Vaultwarden and Port Forwarding

mfkfx · January 17, 2024, 9:47am

Hello,

i am running Vaultwarden as HomeAssistant-Addon. I created a duckdns domain and also got a certificate from Letsencrypt via certbot. Then, I forwarded the vaultwarden port 7277 permanently to the VM where HA/Vaultwarden is running.

Everything is working fine, including iOS App.
My question is: is this the “way to go” or does this permanently forwarded port pose a security risk? If so, what are better options? I stumbled across nginx as reverse proxy. Would this be a better solution? As far as i understand, even in this case one has to forward ports to the nginx server, so I dont see an advantage there.

Thank you very much in advance!

Best regards
Michael

gerardv514 · January 21, 2024, 5:31pm

The advantage of reverse proxy is you only have to open one port vs individual ports for each service.

mfkfx · January 21, 2024, 6:20pm

Thank you very much for your answer!

How is this done? Is the proxy accessed by different subdomains and depending on the subdomain the port to the proxy is „dynamically“ translated to the correct port inside the network?

How is the whole SSL stuff handled? Is there a certificate for each subdomain? Is there some kind of tutorial for this in conjunction with duckdns?

Thank you very much, your help is much appreciated.

Regards
Michael

Topic		Replies	Views
How to use vaultwarden with my ssl certificate Help	6	5647	February 13, 2023
Couldn't access vaultwarden after reverse proxy issue	5	1126	July 10, 2023
Local only set-up question Help	2	517	June 1, 2023
Problems with Apps on Mac and iOS Help	9	2822	December 13, 2023
SSO with device Help	3	1127	November 23, 2023

Vaultwarden and Port Forwarding

Related topics