[[support] Vaultwarden (formerly Bitwarden_rs)]

6 hours ago, ultimz said:

Hi,

 

Running the latest version of Vaultwarden and I enabled the push notifications as well. I am also using Nginx Proxy Manager to expose it (with just https and nothing on 3012)

 

I can see from the logs that I am getting these errors:

 

[2023-11-20 12:42:12.277][rocket::server][ERROR] Upgraded websocket I/O handler failed: WebSocket protocol error: Sending after closing is not allowed

 

Is there something I need to configure on NPM or Vaultwarden?

Maybe this can help

[[support] Vaultwarden (formerly Bitwarden_rs)]

1 hour ago, ultimz said:

@yogy does the docker variable (ADMIN_TOKEN) also need to be updated?

If all you did is generate the hash from the same passphrase, then no.

[[support] Vaultwarden (formerly Bitwarden_rs)]

19 hours ago, Stubbs said:

How do you refresh the admin token? Mine isn't working and I cannot login as an admin.

 

I tried using what was in the .json file in appdata, but it did not work.

Is your token in plane text or hashed. If it's in plane text just replace with another, restart the container and it should work with a new one.

[[Plugin] CA Fix Common Problems]

14 hours ago, yogy said:

I have an exact same issue. I'm on 6.12.4. No update of the app available.

And today the issue is suddenly gone. Strange.

[[Plugin] CA Fix Common Problems]

On 8/19/2023 at 11:38 AM, HHUBS said:

Yesterday, it was working then today it just stuck on this. Anyone having the same experience? 

I have an exact same issue. I'm on 6.12.4. No update of the app available.

[[support] Vaultwarden (formerly Bitwarden_rs)]

Hmm, I'm out of options here. I would recommend to check also your DDNS settings. Try to install some other app (something simple like qbittorrent) with access to the internet, setup another CNAME in Cloudflare, add another host to NPM and test if the resault is the same as for vaultwarden (warden subdomain). If it's the same I would start with DDNS settings and also check the certificate.

[[support] Vaultwarden (formerly Bitwarden_rs)]

What port is in docker settings (see picture bellow). Do you use Let's Encrypt for your certificate? If it's the same as mine, change https to http in NginxProxyManager and save.

 

[[support] Vaultwarden (formerly Bitwarden_rs)]

Port 4743 is a HTTP port. Try to change it under Scheme in NPM and report back.

[[support] Vaultwarden (formerly Bitwarden_rs)]

I'm not sure if I understand your question correctly, but in unRAID, updating docker containers is very simple. If you go to DOCKER you will get a notification that a docker container is available for update and then just click update and you are done. 

[[support] Vaultwarden (formerly Bitwarden_rs)]

It doesn't save as of recently or ... Did you update the app recently?

Is "Ask to add login" checked under Settings? Just guessing ....

[[support] Vaultwarden (formerly Bitwarden_rs)]

Here is a very quick guide how to use Argon2 hash for Vaultwarden. You can use different ways to enable access to admin page here but like I said, this is a very quick solution:

1. Go to https://argon2.online/
2. Enter a passphrase in Plain Text Input, click once on the Salt cogwheel and leave everything as default and click GENERATE HASH
3. Go to Vaultwarden Admin's Page >> General Settings and replace your current admin token in plain text with the generated hash value ($argon2i$v=19$m=16,t=2,p=1$YnJvYm1vSD...........)
4. Save and restart the vaultwarden container
5. To login to admin's page you must use your plain text value, not the hash

 

I hope you will find this very quick tutorial useful.

 

[[support] Vaultwarden (formerly Bitwarden_rs)]

You can take a look for admin key in /mnt/user/appdata/vaultwarden/config.json. Use cat command in front of the path and you will see your admin token in plain text.

 

Just FYI. Don't use admin page over the internet. Block it. It should only be accessible via your LAN.

 

If you are using your own domain via Cloudflare, just take a look at my guide how to create Cloudflare tunnel (Zero Trust) for reverse proxy and how to secure your admin page via internet.

[Unraid OS version 6.12.3 available]

My upgrade from 6.12.2 went through just fine. I have Nvidia Geforce 1660 super and 7 docker containers, no vm's. System seems to be working OK.

[Unraid OS version 6.12.0 available]

On 6/15/2023 at 7:35 AM, craigr said:

 

Crap I use both of these, and they are very important to me.  Especially fan control in IPMI.

 

EDIT:  I see IPMI Tools and NUT were taken over by SimonFair.  That solves that  !!!

 

craigr

Does it happen automaticaly or you need to unistall the previous one and install a new one from SimonF

[[support] Vaultwarden (formerly Bitwarden_rs)]

Strange. Can you try Google Authenticator, just to try if it works with this one.

[[support] Vaultwarden (formerly Bitwarden_rs)]

Sorry, I'm not familiar with Swag. The above instructions are for Nginx Proxy Manager (NPM). If you are usin Cloudflare you can ditch self hosted reverse proxy and use this method.

Hmm, as for TOTP .... please explain your method for enabling it and what app are you using?

[[support] Vaultwarden (formerly Bitwarden_rs)]

10 hours ago, Stubbs said:

How do you disable the admin interface on the nginx config? I want to be able to access it locally, but not over the internet.

 

Also TOTP doesn't seem to be working for me, at least not with Aegis on Android.

[2023-06-18 16:20:50.585][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2023-06-18 06:20:50 UTC IP: my.phone.ip.address

 

What reverse proxy are you using?

[[support] Vaultwarden (formerly Bitwarden_rs)]

On 6/16/2023 at 6:00 PM, Gragorg said:

I recently changed my domain name on Vaultwarden.  I logged into the admin panel and changed it in the "domain URL" box to the new one.  After is saved the settings and logged out I restarted vaultwarden but the WEBUI option on the docker still goes to the old domain.  I logged back into Vaultwarden and confirmed that the new domain was saved.  The new domain is working fine.

Delete cookies and cache for this domain in your browser or try a different browser.

[[support] Vaultwarden (formerly Bitwarden_rs)]

Yes this is the correct repo

[[support] Vaultwarden (formerly Bitwarden_rs)]

I recently switched from Reverse Proxy Docker Container (NginxProxyManager - NPM) to Cloudflare's Zero Trust platform. You can find many tutorials online (YT) on how to do that, this is not the topic here. Please find bellow a short guide on

 

HOW TO PROTECT VAULTWARDEN ADMIN'S PAGE (access via internet) WHEN USING CLOUDFLARE'S ZERO TRUST TUNNELS  

 

If you enabled admin's page in Vaulwarden, you should (or already) know it shouldn't be exposed to the internet (only via local network).

 

If you are still using NPM >> Edit (Vaulwarden Proxy Host) >> Advancend, and put the following line under Custom Nginx Configuration

location /admin {
		return 404;
	}

 

If you are using Cloudflare's Zero Trust platform (tunnels) instead, you can secure the Vaultwarden's admin page from being accessed over the internet with the following instructions:

This will be a very simple policy rule, you can later tweak your settings as you choose and try it out

1. In the Zero Trust Overview (https://one.dash.cloudflare.com/) under Access >> chose Applications

2. Click on Add an application

3. Select Self-hosted

4. Tab - Configure App - Enter Application name (example: Vaulwarden_admin_access), subdomain (your actual subdomain for vaultwarden), domain (your root domain) and Path (enter: admin) and click Next

6. Tab - Add Policies - Enter Policy name >> Action (Allow)

7. Under Configure rules >> Include >> Selector choose Emails >> under Value enter the email address you own (have access to, but only you. You can put as many email addresses you want) and click Next.

8. Tab - Setup - no need to configure anything, just click Add Aplication

Now go to your admin's page over the internet (https://sub.domain.com/admin) and you will be presented with Cloudflare's Zero Trust (access) page where you first need to enter one of the authorised emails in step 7. When you receive a code to your mailbox, enter the code in the next page and now you have access to admin's page over the internet.

You can add additional security layers in step 7 (Include >> Add Include or Add require or Add exlude

 

I hope you will find this short tutorial useful. 

[[support] Vaultwarden (formerly Bitwarden_rs)]

If I remember correctly these are defaults in the config file. I would change SIGNUPS_ALLOWED to false. If you don't want to mess with config file, you can do it in the admin's page under General settings. To access admin page via LAN >> http://IP_ADDRESS:port/admin.

[[support] Vaultwarden (formerly Bitwarden_rs)]

Under host try smtp.gmail.com. All other settings you have are good.

[[support] Vaultwarden (formerly Bitwarden_rs)]

What you're asking is out of the topic. Sorry, but you will have to do your own research. Watch some recent YT videos from DB Tech and I'm sure you will find the answer.

[[support] Vaultwarden (formerly Bitwarden_rs)]

On 12/23/2022 at 11:53 AM, Mattti1912 said:

Hello again 

 

I can access the docker through the cloudflare.. But the error is that i cant make the 2fa work. 

and i get this error : The error now is TOTP code .. And a ip error  IP: 172.19.0.1 ...  Anyone that know how to resolve this??

 

thank you

172.19.0.1 is probably your internal docker IP address. You can also try to restrict access in Cloudflare with Applications where you could add policies.

[[support] Vaultwarden (formerly Bitwarden_rs)]

When you're accessing Vaultwarden through the tunnel you hit the intranet zone. It's like using VPN (your IP). You need to access it over the internet, safely. I'm not going to explain in detail how you can accomplish this. Go over this topic and you will find some guidance.