+1 for this, I have an active subscription with Bitwarden, for US$10 a year it’s worth many times that in the value and utility it provides me. I considered self-hosting the service but I decided to just stick with the cloud version since they likely have better resilience than my homelab. It’d suck if my home network is down for whatever reason and I need urgent access to my vault without a local copy within reach.
80, 443 for HTTP/S, and 587 for a VPN service. Reason being that I travel frequently, and often have to connect through a bunch of different networks, Airport WiFi, mobile roaming, hotel WiFi, etc. and you never know the kinds of network restrictions they impose on their pipes.
80 and 443 is least likely to be dropped, while 587 is a common SMTP port that could make it through most networks.