Self-hosted instance with HTTPS

1

Hello,

I have been using bitwarden_rs on aarch64 for years and I am now migrating to vaultwarden.
I have my own VPN and I do not expose any application so I am using VPN to connect to my self-hosted instance.
I would like to use HTTPS instead of HTTP for more security.
I have had a quick look to the documentation but I do not see this case.
I do not have any domain to configure in caddy and if I use a fake one caddy fails in gettting the certificate.
Do you have any recommendation in this case?

2

Just changed the following lines in docker-compose.yml:

environment:
  - CADDY_TLS_CERT=/config/caddy/cert.pem
  - CADDY_TLS_KEY=/config/caddy/key.pem

and the following in Caddyfile:

tls {$CADDY_TLS_CERT} {$CADDY_TLS_KEY}

From my laptop it is ok through the browser.
I have generated a .crt file and put in my android 11 phone but I am getting the following error:

ssl_error
ssl_error1920×1440 75.1 KB

3
4

Thank you for you hint @jjlin !
I could make it working.
However what about the following statement:

If you don’t already have an account, create one at https://www.duckdns.org/. Create a subdomain for your vaultwarden instance (e.g., my-vw.duckdns.org), setting its IP to your vaultwarden host’s private IP (e.g., 192.168.1.100).

It is clear that caddy needs to my-vw.duckdns.org domain in the HTTPS call in order to work.
But if I use dig to query the duckdns domain I am getting an empty IP address.
In Linux and Windows I can quickly solve this issue putting a static DNS mapping in the /etc/hosts but what about Android devices?
What solution do you recommend?

5

The duckdns.org subdomain should resolve to your private IP. If it doesn’t, flush your DNS resolver cache, or see the troubleshooting section

6

This is solved. I have just used my router.
Thanks.