this post was submitted on 11 Jul 2023
340 points (98.0% liked)
Asklemmy
43893 readers
1207 users here now
A loosely moderated place to ask open-ended questions
Search asklemmy π
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- !lemmy411@lemmy.ca: a community for finding communities
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Bitwarden, self hosted.
+1 for Bitwarden here. One day I will go down the self-hosted route.
I have the server, just dont trust myself enough to cut the cord from BW servers.
I've put Vaultwarden online and have configured it to backup over the network through duplicity. Updates are automatic (I have a cronjob that just does docker pull/stop/rm/run without checking the error codes). No downtime so far!
It's been a while since I've used the official Bitwarden server, but Vaultwarden is pretty much foolproof. It's one of the easiest programs to self-host that I've come across.
Ah, you like living on the edge π
I don't trust automated Docker updates... There can be breaking changes between versions. I don't want my Docker containers to automatically break themselves :D
It's a testament to Vaultwarden's update policies, not to my amazing server practices!
You're right that this is a terrible idea and it will inevitably bite me in the ass, but keeping up to date with a dozen of self hosted services is a faff and I'll accept the 15 minutes of docker fuckery to revert the updates if it means I don't need to remind myself to perform server maintenance.
Yeah, there's a lot to be said for letting the hosting be done by people who know what they're doing.
If I may, what are the requirements to make it self hosted?
The official Bitwarden server: 2-4GB of RAM, mostly because of the SQL server and all of the separate containers. Probably at least two CPU cores to prevent one process from lagging everything out. 12-24GB of storage.
For Vaultwarden, the Rust reimplementation of the backend server: I don't know, about 128MB of RAM? It's using about 40MB of RAM on my server. It's using about a minute of CPU time per hour for my install. Storage requirements are "the size of the docker container plus some database files".
Both: a TLS certificate (Let's Encrypt) and as much free space as you plan on sending through their encrypted file sharing service. Also the storage and configuration for your automated backups, of course.
Vaultwarden isn't audited and it takes longer to get all of the features because it's a hobby project and not an enterprise company. Bitwarden is set up to easily scale to whole company/whole enterprise usage. Vaultwarden is set up for "you and your family" scale which probably works fine for larger scales but I don't think it's set up for it out of the box.
@skullgiver @speaker_hat I'm considering spinning up a VW server right now. Thanks for laying out the reqs!
How do you make the sever available via the Internet? Do you host it on a cloud provider (e.g. AWS EC2)? or do you self host on your own bare metal machine?
You can just open a port in the firewall/port forward a local server if your home ISP isn't shit. If it is shit, you can run it in the cloud somewhere. I wouldn't go with Amazon, they're terribly expensive for hobby projects (who needs multi zone failover for a personal hobby project), any $5 VPS provider will do. Just make sure to install updates automatically so you don't need to keep a close eye on maintenance and you should be golden.
Alternatively, if you don't want to expose your server to the internet, you can set up a VPN server on your cloud server and only expose the password manager to your VPN. Wireguard is relatively simple to set up for this purpose, but tailscale (and whatever the self-hosted tailscale server is called) makes things even easier.
A cheap <$20/year VPS is sufficient to host Vaultwarden. No need to spend several times that. My Vaultwarden installation is only using 120MB RAM, so a 1GB RAM VPS would be more than sufficient. Take a look at RackNerd, HostHatch, GreenCloudVPS, and the other top providers on LowEndTalk. RackNerd's latest sale has a VPS plan with 1GB RAM and 14GB SSD storage for $11.38/year: https://lowendtalk.com/discussion/186994/boom-boom-4th-of-july-deals-come-come-deals-freebies-by-racknerd, but I'd personally go with the 4GB RAM and 75GB disk for $47.88/year, since self-hosting is addictive and you'll find plenty of other stuff you want to host.
(I'm not affiliated with any of these companies)
I would trust the absolute bottom of the barrel services with unimportant things like blogs, but I don't want my password manager to be hosted there. It just feels too sketchy to me.
Given the prices of these VPSes, you could get two or three with different providers and have a warm standby in case of any issues.
RackNerd is legit though - a real company with a physical office. I've had some VPSes with them in the past, and only got rid of them because I wanted to consolidate a few things.
Look up "Vaultwarden"