Hello, I’ll try to keep this as short as possible. I’m currently hosting bitwarden_rs on Docker. I plan on accessing this container only within my home network and I don’t want to expose it to the Internet at all. The problem is that bitwarden_rs requires HTTPS to work. What are my options here? I’m pretty new to all of this and I’d like some suggestions. Thanks!
Let’s Encrypt certificates are “required” to be send to Certificate Logs (due to Google’s demand for signed certificate timestamps), so hostnames embedded in certificates issued by Let’s Encrypt will be publically known.
I’m not familiair with bitwarden_rs, but if you’re the only user of the service, perhaps setting up your own not-publically trusted CA could be an option?
I could try doing that, maybe I can find some fake CA service. Would that be an issue if I’m hosting both private and public-facing containers at the same time? I mean, will I be able to assign my bitwarden_rs container a certificate generated by a fake CA, while at the same time handing out genuine letsencrypt certificates to other web servers that are exposed to the Internet?
I don’t use bitwarden. But isn’t there a self signed certificate enough?
Create one with 20 years, add it to your browser - and forget it.
It seems to work with Traefik’s default certificate, although I hoped there would be a better solution. The traffic should still be encryped by https even though I’m using a self-signed certificate, right?
To encrypt traffic, it’s not relevant if the certificate is public trusted, expired, has the wrong name etc.
Only internal usage: Use self signed with a very long duration.
Alright, makes sense, thank you. Would you recommend me to generate my own self-signed certificate using something like openssl / a fake CA service I host on my own, or is the reverse proxy’s default certificate fine? I mean, it’s working right now but I’m asking out of curiosity. Thanks
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.