[[support] Vaultwarden (formerly Bitwarden_rs)]

On 12/1/2021 at 9:57 AM, yogy said:

Have no more ideas. Where does SWAG keeping the certs, maybe worth checking. Or you need to enable something there, just guessing. I don't use it, prefer Nginx Proxy Manager.

 

I switched from swag to Nginx proxy manager, and it immediately started working.

 

I noticed that ngnix looks like it uses dedicated certs for each subdomain, while swag uses a single cert for all subdomains listed. I went back to swag and tried setting bitwarden as the only subdomain and it worked.  Not sure what it takes to make swag work with multi subs but nginx seems to be doing to job, so I'll stay there for now.

 

[[support] Vaultwarden (formerly Bitwarden_rs)]

does bitwarden require HSTS?

 

 

[[support] Vaultwarden (formerly Bitwarden_rs)]

1 hour ago, yogy said:

I think your problem is here.

Did you try to completely delete the android app and install it again or at least delete the apps cache?

 

Yeah, I've tried that a few times with no changes.  Also I've tried older versions, and tried installing on a few of my old devices that had never had the app before.  I think I have android 10, 11, and 12 attempted.

[[support] Vaultwarden (formerly Bitwarden_rs)]

Edit:  nuking SWAG and starting fresh with Ngnix PM seems to have solved it for the time being.  Not sure what the problem was, but it didn't appear to be related to my vaultwarden setup.

------------------------------------------------------------------

I'm getting my butt kicked by certificates.  The problem I'm trying to solve is the "chain validation failed" when using the bitwarden android app.  Everything else works fine.  The iOS app, macos app, and windows app all work.  All browsers on windows/linux/android/iphone all work perfectly. 

 

What's worse is that I have managed to have the android app working for maybe a day or so after changing to a fresh domain, but then it breaks again once I reissue a cert.

 

I'm running bitwarden through the swag container.  Nothing super elaborate.  Mostly running stock out of the box, per space invader one tutorials.  've tried a few different domains on google, with no change in results. 

 

What I'm most hung up on is I get different behavior checking on SSL Labs vs Digicert.  If it matters, I changed the "only subdomains" key in swag to false, so I could test the main domain.

 

SSL Labs

• mydomain.group   = A
• bitwarden.mydomain.group  = A
• nextcloud.myomain.group = A+

 

Digicert

• mydomain.group   = all green checks
• bitwarden.mydomain.group  = "unable to connect"
• nextcloud.mydomain.group  = all green checks

 

The few brief times the Android app did work, I think it corresponded with the digicert check passing the bitwarden.mydomain.group test, but I'm not positive.  I seem to be at a dead end here though. 

Any suggestions for next steps?

 

 

[[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)]

On 2/4/2021 at 1:30 PM, dfox1787 said:

rebuilt the container and seems to be working but im getting this

 

 

 

Check the container name.  Sometimes the unraid containers are named differently than what the included swag configs are expecting.  eg: "bitwardenrs" vs "bitwarden".