I want to host a Vaultwarden (or Bitwarden if necessary) instance, but it keeps asking for a domain and a SSL certificate. I dont own a domain and dont want to enable port forwarding on my router to expose it to the outside.

Is it possible to host a instance only internally and access it via the IP or a domain set on my local DNS? How about SSL is it possible and/or necessary?

You are viewing a single thread.
View all comments
4 points

It’s good to use SSL even if you don’t plan to use it externally. At some point you may change your mind, or you may need to access it via VPN and there may be one hop between your browser and the VPN that will then be in plain text. Plus, not all devices are trustworthy anymore. An Android or iPhone device might have “malware” (including from reputable companies like Google trying to track you for ad purposes but recording unsecured http traffic to do it.) Or a frienday bring a bad device over and connect to your wifi and inadvertently capture that traffic. Lots of ways for internal traffic to be spied on.

Google: “how to create self signed certificate authority on <your workstation OS>”

And if that article doesn’t have it, google: “how to create a domain certificate from a self signed certificate authority”.

It doesn’t have to be a valid external domain, just use “.internal” as the top level domain which is reserved for this kind of thing, like “vaultwarden.internal”. You can also just use IP addresses in the certificate, but I find that less desirable.

Then google: "how to add a trusted certificate authority on <all your OS’s of all internal devices>”. Depending on what web browser you use, you may need to add it there as well. Once the certificate authority is trusted by your devices and browsers, then the domain certificate created by that CA will be as well.

You can set your expiration dates to be far in the future if you want, to avoid having to create new ones often, but be sure to document how just so in 5 or 10 years or so, if it’s still that way, you’ll know how to update them.

permalink
report
reply

Selfhosted

!selfhosted@lemmy.world

Create post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

  1. Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

Community stats

  • 3.7K

    Monthly active users

  • 2K

    Posts

  • 23K

    Comments