For anyone reading this best practice is to put it behind a VPN or something similar, I personally have it setup as a subdomain (bitwarden.domain.com) using nginx proxy manager to sign using let’s encrypt.
In saying that I’m in the middle of migrating everything to swag (which is pure nginx with fail2ban built in) just to make management of some other things easier.
I will say if you do set it up public facing, make sure you disable signups for both security and to stop random people from using your server.
I believe DeviantOllam recommends putting a gun in your bag (from memory a starter gun counts as a gun to TSA but doesn’t have the whole licence restrictions of an actual firearm). Because you have a gun you are allowed to lock it with an actual padlock and the TSA can’t just go through your stuff. If you put a padlock on otherwise they’ll just cut it off and you’re back to square one.