this post was submitted on 28 Oct 2023
1 points (100.0% liked)

Self-Hosted Main

21 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
communick@selfhosted.forum
1
Help hosting Vaultwarden local only (alien.top)
submitted 1 year ago by infinitay_@alien.top to c/main@selfhosted.forum
7 comments fedilink hide all child comments
 

Hello, I've been looking at many guides but I'm having trouble understanding how to selfhost VaultWarden locally. Could someone help me understand how I could achieve this considering,

  • I don't have a domain
    • It would be nice to do something like vaultwarden.local or vaultwarden.homelab.local instead of typing in the homelab's pc static ip and the port vaultwarden is on
  • I don't want to expose anything outside of my local network
    • Security reasons
    • I am now well versed in networking so I don't want to risk leaving an entry point for unwanted users or hackers

I also learned that I would need to sign certificates to be able to access it on some browsers and the additional security. I learned that Traefik offers self-signed certificates, but every video I have seen starts talking about needing a domain and cloudflare tunneling and I get lost.

It would be nice if I could get help or advice from the r/selfhosted community because I am new to all of this but want to learn and host more applications and services locally. Thank you.

top 7 comments
sorted by: hot top controversial new old
[–] toolski@alien.top 1 points 1 year ago

https://drfrankenstein.co.uk/2023/05/20/vaultwarden-bitwarden-in-container-manager-on-a-synology-nas/ is a great guide if you have Synology

[–] Ziomal12@alien.top 1 points 1 year ago (1 children)

DuckDNS provides you with xxx.duckdns.org for free and gives you ability to generate wildcard certificates. What I suggest you do is
1a) host VW locally only 1b) host it so that is accessible only with VPN.
2. In duckdns set ip to you local ip that VW is being hosted on (ie 192.168.1.20) or vpn ip
2. Use Traefik or NPM (or any other reverse proxy) to generate wildcard certificate with dns challange
3. Use Traefik or NPM to point on your device to the port VW is accessible on

[–] Ziomal12@alien.top 1 points 1 year ago (1 children)

If you never set up Traefik I suggest you use Nginx Proxy Manager, it's waaaay easier to set up, especially if you don't need the flexibility of Traefik.

[–] kevdogger@alien.top 1 points 1 year ago

I tried npm and it's good for simple things...however with anything complex you actually have to know nginx pretty well which at that point I'd just use the swag container. I agree traefik is much more complex to learn initially..like I struggled for days until like finally a lighbulb went on and I kind of figured it out. It would be tough to start out with traefik without some background configuring a different reverse proxy. A lot of users sware by caddy so to its ease of use but then again it doesn't provide a gui. I do really enjoy traefiks dashboard as to verify the configuration is set appropriately however

[–] offspec@lemmy.nicknakin.com 1 points 1 year ago

Use a self signed SSL cert

Use nginx to reverse proxy the vaultwarden instance

Use the hostname.local address to access the device or add a DNS override to your router. If that's not an option update your hosts file on the machines you intend to use it from.

[–] Lanten101@alien.top 0 points 1 year ago (1 children)

I'm using the cloudfare tunnel. That way i don't have to deal with any certificate.

[–] dotinho@alien.top 1 points 1 year ago

That is the right thing, I use the same.