this post was submitted on 28 Oct 2023
2 points (100.0% liked)

Self-Hosted Main

515 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

Hello, I've been looking at many guides but I'm having trouble understanding how to selfhost VaultWarden locally. Could someone help me understand how I could achieve this considering,

  • I don't have a domain
    • It would be nice to do something like vaultwarden.local or vaultwarden.homelab.local instead of typing in the homelab's pc static ip and the port vaultwarden is on
  • I don't want to expose anything outside of my local network
    • Security reasons
    • I am now well versed in networking so I don't want to risk leaving an entry point for unwanted users or hackers

I also learned that I would need to sign certificates to be able to access it on some browsers and the additional security. I learned that Traefik offers self-signed certificates, but every video I have seen starts talking about needing a domain and cloudflare tunneling and I get lost.

It would be nice if I could get help or advice from the r/selfhosted community because I am new to all of this but want to learn and host more applications and services locally. Thank you.

you are viewing a single comment's thread
view the rest of the comments
[–] CrazyShipTed@alien.top 1 points 1 year ago

Your router is exposed to public internet as long as it gets a public ip address. Domain is just an alias of ip easy to remember. Set strong policy on router will protects your local network on most scenarios.

What I did on self hosting is:

  • Purchase a domain, add record pointing to my router's public ip.
  • Expose ports for non-sensitive or authentication-capable application on home server. Those apps can be accessed from anywhere using public domain directly in browser.
  • Deploy an OpenVPN server on home server, generate SSL certificates, install OpenVPN client and import certificates on my devices. Then set series of policies on router, to let data packets from OpenVPN's subnet can be routered to home server with certain ports. Whenever a sensitive app or app without login portal need to be accessed (from public internet), just start OpenVPN client at first.
  • Make sure some critical apps could only be access from local network, even not for OpenVPN's subnet, such router's portal.

If you're bothered to tweak config on router, you could also use Cloudflare's tunnel, to manually add second level domain record for each service, if there are not many.

Besides, I use caddy to auto regenerate Let's Encrypt's certificate. It default requires that 80 port of you network is accessiable, not blocked by ISP. Or you can use dns verification in Let's Encrypt's config, just provide your domain provider's API credential to it.