I spent some time going down a rabbit hole to find out why our self-hosted server was making quite a few outbound HTTPS connections. There are other older posts in the forum here that indicate that the only outbound connections that a self-hosted server makes is to the notification API. That’s no longer true.
After setting up auditd to track what process was making these connections, I found the answer:
type=PROCTITLE msg=audit(07/10/2023 13:39:48.116:2479468) : proctitle=dotnet /app/Icons.dll
There’s an “icons server” included with the app that goes and downloads icons to be displayed alongside vault entries. It’s documented here: Privacy when using Website Icons | Bitwarden Help Center. There’s a very small note on that page relating to self-hosted installations that mentions that it doesn’t use a CDN and that “requests will always hit your icon container directly”.
What that doesn’t tell you is that the icons server will essentially act as a proxy. If the icon doesn’t exist or has expired, the icons container will make a request to the website in the vault item to grab the icon.
It doesn’t appear as though there’s a way to turn this off globally. I would guess that you could just not run the icons container, and that would do the same thing as setting up a firewall that blocks those outbound connections.
Anyway, I didn’t need to necessarily disable the outbound connections, I just needed to know what was doing it and why. Posting the results of my research here to hopefully save any other intriguing minds a little time and effort 