Vaultwarden and Port Forwarding

mfkfx · January 17, 2024, 9:47am

Hello,

i am running Vaultwarden as HomeAssistant-Addon. I created a duckdns domain and also got a certificate from Letsencrypt via certbot. Then, I forwarded the vaultwarden port 7277 permanently to the VM where HA/Vaultwarden is running.

Everything is working fine, including iOS App.
My question is: is this the “way to go” or does this permanently forwarded port pose a security risk? If so, what are better options? I stumbled across nginx as reverse proxy. Would this be a better solution? As far as i understand, even in this case one has to forward ports to the nginx server, so I dont see an advantage there.

Thank you very much in advance!

Best regards
Michael

gerardv514 · January 21, 2024, 5:31pm

The advantage of reverse proxy is you only have to open one port vs individual ports for each service.

mfkfx · January 21, 2024, 6:20pm

Thank you very much for your answer!

How is this done? Is the proxy accessed by different subdomains and depending on the subdomain the port to the proxy is „dynamically“ translated to the correct port inside the network?

How is the whole SSL stuff handled? Is there a certificate for each subdomain? Is there some kind of tutorial for this in conjunction with duckdns?

Thank you very much, your help is much appreciated.

Regards
Michael

Topic		Replies	Views
How to use vaultwarden with my ssl certificate Help	6	3529	February 13, 2023
Using Nginx as reverse proxy Third Party Help	10	4348	May 19, 2021
Couldn't access vaultwarden after reverse proxy issue	5	613	July 10, 2023
Local only set-up question Help	2	291	June 1, 2023
Nginxproxymanager cert for vaultwarden docker-compose Help	2	446	November 4, 2023

Vaultwarden and Port Forwarding

Related Topics