Latency to Russia or CIS?

Around 35-60 ms to Moscow and Saint Petersburg, 80 ms to Novosibirsk. Better than US East and comparable to Romania.

Does the Netherlands have a data retention law that affects my vault?

No. The data retention directive was struck down by the Court of Justice of the EU in 2014; the Dutch implementation followed and there is no metadata retention obligation on hosting customers.

Can I run Vaultwarden behind Cloudflare on the Netherlands VPS?

Yes. Disable email obfuscation, rocket loader and minification on the vault hostname. Turn on full strict TLS. WebSockets work on the free plan.

How many users can the 1 GB tier hold?

About 20 active. The bottleneck is concurrent reverse proxy connections rather than Vaultwarden itself.

What is the restic chunk size on a small vault?

Default 1 MiB is fine. The repository will be a few hundred megabytes for a year of daily snapshots of a small vault, dominated by attachments rather than the SQLite file.

Self-Hosted Vaultwarden on a Netherlands VPS

Netherlands sits on the densest internet peering hub in Europe (AMS-IX) so a Vaultwarden instance there reaches almost everything west of Moscow in under 40 ms. The Dutch DPA (Autoriteit Persoonsgegevens) enforces GDPR strictly, the Telecommunications Act 13.2a requires lawful intercept only for telecom providers (not for hosting customers), and there is no domestic key escrow law. The combination makes it a strong second pick to Iceland for users who want the lowest possible latency to the EU and the UK while keeping a clean legal posture. This guide covers right-sizing the VPS, Docker compose with hardened defaults, the reverse proxy WebSocket block, Argon2id migration, and backup to Romania or Iceland.

Need this done for your project?

We implement, you ship. Async, documented, done in days.

Start a Brief

Why Netherlands

AMS-IX peering means sub 10 ms to London, Brussels, Paris, Frankfurt and under 40 ms to most of central and eastern Europe. The Dutch DPA fines have teeth: the Booking.com case set the bar that compulsory access requires a clear lawful basis. There is no statutory compelled key disclosure aimed at hosting customers; the lawful intercept duty under 13.2a Tw applies to telco operators. For a small Vaultwarden instance you get the latency of a cloud product without the cloud surveillance exposure.

VPS Sizing

Use the Anonymous Netherlands VPS 1 GB tier for up to about 20 users and the 2 GB tier for under 100. Vaultwarden idles around 256 MB; Caddy adds 60-80 MB; restic during a backup window can spike 200-300 MB. NVMe storage matters because SQLite latency dominates first vault load.

Docker Compose

One Vaultwarden service, one Caddy service, both on an internal bridge network. Vault bound to 127.0.0.1:8080, Caddy on 80 and 443. Set DOMAIN=https://vault.example.nl, SIGNUPS_ALLOWED=false, INVITATIONS_ALLOWED=true, ADMIN_TOKEN as Argon2 hash. The Caddyfile must include the WebSocket upgrade for /notifications/hub*. Restart on reboot, healthcheck the /alive endpoint.

Argon2id KDF

Every user must switch from the default PBKDF2 to Argon2id with 64 MiB memory and 3 iterations. This pushes offline brute force from millions per second on a consumer GPU to single digits. The migration is reversible if needed but should not be reversed; PBKDF2 is acceptable only for legacy clients that have not been updated since 2023.

Encryption Posture

Vault items: end to end encrypted, server side blob is opaque. Email, 2FA secret, organisation names, attachment sizes: visible to anyone with disk access. We protect the disk with full disk encryption, but a legal compulsion can still extract the metadata. Therefore: do not name organisations after the project you actually use them for.

Backups

Restic to Anubiz Host Romania or Iceland twice a day. Repository password generated with openssl rand -base64 32, stored offline (paper in a safe, not in the vault). Keep 14 daily, 8 weekly, 12 monthly. Test restore on a throwaway VPS monthly; without that drill the backup is unconfirmed.

Related Services

Offshore VPS from $17.90/mo Dedicated Servers DevOps Services

Why Anubiz Host

100% async — no calls, no meetings

Delivered in days, not weeks

Full documentation included

Production-grade from day one

Security-first approach

Post-delivery support included

Bulletproof Hosting Providers

DMCA-Ignored Servers

Offshore VPS Hosting

Anonymous Hosting Solutions

Ready to get started?

Skip the research. Tell us what you need, and we'll scope it, implement it, and hand it back — fully documented and production-ready.

Start a Brief Anonymous Netherlands VPS