yogy

You have to login over the internet, not intranet.

You login to Vaultwarden, click on Profile >> Account Settings >> Security >> Two-step login (tab) and choose your flavor

You can always use Goodle Authenticator or something else, there are some options besides email

And BTW, this settings are just fine, don't worry about it.

What exactly is the problem? If you can access Vaultwarden via internet through NPM and Cloudflare with a valid Let's Encrypt certificate, you should be OK. Just keep in mind you need to block admin page via internet (https://vaultwarden.mydomaind.com/admin). It should only be accesible via LAN. You should insert the following code in NPM (vaultwarden proxy host) >> Advanced >> Custom Nginx Configuration location /admin { return 404; }

Maybe this would help https://bitwarden.com/help/setup-two-step-login-yubikey/

Check Recommended Posts (all the way up of this thread), you need to change the repository.

You have 2FA as added security, just activate it. If you are using Cloudflare with Reverse Proxy and master password with all kind of characters (numbers, upper and lower letters, special characters) and at least 14 characters long you are pretty secure. In my opinion 14+ characters and 2FA should be sufficient for this kind of app (+admin portal accesible only from LAN, not from the internet).

That is a great idea. I would also be very much interested in this.

The only one I could remember is Spaceinvader One on YouTube.

I hope you have a backup of your login details and other valued stuff stored somewhere, so I would recommend to delete everything and build from scratch and import to the new vaultwarden app. Also be carefull and don't forget to login to your admin page (with created token) and do not allow signups.

Did you remove and reinstall the app again? Seems like your uuid has changed. Did you try to manually enter some data in the database?

Well, I don't think it's designed to work like that and it simply doesn't allow unsecure connections. Maybe it could work with self signed certificate, but I cannot confirm this even works. It is intented to work only via https. I understand you are worried about security and wants to access Vaultwarden via LAN only, either through VPN, Proxy etc. But if you set it up correctly (reverse proxy, Cloudflare, valid certifikate, etc.) and use 2FA you are doing everything to mitigate that risk. But like I said I understand some people doesn't want to expose their Vaultwarden to the internet but maybe someone else could provide you with assistance doing that. I never tried but I think it's doable. Sorry, this is not much help to you but maybe someone else can provide some assistance.

You need to access Vaultwarden via secure connection with a valid certificate, that's it. It won't allow you to connect to it via http.

OK, thanks, will do

Didn't want to open another thread since I fit the category. My unRaid server froze during the night, couldn't login, couldn't SSH, I did a restart, parity check started and everything is back to normal. I had some memory module isues before and after aprox. 1 year later server froze again. My motherboard is ASUSTeK COMPUTER INC. Z10PA-D8 Series, Version Rev 1.xx. Can someone please check my diags file and provide some info what could be wrong. Thank you. unrsrv-diagnostics-20220118-1640.zip

Try with this: https://github.com/dani-garcia/vaultwarden/wiki/Running-without-WAL-enabled

Open an extension (Chrome), click on the cog wheel (upper right) and enter your server URL under SELF-HOSTED ENVIRONMENT, then click on the login and enter your credentials. Do the same with your android app.

Have no more ideas. Where does SWAG keeping the certs, maybe worth checking. Or you need to enable something there, just guessing. I don't use it, prefer Nginx Proxy Manager.

Obviously, otherwise it would allow HTTP connections. This implementaion is forcing all connections to use TLS.

I think your problem is here. Did you try to completely delete the android app and install it again or at least delete the apps cache?

You have a good video with a guide how to do a few posts up. You can also search YT or internet for more guides. I'm sure you can do it 👍. But you can always post questions here, I'll try to help.

I understand your frustration. You only used Vaultwarden in LAN and if you need it from outside you used VPN. I'm not sure if local access could be established with self signed certificate, just because I never tried that option. I would warmly suggest you to buy a domain (it's very cheap) and that is the only cost. All in all you can use your domain, e. g. subdomain for other access also (emby, plex, nas, blog, website .... you name it), it's usefull. Setup Nginx Proxy Manager container, connect your domain to Clouflare and you are preety safe. It's not so hard to do, it really isn't. Not to mention Let's Encrypt certs are also free.

Yes you can, but in that case it's more exposed to possible "attacks". You should open port(s) on your endpoint but if you use NPM you don't. I would still consider using Cloudflare DNS and add aditional layer of security. If not selfhosted you could also run it in the VPS, but then you should protect the acces to that VPS properly. There are many options, consider finding what suits you best and most secure.

It could be with self signed certificate, properly imported to Vaultwarden. Since you're not tech savvy as you said, try to find videos on You Tube how to setup Nginx Proxy Manager. You also need your own domain, which later could be added to Cloudflare to boost security, using their DNS service. Watch this video, might be very helpfull. If you need additional support just ask, but do your "homework" first, please.