A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
You could go HTTP only if your happy that anything on the network could see your traffic, I don't trust anything on my networks so HTTPS everything.
Depending on if you have a proxy in front of vaultwarden will depend on what you need setup, I have nginx and traefik in front of my instance.
I don't have any proxy.
Iirc vaultwarden itself won't load if you don't run https.
Never run something like Vaultwarden with unencrypted traffic. Throwing in a self signed cert is basically free insurance. You never know when even in your "trusted network" something starts listening in. Just why risk it?
I run vaultwarden local only and use https, mostly because vaultwarden doesn't allow itself to be run over http. The way I did it was to get a domain (you can buy one if you want, I used duckdns for a free one) and when prompted for an IP to point it to, use your server's internal IP instead your public IP. Other than that you should be able to follow all the guides as normal
FWIW, here's my compose file. I 100% use https for everything internal. With LetsEncrypt and Pihole, why wouldn't you? It's dead-simple.
networks:
backend:
external: True
services:
vaultwarden:
container_name: vw-svr-00
image: vaultwarden/server
environment:
- TZ=My/Timezone
- DOMAIN=https://my.internal.domain/
# ports:
# - "82:80"
volumes:
- ./vw_data:/data
networks:
- backend
restart: always
labels:
- "traefik.enable=true"
- "traefik.http.routers.vaultwarden.rule=Host(`my.internal.domain`)”
- "traefik.http.routers.vaultwarden.entrypoints=websecure"
- "traefik.http.routers.vaultwarden.tls=true"
- "traefik.http.services.vaultwarden.loadbalancer.server.port=80"
edit: I also run my instance on a subdomain vs a path. So my instances is actually at vw.internal.domain.
I think when I set up vault warden with the docker compose it had scripts to generate it's own self-signed certificate. So it was already set up to use https.
I have a CA I created with easyrsa so I went and found the csr from vault warden and signed it with my own CA, so I didn't have to juggle two certs.
But otherwise yeah, running it on my local LAN, no let's encrypt.