Therefore it's easy to back up Vaultwarden by backing up the docker volume folder. Most of the time it is in a consistent state (one of the features of sqlite). the database is sqlite3, which is normally closed and is only open for writing on brief occasions when you edit your data in Vaultwarden. So while I'm happy to publish my music, tv, videos, ebooks and a bunch of other things, I'm not going to trust my skillz with my password manager. I'm a fairly unlikely candidate to be subject to a MITM attack, but you never know. It is definitely vulnerable to man in the middle attacks. Because my ISP owns the IP address, and I don't have reverse ptr record, you can't divine my domain names. You have to know one of my domain names to get past my reverse proxy. That is because HSTS prevents access via my public IP address (generally speaking). That will definitely deter the casual user. If you hit in a browser then you get a certificate error, and if you persist you get ERR_HTTP2_PROTOCOL_ERROR. If you hit my publicIP:80 then you get nothing at all (it's not forwarded). But every single one of my publicly published services is subject to Force SSL and HSTS. Having said that, I still have the container ready to use and occasionally I wipe its contents and restore a 1Password export into it.Īs you know, bots just simply knock on every public IP address and common ports. I didn't feel comfortable about it, despite dare I say, having a good idea of what I am doing. However, I no longer use it and have disabled the proxy. It's behind NGINX using NGINX Proxy Manager with "Block Common Exploits", Force SSL, HTTP/2 Support and HSTS Enabled.
0 Comments
Leave a Reply. |