How to use vaultwarden with my ssl certificate

Hello, first sorry for my English.

I’m trying to use vaultwarden, but I can’t access it from the internet, it always gives an error and I would appreciate some help because I don’t know what else to try.
1 - I have my own ssl certificate, is there a way to use them?
2 - I have the following configuration, an ubuntu (192.168.0.60) with docker vaultwarden to port 8062, which I can access internally (which I cannot follow because it is not https).
3 - try nginx proxy manager: add in Proxy Hosts (SOURCE:vault.domain.com), (DESTINATION:http://192.168.0.60:8062) and (in SSL custon with my SSL certificate) certificate is for * .domain.com.
5 - In my router I add the port 8062 forwarder to the ip 192.168.0.60:8062, entering my domain eg (https://vault.domain.com:8062) but it doesn’t work.

I don’t know what I’m doing wrong, and since I have my own SSL there is no way to not depend on nginx proxy manager?

thank you

I don’t know what that “nginx proxy manager” is, but the idea would be that you access https://vault.domain.com at the standard port (443), and nginx forwards this to your internal host, port 8062.

1 Like

Your router needs to forward port 443 to the IP Address of the host with nginx. Nginx should be configured to forward this traffic to 192.168.0.60:8062

Is your nginx proxy manager on the same host as vaultwarden?
Has your SSL certificate been added to the trust store of your devices?

I do not use Nginx as my reverse proxy so I am not familiar with the correct syntax, neither do I use Docker so the port requirements may be different but in my Caddy reverse proxy I had to add a special port forward for notifications. It’s been a while so I don’t remember exactly why. I am running Vaultwarden on a separate virtual host at 10.20.30.20 and here is my working Caddyfile entry in case anything in it helps.

https://vault.mydomain.net {
        reverse_proxy /notifications/hub/negotiate 10.20.30.20:8000
        reverse_proxy /notifications/hub 10.20.30.20:3012
        reverse_proxy 10.20.30.20:8000 {
                header_up X-Real-IP {remote_host}
        }
}

Hi, I’m trying to mount it on another port because 443 is already used, and I only have a public IP. when i tried with bitwarden open source it was installed and configured even with ssl without problem, doing a fordware on the router on another port. But I wanted to try vaultwarden because the administration seems better. There is no way to not depend on a reverse proxy?
thank you

Reverse proxy is not mandatory, cause according to Enabling HTTPS · dani-garcia/vaultwarden Wiki · GitHub there is a way to enable SSL/TLS for Rocket server that Vaultwarden uses, but IT IS NOT recommended. Deploying a reverse proxy of your choice like HAProxy or Nginx Reverse Proxy is the best approach to configure HTTPS access from Internet to your vaultwarden instance. Port 443 is not a must with HTTPS, but it is a default port which allows to shorten URL, only custom ports are required to be provided because browser will try only port 443 and does not know your custom one. Thus, best practice is to open port 443 on your edge router, but you can redirect it internally to port 8062 on your Ubuntu without issues.

There is a way to safely use Vaultwarden without reverse proxy. Deploy Wireguard VPN in another docker container and use vaultwarden remotely via this VPN connection. Honestly it can be the best way for you, cause there is a chance you will not configure your reverse proxy safely enough and exposing your Vaultwarden to the Internet can be fatal. Try this one GitHub - WeeJeWel/wg-easy: The easiest way to run WireGuard VPN + Web-based Admin UI.

you should free up port 443 by configuring the listening port to something else. on your router forward port 443 to nginx proxy manager. then you can configure reverse proxy to those two apps (your first app and bitwarden)

of course, you’d need to apply both certificates to nginx proxy manager

Thanks for everyone’s help.
I stop trying to make it work, I can’t waste that much time to make an application work. I go back to bitwaren open source that worked perfectly for me.
It’s clear that I wasn’t able to get vaultwarden to work.
thank you so much