so i’ve got bitwarden going on my home server. cool. however i use cloudflared tunnels for my remote access. which works fine, the browser ext is able to piggyback on the auth cookie from cloudflare access when i login. however, the android/IOS crowd doesn’t work that way, the app is an app and doesn’t share certs or cookies with the browser. i can’t be the only person whose set themselves up this way. does anyone have an idea of how to make the mobile apps work through cloudflare access? i like not having my server open to the public internet, so i’d like to keep it this way. i assume there must be some work around, because even if someone had opened their service to the web, the probably use a proxy like nginx and use some auth method there that would stop up the BW app connection.
I don’t think there is a good way to use something like cloudflare access without integrating compatibility into the app. Your best bet if you really don’t want to make your instance public is making a PR on github.
Edit: You might be able to host your own wireguard and ditch cf access but that would mean only being able to access Bitwarden while connected to the VPN. You might also be able to set an “allow ip” rule from cloudflare access bypassing any manual authentication.
what do you mean a PR on github?
i mean i could use the wireguard route, i do have that as a backup if cloudflared should ever fail, but it’s less convenient to have to connect to the vpn and BW requires SSL, so i’d have to go through the whole shenanigans of nginx and forcing https locally for that to work right? cloudflared does that for me without any config. i guess i could set a bypass rule for my phone’s IP? do they change? i’m not familiar enough with that to risk it.
I don’t wanna tell you what to do, but if you aren’t familiar enough then you probably shouldn’t be self hosting it. I’m not, so that’s why I don’t. Sorry I couldn’t be of more help.
well that’s no fun. how are we ever to learn if we don’t try? i mean, it’s setup, it’s going and works fine and is secure. i’m just trying to figure out how to make work on mobile apps which if i had it setup less secure, would be easier.