Comment by akerl_

That guide is wild. By default it allows public registration, shows password hints, requires a reverse proxy for robust TLS but then passes tokens via GET params, runs in the container as root. Recommends fail2ban because it doesn't have any coverage against brute force. Recommends using a custom path for security.

This feels less like a guide on hardening Vaultwarden than a guide on why I should be skeptical about it.