charmstrong70

joined 1 year ago
[–] charmstrong70@alien.top 1 points 1 year ago

Awesome, thanks for this - couldn't remember from setting it up but it makes sense that it was just docker run.

Would I be safe to just rebuild a new instance from Portainer itself and just point to the same volumes?

[–] charmstrong70@alien.top 1 points 1 year ago

Bitwarden & PurelyMail for me.

I'm using PurelyMail with my own domain but frustratingly emails from my homelab are being blocked by apple.

I guess it's the reputation of my Domain? I've setup SPF, DKIM and DMARC but no dice.

I've (recently) started using Cloudflare for my nameservers so thinking about setting up their DMARK and possibly even move my Domain over to them from IONOS. If it makes any difference, who knows.

[–] charmstrong70@alien.top 1 points 1 year ago (3 children)

OK, thanks for the solid answer. I suppose the core of my question was that pretty much: is it just as secure AND a less likely target than bitwarden. That makes a lot of sense to me. I would probably still worry about the strength of the code , though. Do we know if/how it's been audited?

I mean, your best having a look at the official Git but, i'd say, access/visibility is the most important.

Is it on your LAN/not open then even if it was less secure, it'd still be more secure if you know what I mean.

I host mine on a VPS but it's behind traefik with authelia (and 2FA). Plan is to get fail2ban setup over the next couple of evenings. SSH is cert only, probably going to change the port too but not sure if that's really necessary. I'm comfortable exposing on that basis.

 

Probably a bit of a newb question (and I think I know the answer) but still.....

I want to add labels to my portainer container (to move it behind traefik and authelia) but I obviously can't rebuild from itself.

I also, for some reason, can't find the docker-compose otherwise i'd add them there.

Am I missing something or do I need to rebuild and hope?

[–] charmstrong70@alien.top 1 points 1 year ago (9 children)

Bitwarden has never been breached AFAIK.

What you mean is it hasn't been breached *yet*.

All commercial password managers have a huge, fuck off, target on their backs

Nobody is going to come after some random blokes self-hosted password manager to get access to their Sonarr (I'm trivialising to make the point) as long as if a similar effort would get them into Bitwarden.

It's the same principal as bears in the wood - nobody needs to outrun a bear, just your companion