1. Point your domain's DNS to server
2. Run a reverse proxy with LetsEncrypt integration (Caddy, NGINX Proxy Manager, Traefik, etc)
3. Run the Docker command
What people consider "advanced user" varies quite a bit and there's a lot of subdomains in computing. (Though maybe the term is also degrading...)
A lot of advanced users don't have servers, and they don't want to expose their desktop or an appliance to the internet. Moreover, are you going to trust your precious password information on a leased server run by Linode or whoever?
On topic, I use Bitwarden, but their changes to the iOS application are very annoying. I've been logged out repeatedly (at least once per week) and it keeps requiring me to input my password, without any way to reduce the overhead. It's so frustrating that I've been considering switching to the native iOS password app; if it was available on Linux, I would bid farewell to Bitwarden.
A problem I had was my encryption settings. Definitely I am a bit overkill[0], but this might be worth checking. I use Argon2 and tried to find the max settings I could use on my iPhone16. Make sure the KDF memory is lower than 256MB. Keep iterations low (<=10) and parallelism not too high (4 seems about right). So do something like 128MB, 8 iterations, 4 parallel and you'll be good. If this reddit post is anywhere near accurate, should cost in the tens of millions of dollars to crack your master passphrase[1]. But users there also are saying they can get higher settings so YMMV. (BTW, these settings should be changed from the bitwarden website)
[0] Philosophy has always been: make it as secure as possible without being meaningfully impactful. Which is always above the standard security levels.
[1] https://www.reddit.com/r/Bitwarden/comments/1167rwm/pbkdf2_v...
Plus, is a website going to support it? So many websites are shifting to OAuth, and making it the __only__ form of authentication. I really don't like this AND they usually only support a very limited set of authorities which is almost exclusively "Google and Apple", so I can't even run my own. The fuck is the "O" mean in "OAuth" then?! (╯°□°)╯︵ ┻━┻ I'm trying to __reduce__ my (meta-)data exposure, not increase it!
Like good god, I don't know if it is a conspiracy or stupidity that's causing all this centralization and I'm not sure there's a meaningful difference. (unintentional or implicit conspiring rather than explicit)
This is Hacker News, surely there's people here that are fighting/pushing back. It's unclear to non-security experts like me how to actually do this besides not use a service (far easier said than done. These choices are often forced upon people)
