I’m running the full Bitwarden stack via Docker, including the Nginx webserver. It uses almost no resources (especially compared to the MSSQL database), so I see no point in disabling it.
I changed the ports in bwdata/config.yml to 8̶0̶8̶0̶ 4480 and 4443 according to the FAQ:
These two ports are only exposed to localhost and not reachable from the outside.
My Apache then passes all HTTPS requests from the outside to the Bitwarden Nginx like this:
ProxyPass / http://127.0.0.1:4480/
ProxyPassReverse / http://127.0.0.1:4480/