• Lem453@lemmy.ca
    link
    fedilink
    English
    arrow-up
    2
    ·
    3 months ago

    Keep vaultwarden behind wireguard for local only access then also use https certs and good master password. Very secure like this

    • francois
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      Why https if the traffic is already encrypted by the vpn?

      • Lem453@lemmy.ca
        link
        fedilink
        English
        arrow-up
        2
        ·
        3 months ago

        Security in layers.

        All your services should be using https. Vaultwarden in particular won’t even run without https unless you bypass a bunch of security measures.

        This is how to setup local only and external https, I highly recommend this as a baseline setup for every homelab. It allows you to choose how much security you want on a per app basis and makes adding new apps trivially easy.

        https://youtu.be/liV3c9m_OX8?si=TSWXoN_8SJDpAHaW