New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Not really. Avoiding any hassles is the goal, not just to not lose all the passwords. They'd just be spending the time setting up a new VPS and restoring from backup instead of jerking off.
Edit: Actually, no. They'd do a password reset from pornhub, take care of business and then restore the passwords.
that's why I pay Bitwarden 10$/yr the "hassle cost" is much more than 10$/yr for me
I run an instance on my LAN that's only accessible via VPN. Seems like the best setup for a single user in terms of the tradeoffs OP mentioned.
If that's not possible, a very locked down VPS (also only accessible by VPN) might be the next best thing, especially if you've got more VPSs than you know what to do with.
Setting up server using Ansible and cron backup to Backblaze. For 10$ and a little "hassle", I have vault warden, miniflux, wallabag, searx, wireguard,... for a year and spin up a new one in 5 minutes if there is any "hassle".
How do you set up vps to be accessible only through VPN ?
Edit: I think I found the answer
Set up a VPS.
Install a firewall (e.g. ufw )
Install a VPN service (e.g. openvpn )
Block all ports via the firewall, but allow SSH and VPN connections.
Yep, that's basically it, with SSH requiring a key. I prefer Wireguard on a non-standard port for this purpose as well since it simply doesn't respond if you try to login incorrectly.
sudo
is widespread these days, so I usually just completely disable the root user once I've checked that sudo works:On OpenVZ, you'll also want to regenerate the SSH server certificate/key, to handle bad-quality templates that don't properly regenerate them. Easiest way is completely removing and reinstalling OpenSSH:
Bitwarden needs a bit of resources as it's designed to scale up to tens of thousands or potentially hundreds of thousands of users. For a small home installation with just a few users, Vaultwarden is more than sufficient. It's an alternative implementation of the server-side - completely different app but with a Bitwarden-compatible API, which means it's compatible with the Bitwarden web UI, mobile apps, and browser extensions.
Bitwarden and Vaultwarden are both great products, they just made different design decisions/tradeoffs
You don't even really need firewall rules for this - Just configure your web server (and other server daemons) to only listen on the VPN IP. With most web servers (including Nginx and Apache), you can configure individual sites to only be accessible on particular IPs.
I'd recommend WireGuard. It's essentially peer-to-peer rather than client-server. There's no such things as "servers" with WireGuard; it's just peers that communicate to other peers. This means that if you have multiple VPSes, and you add each VPS as a peer in the WireGuard configuration on your computer, you'll be able to directly connect to each VPS over the VPN without relying on any one of the VPSes being a central server.
I use a password manager with the vault stored on my computer. I do not have a shared vault, just the local copy.
I do not store my passwords and keys on the internet, no matter how secure they may be today. It is as simple as that.
my vaultwarden runs on a rpi4, locally. works fine.