Skip Navigation

Vaultwarden has such a steep learning curve

But I want it so badly! All i need to figure out is:

reverse proxys (I stumbled through getting one caddy instance setup so far but gosh I struggle with that also, nginx proxy manager seems like my next step)

a rock solid backup/restore setup (but first I need to figure out where the vaultwarden alpine files live, then be able to get those off of the proxmox vm)

this is more of a vent, than a request for someone to spell it all out for me. But I wouldn't be upset if anyone had the time to point me in the right direction for me.

Would it just be easier to run a keypass XC and syncthing setup?

33 comments
  • That's more of a general DevOps/server admin steep learning curve than Vaultwarden's there, to be fair.

    It looks a bit complicated at first as Docker isn't a trivial abstraction, but it's well worth it once it's all set up and going. Each container is always the same, and always independent. Vaultwarden per-se isn't too bad to run without a container, but the same Docker setup can be used for say, Jitsi which is an absolute mess of components to install and make work, some Java stuff, and all. But with Docker? Just docker compose up -d, wait a minute or two and it's good to go, just need to point your reverse proxy to it.

    Why do you need a reverse proxy? Because it's a centralized location where everything comes in, and instead of having 10 different apps with their own certificates and ports, you have one proxy, one port, and a handful of certificates all managed together so you don't have to figure out how to make all those apps play together nicely. Caddy is fine, you don't need NGINX if you use Caddy. There's also Traefik which lands in between Caddy and NGINX in ease of use. There's also HAproxy. They all do the same fundamental thing: traffic comes in as HTTPS, it gets the Host header from the request and sends it to the right container as plain HTTP. Well it doesn't have to work that way specifically but that's the most common use case in self hosted.

    As for your backups, if you used a Docker compose file, the volume data should be in the same directory. But it's probably using some sort of database so you might want to look into how to do periodic data exports instead, as databases don't like to be backed up live since the file is always being updated so you can't really get a proper snapshot of it in one go.

    But yeah, try to think of it as an infrastructure investment that makes deploying more apps in the future a breeze. Want to add a NextCloud? Add another docker compose file and start it, Caddy picks it up automagically and boom, it's live and good to go!

    Moving services to a new server is also pretty easy as well. Copy over your configs and composes, and volumes if applicable. Start them all, and they should all get back exactly in the same state as they were on the other box. No services to install and configure, no repos to add, no distro to maintain. All built into the container by someone else so you don't have to worry about any of it. Each update of the app will bring with it the whole matching updated OS with the right packages in the right versions.

    As a DevOps engineer we love the whole thing because I can have a Kubernetes cluster running on a whole rack and be like "here's the apps I want you to run" and it just figures itself out, automatically balances the load, if a server goes down the containers respawn on another one and keeps going as if nothing happened. We don't have to manually log into any of those servers to install services to run an app. More upfront work for minimal work afterwards.

  • I use bitwarden and the setup was fairly standard with the helper script. I use my own isolated proxy for all my services so that was already built. I haven't used vaultwarden but if anyone that has used both can tell me the differences I could maybe help out.

    • VaultWarden is pretty much the same setup, the big difference being that it doesn’t take like 4 GB of ram.

      I switched over years ago because Bitwarden server is chunky for like no reason.

      • If it's the same then after installing docker, creating a vaultwarden user, adding said user to docker group, and creating your vaultwarden directories, all that's left is to curl the install script and answer the questions it asks.

  • maybe its just me, but self hosting is more about learning to run and then simplify my setup. Thats why I read the documentation for the project I want to deploy, then see if I have anything that looks similar. But as I've been doing self hosting for almost 20 years, plus working at a SaaS company. I have done a lot of things with a lot of different tech

    All my docker stuff has a very common look to it, also I have tried a lot of stuff. See my Git repo with some examples -> https://github.com/mhzawadi/docker-stash

33 comments