I would just put a server on the internet with only the bitwarden ports open to the internet. And put the server in its own isolated environment. With automatic updates I would be comfortable with this. Even if for any reason the isolated server gets compromised, the server is mostly a glorified sync server.

Doesn’t the server just hold an encrypted vault? What could go wrong when the server is compromised? Just thinking out loud I don’t know the answer