Jump to content

Bitwarden local only without opening ports in firewall?


Recommended Posts

Posted

So I installed Bitwarden RS on my Unraid server. I only want to access it from within the LAN. I also do not want to open any ports in my router. Unfortunately it appears this is not possible. It turns out I can't create a user account if Bitwarden is not on HTTPS. Fine. So I go through the whole work of setting up a reverse proxy, getting duckdns, and buying a domain (only a few bucks anyway). I spent all day setting it up and getting it all connected. Also I had to get Letsencrypt to verify over DNS since my ISP is blocking port 80 (took me half a day before I figured out this was a thing).

 

In the end, it all works. I can access Bitwarden through my domain, I can create an account etc. However, it only works with port 443 forwarded in my router to Unraid's port 1443. If I disable port forwarding in the router, Bitwarden is not accessible.

 

Now, to me it seems kind of ridiculous that I have to go over the WAN in order to access a locally hosted server. I mean, I am running local, and Bitwarden is local. There must be some more efficient way to connect than via the internet...  I am guessing I am probably missing some obvious setting or feature? Is there anyone who can shed some light on this? A reverse proxy may be nice to have for future apps, but in this situation all I wanna do is access Bitwarden locally (and securely).

 

I have extensively searched this forum (and the rest of the internet) but information on this particular thing is scarce. It appears everybody really likes to access Bitwarden from the other side of the world for some reason...

Posted

I think the issue is security, and verifying that everything is secure almost requires an outside authority to verify. Yes, you can do self signed, but I'm not sure how bitwarden would react to that.

 

My bitwarden is currently used in my home, on our phones (WAN), my office (WAN), and a few tech savvy relatives. So, not so much other side of the world, but definitely not all inside the LAN or VPN.

 

I'm pretty sure most people use bitwarden on mobile devices, password security is especially important for those.

Posted

It's confusing. I mean, Is port 443 needed for Letsencrypt, or for Bitwarden? I verify Letsencrypt over DNS and I don't have to have any ports open in my router for that. If it is Bitwarden that needs to go online over port 443, then what for?

 

What is surprising to me is that once you have set up Bitwarden over the reverse proxy, anyone can access the login page if they know the url. Sure, they have to crack the password and then circumvent the 2FA, so it's safe enough. But still, I really don't like the thought of having my password manager available through the internet like that. I'm frankly surprised nobody else seems to have an issue with this.

 

I will check out if I can get Bitwarden to work with a self signed cert. Since the app does not need to be accessed over WAN it should be secure enough. *If* it works...

Posted
2 minutes ago, lococola said:

 

What is surprising to me is that once you have set up Bitwarden over the reverse proxy, anyone can access the login page if they know the url.

Not if you block it in the reverse proxy config.

Posted

I appreciate your help. But it's getting really confusing. I think a reverse proxy is not the solution for me if I don't want to open any ports in my router. So I will start from scratch again and see if I can get Bitwarden to work with some form of self signed certificate. I saw mention of Caddy, perhaps that works better for me.

 

Thanks again though.

  • 1 year later...
Posted
On 5/25/2020 at 2:29 PM, lococola said:

I appreciate your help. But it's getting really confusing. I think a reverse proxy is not the solution for me if I don't want to open any ports in my router. So I will start from scratch again and see if I can get Bitwarden to work with some form of self signed certificate. I saw mention of Caddy, perhaps that works better for me.

 

Thanks again though.

 

Did you manage to get this to work?

I'm on the same page here, not feeling comfortable opening my password manager to the internet.

 

Any tips or alternative would be appreciated.

 

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...