODERATORS
bot@lemmit.online
1
Do you expose your Bitwarden (or Vaultwarden) instance publicly with a Fully Qualified Domain Name (FQDN)? (old.reddit.com)
submitted 1 month ago by bot@lemmit.online to c/selfhosted@lemmit.online
1 comments fedilink hide all child comments
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/GreatRoxy on 2024-09-20 07:12:57+00:00.

Hi everyone,

I'm curious about best practices for self-hosting a password manager like Bitwarden or Vaultwarden. Do you expose your instance to the internet using a public FQDN, or do you prefer alternatives like VPN (e.g., WireGuard)?

For those using a reverse proxy, are you setting up Nginx Proxy Manager (NPM) to point to http://local-bitwarden-service and using SSL with Let’s Encrypt? Or do you create a self-signed certificate (or use Cloudflare's origin cert) and set NPM to route to https://local-bitwarden-service?

Lastly, do any of you use Cloudflare proxy DNS or Cloudflared Tunnels to enhance security and privacy?

I’m planning to share the password manager with family members, who will access it via browser extensions and mobile apps. Any advice on security, configuration, or alternative setups would be greatly appreciated!

Thanks in advance for your insights!

top 1 comments
sorted by: hot top controversial new old
[–] Adincar@discuss.tchncs.de 1 points 1 month ago* (last edited 1 month ago)

For anyone reading this best practice is to put it behind a VPN or something similar, I personally have it setup as a subdomain (bitwarden.domain.com) using nginx proxy manager to sign using let's encrypt.

In saying that I'm in the middle of migrating everything to swag (which is pure nginx with fail2ban built in) just to make management of some other things easier.

I will say if you do set it up public facing, make sure you disable signups for both security and to stop random people from using your server.