Hello from a fellow content creator in Michigan, USA. Just wanted to drop a line to let you know I enjoyed this video. Short and to the point. I appreciate your efforts and look forward to future videos.
Hi and thanks for this content. I have a few comments about the content of this video: I would use another Port than 80, I would create locale certificates in order to be able to login localy without any dependencies (reverse proxy, internet connection), then I would show activating MFA because Vaultwarden is reachable for everyone! Then, in addition to the actual CF tunnel, at least one application rule should be created (even if in the Vaultwarden example it is just a GEO restriction). In addition, some security settings should also be made within Vaultwarden for secure operation on the Internet (disallow signup, disallow invitations, disallow show password hint, activate yubikey...). Deploying an application is one thing, but safely deploying it is much more demanding.
Yeah, in the referenced video Cloudflare Zero Trust, I walk through the application policies and how to lock down and secure them around the 1:10 mark :)
I'd like to know more about the whole how do I disallow new signups. . I was testing this and if someone had my cloud flare name they could sign up on vautlwarden
@@MrTrilock From their offical docs - After you have completed signed up new members to your Vaultwarden server, it is highly recommended that you disable new user signups inside your Admin Dashboard -> General Settings -> Allow new signups -> uncheck the box. Tell the user to create an account on your Vaultwarden server.
@@Techdox thank you yet again for your very prompt replies.. all these projects and my ADHD goes crazy. Just set up traefik , now to get authentik to work with it and finish vault warden security sides and try my hand at wordpress
Wow! I had been banging my head against the wall with cloudflare, letsencrypt and bitwarden for a few days, ,making progress and learning but not getting it to work. Then I used this tutorial and bam, in 15 minutes I had everything up and running. Thank you so much!
Thanks so much for this, I've literally read hours of stuff and this was straight to the point. With that said, how to I access or edit the admin settings? I can't seem to figure that part out yet.
This is interesting. I can log in to vaultwarden on the machine I installed Cloudflared tunnel on, but not my other one. I can also log into the self-hosted app on my phone, selecting the option the same way you did.
Hello! Thank you for this tutorial. How can I set up automatic and encrypted backups of the Vaultwarden database to another server? Isn't it risky to store passwords on a single server in case of an interruption? Thanks.
thanks for the videos they are very helpful for a noobie like me to all this. is there any way to get this set up completely free or will you always end up having to pay for a domain? eventually i think I would like to get this set up completely locally, so maybe I will just get a domain anyway.
question tho. While innternal shouldnt we want this to be on another port other than 80? We are a small company and want to push this out the user base but port 80 is throwing me off
@@whoanelly- you can set it to any port you like, ideally you should have this publicly exposed anyway and should be behind a VPN or something like Cloudflare tunnel etc
Great video, i just did this and it works great! But my worry is if someone knows the web address they can get to the vaultwarden log in page. I tried setting up some security on cloud flare where it would require a pin but doing so makes the bitwarden app not work for obvious reasons. How do you add security that will work with the bitwarden app?
What I did was white list my home IP in Cloudflare so the app worked, then when I’m away I could connect via VPN which then allowed me to connect to my service. You could also look at Cloudflare WARP as well
Thanks for the tutorial! I managed to finally get access to my Vault Warden instance throught the web. I am using a third party hosting for my domain, and managed to route it by changing the nameserver. Only issue I know have, is that it is still a HTTP connection, and can't seem to manage to get HTTPS to work. I would be ever grateful if you could help me figure out what to do! Thanks in advance, Sam
hello thanks for the video, i configured vaultwarden with your help, i have a question, how to disable signup at the login page, can you just add it to the end of the video, it would be a great help, stopping other users to login
Feel free to join the Discord to explain this more, but you could add the Cloudflare SSO auth in-front of vaultwarden so people will see that and not your vaultwarden page
@@ms7165 I’ll need to make a video to cover it at some point, until then check out deliciousbrains.com/ssl-certificate-authority-for-local-https-development/
As in if you have the Cloudflare sso in front of your app? I have white listed my public IP address in Cloudflare zero trust which means my phone app can hit bitwarden and then I use my VPN while away from home
@@Techdox you got my question right. How do you whitelist your phone’s public IP address in Cloudflare? Also wouldn’t it change at some time by your phone carrier?
@@kiranjadhav4125 when I’m at home it’s my public IP for my home network and then when I’m away I use my VPN so I continue to use my public IP of my home network. This IP is static. Check this out - developers.cloudflare.com/cloudflare-one/policies/access/
I got all the way to the end, but when I went to make something in vaultwarden I got an error and it is pointing to the cloudflare tunnel as the issue? I can get to the site fine but not add anything?
Hi I managed to set up Vaultwarden with Cloudflare tunnel.. I am able to access via Web on my PC/Linux/android/iPhone.. However I cannot log in onto the apps or browser extentions.. Any way you could help? I am unable to find an answer 😭
Is your Cloudflare tunnel behind a security policy? For example you can access vault warden via the web but need to login via SSO or do you just hit the vaultwarden UI when accessing the address?
Selfhosting comes with the security risks and it’s up to you how you want to secure it the most. Vaultwarden itself is a solid service and then putting it behind something like a vpn or Cloudflare makes it pretty robust
Hello from a fellow content creator in Michigan, USA. Just wanted to drop a line to let you know I enjoyed this video. Short and to the point. I appreciate your efforts and look forward to future videos.
Thank you, that means a lot :) hope you are well
Hi and thanks for this content. I have a few comments about the content of this video: I would use another Port than 80, I would create locale certificates in order to be able to login localy without any dependencies (reverse proxy, internet connection), then I would show activating MFA because Vaultwarden is reachable for everyone! Then, in addition to the actual CF tunnel, at least one application rule should be created (even if in the Vaultwarden example it is just a GEO restriction). In addition, some security settings should also be made within Vaultwarden for secure operation on the Internet (disallow signup, disallow invitations, disallow show password hint, activate yubikey...).
Deploying an application is one thing, but safely deploying it is much more demanding.
Yeah, in the referenced video Cloudflare Zero Trust, I walk through the application policies and how to lock down and secure them around the 1:10 mark :)
I'd like to know more about the whole how do I disallow new signups. . I was testing this and if someone had my cloud flare name they could sign up on vautlwarden
@@MrTrilock From their offical docs - After you have completed signed up new members to your Vaultwarden server, it is highly recommended that you disable new user signups inside your Admin Dashboard -> General Settings -> Allow new signups -> uncheck the box. Tell the user to create an account on your Vaultwarden server.
@@Techdox thank you yet again for your very prompt replies.. all these projects and my ADHD goes crazy. Just set up traefik , now to get authentik to work with it and finish vault warden security sides and try my hand at wordpress
Wow! I had been banging my head against the wall with cloudflare, letsencrypt and bitwarden for a few days, ,making progress and learning but not getting it to work. Then I used this tutorial and bam, in 15 minutes I had everything up and running. Thank you so much!
Glad I could help :)
Thank you so much for creating this, i was fiddling with caddy for far too long!
Dude, offering 1on1 for YT members is so fucking smart
Thanks so much for this, I've literally read hours of stuff and this was straight to the point. With that said, how to I access or edit the admin settings? I can't seem to figure that part out yet.
This is interesting. I can log in to vaultwarden on the machine I installed Cloudflared tunnel on, but not my other one. I can also log into the self-hosted app on my phone, selecting the option the same way you did.
Thank you, this helped me a lot!
Hello! Thank you for this tutorial. How can I set up automatic and encrypted backups of the Vaultwarden database to another server? Isn't it risky to store passwords on a single server in case of an interruption? Thanks.
thanks for the videos they are very helpful for a noobie like me to all this.
is there any way to get this set up completely free or will you always end up having to pay for a domain? eventually i think I would like to get this set up completely locally, so maybe I will just get a domain anyway.
If you wanted you could have this setup for free locally without a domain name and then connect to it using a vpn?
question tho. While innternal shouldnt we want this to be on another port other than 80? We are a small company and want to push this out the user base but port 80 is throwing me off
@@whoanelly- you can set it to any port you like, ideally you should have this publicly exposed anyway and should be behind a VPN or something like Cloudflare tunnel etc
Great video, i just did this and it works great! But my worry is if someone knows the web address they can get to the vaultwarden log in page. I tried setting up some security on cloud flare where it would require a pin but doing so makes the bitwarden app not work for obvious reasons. How do you add security that will work with the bitwarden app?
What I did was white list my home IP in Cloudflare so the app worked, then when I’m away I could connect via VPN which then allowed me to connect to my service.
You could also look at Cloudflare WARP as well
@@Techdox so basically only your IP is the only one allowed to use it?
Where in cloud flare would i enter the IP to be white listed?
Check this documentation out - developers.cloudflare.com/cloudflare-one/policies/gateway/network-policies/ Let me know if you still need a hand
why css not load on my domain, but can load on my private ip
Thanks for the tutorial! I managed to finally get access to my Vault Warden instance throught the web. I am using a third party hosting for my domain, and managed to route it by changing the nameserver. Only issue I know have, is that it is still a HTTP connection, and can't seem to manage to get HTTPS to work.
I would be ever grateful if you could help me figure out what to do!
Thanks in advance,
Sam
Hey, have you looked at Cloudflare tunnels? It’s a great way to expose services using https and making it secure. I have a few videos about it
Is there any need to renew https certificates using cloudflare tunnels? Or do they handle that automatically on their end?
All handled for you :)
How can i install it with Portaier ? Is there a yml file ?
hello thanks for the video, i configured vaultwarden with your help, i have a question, how to disable signup at the login page, can you just add it to the end of the video, it would be a great help, stopping other users to login
Feel free to join the Discord to explain this more, but you could add the Cloudflare SSO auth in-front of vaultwarden so people will see that and not your vaultwarden page
After getting this setup as per the vid, what would you expect to happen if you access via web IP? Is the https issue corrected? If not, how?
Access it via the domain name which will be via https
What if I want to connect via IP rather than domain?
@@ms7165 then you will need to create signed certificates for that IP address. Like you just want to access it locally but via https?
Ok. Now ill just need to figure out how to do that. Thanks
@@ms7165 I’ll need to make a video to cover it at some point, until then check out deliciousbrains.com/ssl-certificate-authority-for-local-https-development/
How secure is it to expose vaultwarden to the internet?
@@joelnohnn1 I wouldn’t, I would make it accessible via a VPN or a Cloudflare tunnel
Have you figured out a way to have the additional authentication to work with the iOS bitwarden app with this setup?
As in if you have the Cloudflare sso in front of your app? I have white listed my public IP address in Cloudflare zero trust which means my phone app can hit bitwarden and then I use my VPN while away from home
@@Techdox you got my question right. How do you whitelist your phone’s public IP address in Cloudflare? Also wouldn’t it change at some time by your phone carrier?
@@kiranjadhav4125 when I’m at home it’s my public IP for my home network and then when I’m away I use my VPN so I continue to use my public IP of my home network. This IP is static.
Check this out - developers.cloudflare.com/cloudflare-one/policies/access/
I got all the way to the end, but when I went to make something in vaultwarden I got an error and it is pointing to the cloudflare tunnel as the issue? I can get to the site fine but not add anything?
What’s the error?
@@Techdox I figured it out, needed to run the CF tunnel as a service in Ubuntu. When I closed the putty terminal it killed the tunnel. (Duh)
Hi I managed to set up Vaultwarden with Cloudflare tunnel.. I am able to access via Web on my PC/Linux/android/iPhone.. However I cannot log in onto the apps or browser extentions.. Any way you could help? I am unable to find an answer 😭
Is your Cloudflare tunnel behind a security policy? For example you can access vault warden via the web but need to login via SSO or do you just hit the vaultwarden UI when accessing the address?
@@Techdox I hit the VW Web UI straight
Thanks!
Appreciate the support! ❤
Does not seem very secure?
Selfhosting comes with the security risks and it’s up to you how you want to secure it the most. Vaultwarden itself is a solid service and then putting it behind something like a vpn or Cloudflare makes it pretty robust