I’ve tried unsuccessfully to get Valutwarden working without a proxy. See here. Any request with https leads me to the SSL_ERROR_RX_RECORD_TOO_LONG error, while via http I get the “Loading wheel” running indefinitely.
Despite the top of the page here suggests you can run Valutwarden without internally without proxy, my experience suggest that this is not the case and have tried on different VMs getting the same error. So seems like the only way is going via proxy. From what I’ve read, people seem to suggest that Traefik is the way to go. So I’m thinking of setting it up on my same VM as Valutwarden.
Note that my network is behind a pfsense install on another hardware machine. DNS forwarding is enabled with unbound. Will installing Traefik require changes to pfSense config? Looks like it may be the case from here. For now all I want is getting Vaultwarden going; later down the line I’ll learn how Traefik can benefit the rest of my homelab.
I’m trying to work out the simplest way of getting Vaultwarden going using a minimalistic proxy, as there seems to be no alternative to not having a proxy going. Thoughts?
Traefik is a very robust reverse proxy, but I think you have easier options. If you want to keep it all in the same stack, have a look at Caddy. The configuration is just a few lines. Another very good option since you’re already using pfSense would be to use the HAProxy plugin. You’ll get a UI to manage everything and Tom Lawrence has some very helpful videos about setting it up from start to finish.
100%. I go even further and explicitly advise against traefik these days, and I was a huge proponent of it when it launched.
Caddy is just the best reverse proxy, period. When the experiments for using it as a Kubernetes ingress succeed, it’s going to change everything.
Why would it need experiments? Can you just run it and see if it works? Are you talking about testing it at scale?
I like both very much for what they are and would confirm that Caddy is a lot easier for beginners. The only downside is that you have to rebuild the binary with caddyx for more functionality which can be limiting e.g. for people wanting to start with dns challenges for (wildcard) certificates.
Um… The “barebones” docker compose doesn’t use TLS. How did you try to access the web UI?
Do you have your browser set to HTTPS-only by any chance?
