how to configure https for vaultwarden
Latest video I installed vaultwarden from source code, but password manager required secure connection so here is two different way to provide https connection for clients.
Commands:
first way:
sudo curl -fsSL https://github.com/FiloSottile/mkcert... -o /usr/local/bin/mkcert
sudo chmod +x /usr/local/bin/mkcert
sudo mkcert -install
sudo update-ca-certificates
sudo mkdir /opt/vaultwarden/cert
sudo mkcert -cert-file /opt/vaultwarden/cert/rocket.pem -key-file /opt/vaultwarden/cert/rocket-key.pem vault.koti.local 192.168.100.3 # change hostname and ip to your own
sudo chown -R vaultwarden:vaultwarden /opt/vaultwarden/cert
sudo openssl verify -verbose -CAfile /root/.local/share/mkcert/rootCA.pem /opt/vaultwarden/cert/rocket.pem
sudo nano /opt/vaultwarden/.env
ROCKET_TLS={certs="/opt/vaultwarden/cert/rocket.pem",key="/opt/vaultwarden/cert/rocket-key.pem"}
sudo systemctl restart vaultwarden.service
second way:
sudo apt-get update && sudo apt-get install nginx -y
sudo nano /etc/nginx/sites-available/vaultwarden
server {
listen 80;
server_name your-domain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name your-domain.com;
ssl_certificate /etc/nginx/ssl/self.crt;
ssl_certificate_key /etc/nginx/ssl/self.key;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
sudo ln -s /etc/nginx/sites-available/vaultwarden /etc/nginx/sites-enabled/
sudo mkdir /etc/nginx/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/self.key -out /etc/nginx/ssl/self.crt
sudo nginx -t
sudo systemctl restart nginx
sudo systemctl reload nginx
