Hello from a fellow content creator in Michigan, USA. Just wanted to drop a line to let you know I enjoyed this video. Short and to the point. I appreciate your efforts and look forward to future videos.
Wow! I had been banging my head against the wall with cloudflare, letsencrypt and bitwarden for a few days, ,making progress and learning but not getting it to work. Then I used this tutorial and bam, in 15 minutes I had everything up and running. Thank you so much!
Hi and thanks for this content. I have a few comments about the content of this video: I would use another Port than 80, I would create locale certificates in order to be able to login localy without any dependencies (reverse proxy, internet connection), then I would show activating MFA because Vaultwarden is reachable for everyone! Then, in addition to the actual CF tunnel, at least one application rule should be created (even if in the Vaultwarden example it is just a GEO restriction). In addition, some security settings should also be made within Vaultwarden for secure operation on the Internet (disallow signup, disallow invitations, disallow show password hint, activate yubikey...). Deploying an application is one thing, but safely deploying it is much more demanding.
Yeah, in the referenced video Cloudflare Zero Trust, I walk through the application policies and how to lock down and secure them around the 1:10 mark :)
I'd like to know more about the whole how do I disallow new signups. . I was testing this and if someone had my cloud flare name they could sign up on vautlwarden
@@MrTrilock From their offical docs - After you have completed signed up new members to your Vaultwarden server, it is highly recommended that you disable new user signups inside your Admin Dashboard -> General Settings -> Allow new signups -> uncheck the box. Tell the user to create an account on your Vaultwarden server.
@@Techdox thank you yet again for your very prompt replies.. all these projects and my ADHD goes crazy. Just set up traefik , now to get authentik to work with it and finish vault warden security sides and try my hand at wordpress
This is interesting. I can log in to vaultwarden on the machine I installed Cloudflared tunnel on, but not my other one. I can also log into the self-hosted app on my phone, selecting the option the same way you did.
Thanks for the tutorial! I managed to finally get access to my Vault Warden instance throught the web. I am using a third party hosting for my domain, and managed to route it by changing the nameserver. Only issue I know have, is that it is still a HTTP connection, and can't seem to manage to get HTTPS to work. I would be ever grateful if you could help me figure out what to do! Thanks in advance, Sam
Hello! Thank you for this tutorial. How can I set up automatic and encrypted backups of the Vaultwarden database to another server? Isn't it risky to store passwords on a single server in case of an interruption? Thanks.
question tho. While innternal shouldnt we want this to be on another port other than 80? We are a small company and want to push this out the user base but port 80 is throwing me off
@@whoanelly- you can set it to any port you like, ideally you should have this publicly exposed anyway and should be behind a VPN or something like Cloudflare tunnel etc
Great video, i just did this and it works great! But my worry is if someone knows the web address they can get to the vaultwarden log in page. I tried setting up some security on cloud flare where it would require a pin but doing so makes the bitwarden app not work for obvious reasons. How do you add security that will work with the bitwarden app?
What I did was white list my home IP in Cloudflare so the app worked, then when I’m away I could connect via VPN which then allowed me to connect to my service. You could also look at Cloudflare WARP as well
thanks for the videos they are very helpful for a noobie like me to all this. is there any way to get this set up completely free or will you always end up having to pay for a domain? eventually i think I would like to get this set up completely locally, so maybe I will just get a domain anyway.
hello thanks for the video, i configured vaultwarden with your help, i have a question, how to disable signup at the login page, can you just add it to the end of the video, it would be a great help, stopping other users to login
Feel free to join the Discord to explain this more, but you could add the Cloudflare SSO auth in-front of vaultwarden so people will see that and not your vaultwarden page
I got all the way to the end, but when I went to make something in vaultwarden I got an error and it is pointing to the cloudflare tunnel as the issue? I can get to the site fine but not add anything?
As in if you have the Cloudflare sso in front of your app? I have white listed my public IP address in Cloudflare zero trust which means my phone app can hit bitwarden and then I use my VPN while away from home
@@Techdox you got my question right. How do you whitelist your phone’s public IP address in Cloudflare? Also wouldn’t it change at some time by your phone carrier?
@@kiranjadhav4125 when I’m at home it’s my public IP for my home network and then when I’m away I use my VPN so I continue to use my public IP of my home network. This IP is static. Check this out - developers.cloudflare.com/cloudflare-one/policies/access/
Hi I managed to set up Vaultwarden with Cloudflare tunnel.. I am able to access via Web on my PC/Linux/android/iPhone.. However I cannot log in onto the apps or browser extentions.. Any way you could help? I am unable to find an answer 😭
Is your Cloudflare tunnel behind a security policy? For example you can access vault warden via the web but need to login via SSO or do you just hit the vaultwarden UI when accessing the address?
Selfhosting comes with the security risks and it’s up to you how you want to secure it the most. Vaultwarden itself is a solid service and then putting it behind something like a vpn or Cloudflare makes it pretty robust
@@ms7165 I’ll need to make a video to cover it at some point, until then check out deliciousbrains.com/ssl-certificate-authority-for-local-https-development/