Https help with certificate

Hi All,

I have installed Vaultwarden in a LXC container on Proxmox.
The script from PVE Help script installed with auto signed certificate for https.

I want to move with real certificate as I need it for all my phones, tablets… only for home (no exposition on internet).

I installed in another LXC container Nginx Proxy Management.

I tried to disable auto signed certificates also, here a summary :

1. duckdns : I created an adress : mysiteduckdnsorg (not real adress) which is linked to the IP adress of my LXC container

2. Nginx Proxy Management :
   a) I created a let’s encrypt via dns certificate
   b) I created a proxy host :

• name domain = mysiteduckdnsorg
• schemes : htpps
• Forward Hostname / IP = IP adress of Vaultwarden LXC
• Forward port : the port of vaultwarden
• Options : I activated Cache Assets, Block Common Exploits, Websockets Support
• SSL : I activated Force SSL only

3. Vaultwarden :
   In /opt/vaulwarden/.env :
   #ROCKET_TLS=‘{certs=“/opt/vaultwarden/XXXXX.pem”,key=“/opt/vaultwarden/XXXXXX.key”}’
   DATA_FOLDER=/opt/vaultwarden/data
   DATABASE_MAX_CONNS=10
   WEB_VAULT_FOLDER=/opt/vaultwarden/web-vault
   WEB_VAULT_ENABLED=true
   DOMAIN=https://mysiteduckdnsorg

I disable Rocket_TLS row and I added DOMAIN row.

I relaunched the service (service vaultwarden restart).

I try the connexion with https://mysiteduckdnsorg and not successful. Same issue with direct IP address.

I have : Error code : SSL_ERROR_RX_RECORD_TOO_LONG

I miss a point and I looked some How to or video but I didn’t find my error.

Thanks for your help

Edit : I have Adguardhome and Unbound. I added ‘private-domain: “mysiteduckdnsorg”‘ in the config file of unbound and I define a local zone in unbound :
local-zone: “duckdns.” static
local-data: “mysite.duckdns. IN A IPADRESSofLXCVaultwarden”

The update of unbound setup has not solved my issue

What proxy are you using?

The way I have mine on Proxmox is by setting up Cloudflare for my domain. You can do this even if your domain is not with them. From the image below, I is the Cloudflare dashboard you can forward your current domain to Cloudflare or just buy a cheap domain from them in the Nginx Proxy Manager. You need to forward the container IP address to the domain’s second image

When adding an A record into Cloudflare you domain will always show as a subdomain

I.E YouSubdomain.youdomain.co.uk exsample

cloudflare

helping someone with bitwarden1451×503 76 KB

Nginx

Make sure your home router is forwarding the ports for bitwarden to 8000 and 81 for Nginx. It should look something like this. Also, you might want to turn off UPnP in your router setting it caused me no end of issues forwarding ports. The image below is the firewall settings of the nginx container.

image1197×303 18.2 KB

Proxy : for me it is duckdns. Or I miss a point ?

Hi All,
I am using AdGuardHome which is linked to Unbound.
nslookup on one computer of my local network works :

Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
Name: name.duckdns.org

Address: 192.168.ZZZ.SSS

But if i tried to connect in firefox with name.duckdns.org it didn’t work.

I am lost on my setup of my local network

Thanks for any advice (I looked several how to, but no how to with adguardhome + unbound and NPM on another machine)

Hi,
I tried to do the same for my machine with npm.
I created a specific name on duckdns.org.
I created in npm a new certificate and the proxy host.

It works.

So perhaps a wrong configuration of vaultwarden and/or of npm for vaultwarden.

I continue my analyse.

BR