I’ve tried unsuccessfully to get Valutwarden working without a proxy. See here. Any request with https leads me to the SSL_ERROR_RX_RECORD_TOO_LONG error, while via http I get the “Loading wheel” running indefinitely.
Despite the top of the page here suggests you can run Valutwarden without internally without proxy, my experience suggest that this is not the case and have tried on different VMs getting the same error. So seems like the only way is going via proxy. From what I’ve read, people seem to suggest that Traefik is the way to go. So I’m thinking of setting it up on my same VM as Valutwarden.
Note that my network is behind a pfsense install on another hardware machine. DNS forwarding is enabled with unbound. Will installing Traefik require changes to pfSense config? Looks like it may be the case from here. For now all I want is getting Vaultwarden going; later down the line I’ll learn how Traefik can benefit the rest of my homelab.
I’m trying to work out the simplest way of getting Vaultwarden going using a minimalistic proxy, as there seems to be no alternative to not having a proxy going. Thoughts?
I used this guide to use traefik with a wildcard certificate from let’s encrypt that is internal only. So I have
Immich.domain.com
And also
Vault.local.domain.com
This allows something like vaultwarden to only be accessible on my internal LAN while something like immich is exposed so I can share albums with anyone I want.
If I want to connect to vaultwarden while away from home, I connect to wireguard first then access via the local URL.
In docker I don’t even close the app’s ports, so even locally everything has SSL everywhere.
https://youtu.be/liV3c9m_OX8