Hello, I’ll try to keep this as short as possible. I’m currently hosting bitwarden_rs on Docker. I plan on accessing this container only within my home network and I don’t want to expose it to the Internet at all. The problem is that bitwarden_rs requires HTTPS to work. What are my options here? I’m pretty new to all of this and I’d like some suggestions. Thanks!
1 Like
Let’s Encrypt certificates are “required” to be send to Certificate Logs (due to Google’s demand for signed certificate timestamps), so hostnames embedded in certificates issued by Let’s Encrypt will be publically known.
I’m not familiair with bitwarden_rs, but if you’re the only user of the service, perhaps setting up your own not-publically trusted CA could be an option?
1 Like
I could try doing that, maybe I can find some fake CA service. Would that be an issue if I’m hosting both private and public-facing containers at the same time? I mean, will I be able to assign my bitwarden_rs container a certificate generated by a fake CA, while at the same time handing out genuine letsencrypt certificates to other web servers that are exposed to the Internet?
1 Like
Hi @glazing32
I don't use bitwarden. But isn't there a self signed certificate enough?
Create one with 20 years, add it to your browser - and forget it.
1 Like
It seems to work with Traefik’s default certificate, although I hoped there would be a better solution. The traffic should still be encryped by https even though I’m using a self-signed certificate, right?
1 Like
To encrypt traffic, it’s not relevant if the certificate is public trusted, expired, has the wrong name etc.
Only internal usage: Use self signed with a very long duration.
1 Like
Alright, makes sense, thank you. Would you recommend me to generate my own self-signed certificate using something like openssl / a fake CA service I host on my own, or is the reverse proxy’s default certificate fine? I mean, it’s working right now but I’m asking out of curiosity. Thanks
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.