Skip to main content

Vaultwarden

Domain Configuration and Public IP

  • The subdomain bitwarden.famextools.hu is configured to point to your public IP address 185.5.229.223. This means that any request made to this subdomain from the internet is directed to your network.

Nginx Proxy Manager (NPM) Setup

  • NPM is running in Docker and is accessible through Portainer, your container management tool. NPM acts as a reverse proxy, which means it takes incoming requests from the internet and forwards them to the appropriate service on your network based on the configuration you provide (in this case, Vaultwarden).

Vaultwarden Docker Configuration

  • The Docker Compose file specifies how Vaultwarden should run. It's set to use the image vaultwarden/server, with the container named vaultwarden.
  • Ports 3012 and 5151 are exposed, with 3012 potentially for secure connections (though not specified) and 5151 mapped to port 80 inside the container, indicating HTTP traffic.
  • An environment variable ADMIN_TOKEN is set for administrative access.
  • Persistent storage is mapped to /volume1/docker/vaultwarden on your host to ensure data persists across container restarts.

SSL Certificate and HTTPS Configuration in NPM

  • For securing your Vaultwarden instance, an SSL certificate is created within NPM. This SSL certificate is associated with your subdomain and ensures that traffic between the client (users) and the proxy (NPM) is encrypted.
  • In NPM, you configure a proxy host for bitwarden.famextools.hu. This configuration includes pointing the host to your Vaultwarden service running on the local network, likely using the internal IP address of the host running Docker and specifying the port (e.g., 5151 for HTTP).

Request Flow:

  1. DNS Resolution: A request to bitwarden.famextools.hu resolves to your public IP 185.5.229.223.
  2. NPM Handling: NPM receives the request and decrypts it if it's HTTPS, using the SSL certificate you've configured.
  3. Forwarding to Vaultwarden: NPM then forwards the request to the Vaultwarden service running in Docker on port 5151.
  4. Response: Vaultwarden processes the request and sends the response back to NPM, which then encrypts the response (if necessary) and sends it back to the client.

Security Considerations

  • SSL Termination: Happens at NPM, which means traffic between NPM and Vaultwarden is unencrypted unless you also configure Vaultwarden to use HTTPS internally and point NPM to the HTTPS port. This internal encryption might not be necessary if your Docker containers and NPM are on the same secure local network.
  • Admin Token: The DMIN_TOKEN is a sensitive piece of information that allows administrative access to your Vaultwarden instance. Ensure this token is kept secure.

Conclusion

This setup allows to securely access Vaultwarden instance from anywhere using your subdomain, with SSL encryption handled by NPM. It's a common and effective way to provide secure remote access to self-hosted services.

No comments to display

Back to top