I want to share the walkthrough guide for how I secure access to Vaultwarden (and other self-hosted containerized services) with Tailscale and Caddy.
I like this solution because it strikes a good balance between convenience and security, as well as being easy to manage and it is ridiculously cost-effective, too.
It uses the caddy-docker-proxy module, so this article may be of interest to you if you’ve been considering using Caddy as a reverse proxy to your containerized Vaultwarden instance.
Check it out: Securing access to Vaultwarden with Tailscale and Caddy
That sounds interesting, especially with one incident that happened at work to me. Do you have, by any chance, more sources on this topic?
What I found is this post: https://insomniac.slackware.it/pages/bitwarden_tailscale
But I need more sources.
It’s common to use Tailscale for accessing homelab web apps so there shouldn’t be any shortage of information available documenting the basic setup.
I think the main difference in my approach is in the containerization of everything, including Tailscale, for simple management with Docker compose and caddy-docker-proxy. It’s a pretty modular solution and it’s simple to add additional web apps besides Vaultwarden, e.g. my walkthrough also provides an example of adding Gitea. It’s a great setup for a basic Raspberry Pi homelab, IMHO.
I see that containerizing Tailscale, along with your web applications, provides a high degree of flexibility and simplifies management significantly.
Thanks for sharing your approach. Maybe I’ll give it a try.