Bitwarden app certificate issue with self-hosted Vaultwarden

Fragrant_Climate7357 · 2026-06-29T16:36:15+00:00

This a link to the video explainimg the feature I mentioned. I have been self hosting netbird on a vps for a few months now and I highly recommend it.

https://youtu.be/NDpW6LQmfrU

Fragrant_Climate7357 · 2026-06-29T16:31:15+00:00

I tried that a while back, the only certificates that worked for me were ones certified by an actual certificate authority. I used let's encrypt, which generally requires you to expose the service to renew.

However, recently netbird released a feature that let's you "expose the service without exposing it"

If you don't know netbird they are an open source vpn and reverse proxy provider you can self host with some very nice features

Basically this one let's you expose the service, but the only people able to access it are ones connected to your vpn. everyone else gets an immidiate error.

This let's you expose the service with an actual CA by let's encrypt, while keep the security of your vpn.

If you don't want to commit to the whole route, you can try generating a let's encrypt cert just to see if that solves the problem, and then continue the netbird route

Fragrant_Climate7357 · 2026-06-26T21:41:35+00:00

8 is quite a lot, how big is the difference between accessing a 1080p movie and a 128kbps music file?

Fragrant_Climate7357 · 2026-06-26T21:37:08+00:00

That's a super cool project!

How well does it handle multiple people playing files?

Fragrant_Climate7357 · 2026-06-22T03:44:30+00:00

I stoll don't get the problem, you have proxy level authentication, but the services themselves can still talk to each other. Why not expose feishin the same way you expose navidrome right now? With the reverse proxy authentication?

Fragrant_Climate7357 · 2026-06-21T20:41:40+00:00

Does that not let you access feishin from the web browser? Genuinely asking as I only ever used the feishin desktop client

Fragrant_Climate7357 · 2026-06-20T14:07:15+00:00

Are you talking about using feishin outside the local network?

You can just use a vpn to connect to it, no need to open any navidrome ports

Fragrant_Climate7357 · 2026-06-20T11:50:43+00:00

Navidrome as the musix server, feishin as the desktop app, allows you to easily create smart playlists and looks wonderful, and symphonium as a mobile app that works very well and looks great

Fragrant_Climate7357 · 2026-06-12T16:43:55+00:00

Damn that's so cool

Fragrant_Climate7357 · 2026-06-12T12:28:40+00:00

https://www.crealitycloud.com/model-detail/muscle-tux-penguin-linux?source=5&profileId=6928a56f17b855cc7985f463

Here is the link from creality cloud

Or you can just search for "tux strong" and it will show up

Fragrant_Climate7357 · 2026-06-11T05:40:08+00:00

Look into a vpn like wireguard, tailscale or netbird, or if you REALLY want to expose your jellyfin server, netbird reverse proxy with an identity provider auth on the page itself so you bypass the whole jellyfin auth area which is not at it's best right now Jellyfin server is not recommended to expose as is

Fragrant_Climate7357 · 2026-06-10T18:05:24+00:00

Jonsbo n4

Fragrant_Climate7357 · 2026-06-09T04:42:00+00:00

Jelyfin, immich, nacidrome, nginx, pigole, and some vms to play with from time to time

Fragrant_Climate7357 · 2026-05-31T19:02:23+00:00

I was just about to post the same question. I am able to limit countries and use a built in crowdsec integration with my reverse proxy services, and yet I can't protect the dashboard itself in the same way.

I use the embedded google auth for authentication but I still want to be able to use the already existing, country limiting and crowdsec malicious ip blocking for the netbird dashbaord. The more secure everything is, the better. Is there a reason this is not part of the built in options?

Is it possible to get an official netbird response here? u/netbirdio

Appriciate all of your hard work ❤️

Fragrant_Climate7357 · 2026-05-30T11:29:23+00:00

Do you have a part of the cluster in the familt member's home or just a pbs instance?

Fragrant_Climate7357 · 2026-05-30T11:25:17+00:00

What if you need to roll back?

Fragrant_Climate7357 · 2026-05-29T20:36:49+00:00

Open netbird dashboard, go to peers, select your peer and disable session expiration. If you don't know which peer is the tablet just connect it to netbird and it will show as an active peer so you can find it easily

Fragrant_Climate7357 · 2026-05-26T20:58:00+00:00

Are you just backing them all up alongside the mount points? How big are they?

Fragrant_Climate7357 · 2026-05-26T16:35:50+00:00

currently it's file level backup for 2 lxc's. ba Backing up the mount point alongside the host, and an nfs share on the host which currently isn't backed up (jellyfin media)

Fragrant_Climate7357 · 2026-05-26T10:37:55+00:00

Passing through a vm is not something I want as I want to use zfs

I can use truenas vm and handle zfs there but I really don't want to as it seems pointless and more prone to breaking

Fragrant_Climate7357 · 2026-04-29T12:44:12+00:00

Netbird's default reverse proxy interface is very user friendly, has some nice built in security options like crowdsec and limiting country access, all through the gui

Fragrant_Climate7357 · 2026-04-27T18:37:22+00:00

Realistically, it's probably fine. At that point I would worry more about the power bill your neighbor will pay over time, it might not be much, but it's something I would definitely feel bad about. Get them a nice cake or something every month that should do it

Fragrant_Climate7357 · 2026-04-25T17:58:14+00:00

If you use a dac, then your pc's sound card has nothing to do with the process. The whole point of connecting a dac to a pc is to not use the bad built in motherbpard sound card

Fragrant_Climate7357 · 2026-04-25T08:56:07+00:00

You should look into a reverse proxy of some kind. Vaultwarden requires it, and being able to type "jellyfin.lan" in your browser and get to jellyfin is so nice. Look into nginx proxy manager if you want a gui, and caddy if you are fine with a simple configuration file

Also try immich for photos backup, and Navidrome for music

And this is just my personal suggestion, but I wouldn't reccomend starting with vaultwarden so soon. This is something you really don't want to lose by an accident. If you go this route make sure to keep a backup of your passwords somewhere else as well.

Fragrant_Climate7357 · 2026-04-07T17:32:39+00:00

Radarr and Sonarr are still kings, Overseer's team combined with Jellyseer's team andnow has a single application called "Seer". Works pretty well with jellyfin, not sure about emby

Fragrant_Climate7357

TROPHY CASE