I thought that Vaultwarden install was going to be a little simpler but after having consulted a few guides here and there its maybe less straightforward than I thought.

My use-case is to use it on may internal LAN only with not access from outside whatsoever. In theory, http should be fine, but as this tool will contain quite a bit of sensitive data, I can see why it may be a good idea to go https. Are most of you internal users only setting up https?

My network is behind a pfSense setup that uses unbound to resolve all DNS. Locally, all my DNS requests are being forwarded on the subnet I will have Vaultwarden installed.

  • First question is whether for internal network use only, I need to go https.
  • Second question is whether I need to follow this guide?
  • Matt The Horwood@lemmy.horwood.cloudEnglish
    7·
    2 days ago

    You could go HTTP only if your happy that anything on the network could see your traffic, I don’t trust anything on my networks so HTTPS everything.

    Depending on if you have a proxy in front of vaultwarden will depend on what you need setup, I have nginx and traefik in front of my instance.

      • N0x0n@lemmy.mlEnglish
        2·
        1 day ago

        Time to learn how to use one :) ! I always use https for all my services in my LAN with a local certificate authority !

        I can access all my services with a LAN domaine like the following: https://*.home.lab

        The reverse proxy allows to listen on 80 and 443 and forward your traffic to your specific service (https://vaultwarden.home.lab/) and back without the need to fiddle arround with ports and IPs. Thus avoiding port collision if 2 services are listening on the same port !

        May I suggest Traefik if you go the docker route? Nginx is also a good solution but way more complex to setup.

        • trilobite@lemmy.mlOPEnglish
          1·
          8 hours ago

          I hadn’t considered the port conflict issue … probably shows how ignorant I am on all this stuff, not just on proxies … :-)