I’m trying to connect all these things together…
I followed this tutorial to make SSL locally: Quick and Easy Local SSL Certificates for Your Homelab!
it works fine… I have also setup OpenVPN with PiVPN and Adguardhome but all of them were separate from each other as i was trying to do them in a VM at the time being… How can i connect all of them together… Having my local SSL for my Bitwarden and Adguardhome for blocking Ads with OpenVPN to access from outside when im not at home.
Thanks.
We offer Vaultwarden as application within SSL certificate ootb. Usually no need to generate own one. For what reason you need SSL activated on AGH? Usually there is not that much of a benefit.
Anyway you would need to follow official AGH wiki Encryption · AdguardTeam/AdGuardHome Wiki · GitHub there is nothing specific to DietPi
Maybe I misunderstood something along the way… I wanted Adguard Home for blocking ads… etc… then having my local ssl with bitwarden and you said vaultwarden i will check it out… and then i wanted all of that to only be accesible local and then use openvpn to access from outside my network and be able to use everything mentioned before as long as im connected through OpenVPN. Sorry if I’m a bit lost on the idea… Trying to figure things out…
Sidenote… If i switch from bitwarden to vault… Will I be able to backup what i already have in bit and transfer it to Vault…
Thanks
Vaultwarden is a Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Therefore it should be compatible and all you need to do is to export the vault on Bitwarden and have it imported into Vaultwarden afterwards.
I guess you are thinking to complicate.
All components Vaultwarden, AGH and PiVPN are available as pre-configured software options within DietPi and can be easily installed from our software repository.
For PiVPN, I would recommend WireGuard instead of OpenVPN. Should even be the default on PiVPN.
So if i go and install everything just from diet-software, Vaultwarden + PIVPN with wireguard + AGH there will be no conflict with one another and there are no special things to tweak other than setting the values for my static ip and ddns to access it from the outside on PIVPN
Correct, there will be no conflict been these apps and there is no configuration needed as they should work ootb.
Why would you recommend Wireguard instead of OpenVPN for PiVPN?
Because Wireguard has way better performance compared to OpenVPN
I installed PIVNP + Wireguard + Unbound… I can connect to the VPN but I don’t have internet access on it… any advice where to look… Check in this SS what option I selected when installing PiVPN
What DNS server has been set inside your client configuration? You should be able to check inside your client app
Was this intended? I though you like to install AGH?
yeah I wanted to install AGH + Unbound + PiVPN and then after i had all that installed I wanted to proceed and install vaultwarden… The process flow I want is clients go through Unbound then AGH to block ads and stuff and then only be able to access my password manager through VPN
I have a default config for unbound exactly as it comes through installation, then in AGH I have in upstream DNS servers set at 127.0.0.1:5335
Maybe I’m missing something…
Well a little bit of misunderstanding. Path of DNS request is following
Client > AGH > Unbound > Global root DNS
Therefore settings in AGH are correct as they target Unbound in port 5335.
Are you sure your VPN is connecting correctly? Did you set correct port forwarding on your broadband router pointing to your device hosting Wireguard server?
I had to double-check everything and I found out that my port was not open… that’s why I had no internet… Another thing that I did was I followed the video I recommended in my first post using nginx proxy manager and I can access to all of my services inside my network with servicename.customname.duckdns.org for example and it can be done with Cloudflare… It would be nice to see that integration if its possible inside Dietpi too… that way you have your SSL/HTTPS and you don’t have to add anything on the client side as it will always be trusted and no warnings whatsoever… Nothing to import or anything…
Thanks for your help and guidance…
But in this case you don’t need the VPN if you now access your service via HTTPS directly. Or did you still activate the VPN to use services at home?
I activate the VPN just to have access from outside when I’m not at home but only if I’m on the VPN. I also wanted to know whats a good automated backup software you would recommend and if its safe to upload it to the cloud. Thats the only thing I need to set it up for now
If you use VPN, you don’t need to have a reverse proxy like NPM.
Regarding the backup, what should be the use case?
If i don’t need the reverse proxy then how will I access my websites without the warning of the HTTPS without having to import the certificate in every client and also having access to my services without IP because I can with the reverse proxy use https://vaultwarden.myservername.duckdns.org from my network/VPN and I will access that service.
The use case of the backup will be mostly to backup my server stuff including Vaultwarden in case something goes wrong
The VPN connection is already encrypted, no need to use https then.
When you’re connected via VPN you can use hostnames and your LAN domain, if you don’t want to use / remember IPs.
But for services like vaultwarden or any other that uses https I would have to import certificate to the client to get rid of the warning that the connection its not secure… I’m avoiding that part…
I guess OP is pointing to the usage of Vaultwarden as this strictly requires HTTPS. And we create a self signed certificate that usually gives HTTPS warnings or even presents to connect from Apple systems.
Anyway if it is Vaultwarden only, OP would need to decide if he likes to open additional ports 80/443 towards the internet or if he use our guide to upload the self signed certificate to his device.
