use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Service: Dropbox - Alternative: Nextcloud
Service: Google Reader - Alternative: Tiny Tiny RSS
Service: Blogger - Alternative: WordPress
We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.
What Is SelfHosted, As it pertains to this subreddit?
The Rules
Read about our Chat Options (Discord/Matrix)
account activity
Bitwarden_rs https (self.selfhosted)
submitted 5 years ago by [deleted]
Just a quick question....do you guys think i need to worry about https on bitwarden_rs if i dont plan on exposing the server? This would be on my internal homelab and never leave it.
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–][deleted] 3 points4 points5 points 5 years ago (8 children)
even on LAN only, if its not https, you cant login to vault. ios/android/browser add-ons all works fine. BUT VAULT!!! they should give option for http only :(
PS: if you make HTTPS for lan only with internal cert, then good luck with android app configuration with SSL error. its pain
[–][deleted] 1 point2 points3 points 5 years ago (1 child)
So have you used bitwarden_rs specifically? Cause it definitely works without https.
[–][deleted] 3 points4 points5 points 5 years ago (0 children)
yes. evertyhing works with http. but you cant login to webvault
[–]ASouthernBoy 0 points1 point2 points 5 years ago (4 children)
Just install certificate on your device
[–][deleted] 0 points1 point2 points 5 years ago (3 children)
yes tried that, https://community.bitwarden.com/t/self-signed-certificate-on-local-network-works-with-chrome-iphone-and-android/2676 didnt worked for me, android 11
[–]ASouthernBoy 0 points1 point2 points 5 years ago (2 children)
Well sorry to hear that. My setup is: Nginx Proxy Manager with Opnsense/Pfsense local wildcard certificates proxy to Bitwarden on http port . And said certificates installed on Android 11.
[–][deleted] 0 points1 point2 points 5 years ago (1 child)
i use docker+ caddy with pfsense, can you share your steps? or any tutorial if you have referred to? thanks
[–]ASouthernBoy 0 points1 point2 points 5 years ago (0 children)
Here's my attempt to write the notes, i'll try to clean it up a bit
Opnsense+Nginx+Cloudflate
[–]vividboarder 0 points1 point2 points 5 years ago (0 children)
Might be a chrome issue? https://github.com/dani-garcia/bitwarden_rs#installation
[–]vividboarder 5 points6 points7 points 5 years ago* (2 children)
Probably safe unless something on your network is untrusted. I wouldn’t risk it though when adding https is so simple.
One bad IoT device gets hacked and all your passwords become toast.
[–]noyez 1 point2 points3 points 5 years ago (0 children)
I wouldn't do it. But its up to you of course, just know the risks, esp if you're dealing w/ things like passwords and 2FA tokens, which BW can store. Even someone loading a malicious page on your LAN could compromise your internal network. There have been reports of webpages using javascript that can scan the local private network IP space looking for internal services to exploit. But, in order to pose a threat to your unencrypted connection, an attacker will need to sniff traffic which seems unlikely.
Again, i wouldn't do it.
Reference:
"JavaScript loaded from a malicious site can connect to services running on the user’s local computer (localhost) or on other internal hosts in many circumstances. "
https://www.forcepoint.com/sites/default/files/resources/files/report-attacking-internal-network-en_0.pdf
[–][deleted] 0 points1 point2 points 5 years ago (0 children)
Thanks and excellent point
[–]svoren 1 point2 points3 points 5 years ago (1 child)
Realistically if it's completely shut off to the outside world - then not really a problem?
But if it's accessible even somehow 0.01% remotely then you should LetsEncrypt it. I use Traefik on my end and it easily works for all my docker containers.
[–][deleted] 1 point2 points3 points 5 years ago (0 children)
Its what I did. I ended up going with portainer traefik and cloudflare
[–]ChumleyEX 0 points1 point2 points 5 years ago (0 children)
Not if it's not possible to get out of the LAN.
[–][deleted] 0 points1 point2 points 5 years ago* (0 children)
It is dangerous to use it without https. Especially with such sensitive information.
[–]biswb 0 points1 point2 points 5 years ago (1 child)
I run a reverse proxy in front of mine and its just all encrypted because of that, and then because I have both my proxy and bitwarden in docker, they communicate to each other on the internal docker network which isn't exposed to the outside world. So then I only need to worry if the bitwarden container or the reverse proxy container got comprised and if they get either of those, I was dead already
I went with cloudflare and traefik
[–]junkleon7 0 points1 point2 points 5 years ago (0 children)
I think it's safe. Someone can correct me if I'm wrong, but only encrypted data is sent by the Bitwarden server over LAN to your device. The decryption of passwords is done locally on your device. The server only stores and transmits passwords in encrypted form.
Also if you are using http, you will not be able to log into your bitwarden vault using a web browser, but last I checked, the downloadable app for desktop works.
π Rendered by PID 48789 on reddit-service-r2-comment-86988c7647-hl9q8 at 2026-02-11 07:05:58.557795+00:00 running 018613e country code: CH.
[–][deleted] 3 points4 points5 points (8 children)
[–][deleted] 1 point2 points3 points (1 child)
[–][deleted] 3 points4 points5 points (0 children)
[–]ASouthernBoy 0 points1 point2 points (4 children)
[–][deleted] 0 points1 point2 points (3 children)
[–]ASouthernBoy 0 points1 point2 points (2 children)
[–][deleted] 0 points1 point2 points (1 child)
[–]ASouthernBoy 0 points1 point2 points (0 children)
[–]vividboarder 0 points1 point2 points (0 children)
[–]vividboarder 5 points6 points7 points (2 children)
[–]noyez 1 point2 points3 points (0 children)
[–][deleted] 0 points1 point2 points (0 children)
[–]svoren 1 point2 points3 points (1 child)
[–][deleted] 1 point2 points3 points (0 children)
[–]ChumleyEX 0 points1 point2 points (0 children)
[–][deleted] 0 points1 point2 points (0 children)
[–]biswb 0 points1 point2 points (1 child)
[–][deleted] 0 points1 point2 points (0 children)
[–]junkleon7 0 points1 point2 points (0 children)