I would set it up locally on raspberrypi with PiVPN and only allow specific IP (bitwarden IP) to be accessible via that VPN connection. Also you will need self-signed cert installed on the devices where you want to access bitwarden if you dont have a public domain.