December 14, 20241 yr Community Expert 12 hours ago, lococola said: I am just having a hard time understanding why I can't just enter the local IP and port of the Vaultwarden vault and connect that way. Yes it wouldn't be as secure but if it's LAN-only then why not. You should be able to... I think that's why we're all confused because that's how it is supposed to work. No SSL needed, no internet required.
December 14, 20241 yr 3 hours ago, MowMdown said: You should be able to... I think that's why we're all confused because that's how it is supposed to work. No SSL needed, no internet required. Well, when I try to login to the vault via its IP address and custom port from my local Unraid machine, I get the login prompt. But after logging in with username and password I get the following message: This browser requires HTTPS to use the web vault Check the Vaultwarden wiki for details on how to enable it And from then on all information I've found points to setting up a reverse proxy or using self-signed certificates. So you really can't use Vaultwarden without HTTPS it seems.
December 14, 20241 yr Community Expert I see, yeah after looking into it further, it seems it's a requirement between Vaultwarden and modern browsers. I'm not sure you have a way out then if that's the case. You'll have to generate certs with LetsEncrypt and copy the certs every 90 days. That will allow you to use it offline in between.
December 14, 20241 yr On 12/13/2024 at 1:04 PM, lococola said: Let me be clear in when I say I say "no internet connection at all" I mean purely for the communication between the local Vaultwarden docker and for example a local computer running a browser. Of course I want to use the Bitwarden browser plugin to login to online websites etc. I am just having a hard time understanding why I can't just enter the local IP and port of the Vaultwarden vault and connect that way. Yes it wouldn't be as secure but if it's LAN-only then why not. OF COURSE YOU CAN There is definitely a disconnect, because I've said multiple times already that what you want is possible - when installation and setup are finished however, you need to use HTTPS for encryption features. If the Vaultwarden docs had been scanned/followed, I don't think there would be a question about this. #1 issue is likely that VW is set up to start on port 80 and that browsers won't use cryptographic features on HTTP - that what prompts the error - VW won't have access to features it needs from the browser. You should use certificates through a reverse proxy. It's not only insanely simple and robust, it's going to be future-proof for whatever browser you use. It's infinitely easier than trying to manage certificate installation and/or procurement from multiple different machines/containers. In a pinch you can also generate self-signed certs with some super long lifetime. Using a certificate doesn't mean you put the Vaultwarden machine on the internet. It doesn't need a path to the internet at all if you only want to connect to it locally. Certs live on your NPM machine, not Vaultwarden machine. If you didn't want to use NPM you could manually copy/install certs from any other machine. Every bit of information and instruction to accomplish all of this is available here in the forum. You're just in the wrong thread right now. Consulting threads specific to the different containers is recommended. 1st, NPM, 2nd, Vaultwarden - optionally 3rd. Tailscale (only if you ever want to connect to services from outside your LAN) I'll repeat myself again (and again). You seem to have started down this path without first outlining and making clear what you want to do, instead getting tripped up in all the minutiae that would have otherwise been ignored as part of an otherwise very simple install and setup process. Vaultwarden is one of the easiest services I've ever set up using Unraid. Edited December 14, 20241 yr by Espressomatic
December 14, 20241 yr Community Expert 1 hour ago, Espressomatic said: OF COURSE YOU CAN There is definitely a disconnect, because I've said multiple times already that what you want is possible - when installation and setup are finished however, you need to use HTTPS for encryption features. If the Vaultwarden docs had been scanned/followed, I don't think there would be a question about this. #1 issue is likely that VW is set up to start on port 80 and that browsers won't use cryptographic features on HTTP - that what prompts the error - VW won't have access to features it needs from the browser. You should use certificates through a reverse proxy. It's not only insanely simple and robust, it's going to be future-proof for whatever browser you use. It's infinitely easier than trying to manage certificate installation and/or procurement from multiple different machines/containers. In a pinch you can also generate self-signed certs with some super long lifetime. Using a certificate doesn't mean you put the Vaultwarden machine on the internet. It doesn't need a path to the internet at all if you only want to connect to it locally. Certs live on your NPM machine, not Vaultwarden machine. If you didn't want to use NPM you could manually copy/install certs from any other machine. Every bit of information and instruction to accomplish all of this is available here in the forum. You're just in the wrong thread right now. Consulting threads specific to the different containers is recommended. 1st, NPM, 2nd, Vaultwarden - optionally 3rd. Tailscale (only if you ever want to connect to services from outside your LAN) I'll repeat myself again (and again). You seem to have started down this path without first outlining and making clear what you want to do, instead getting tripped up in all the minutiae that would have otherwise been ignored as part of an otherwise very simple install and setup process. Vaultwarden is one of the easiest services I've ever set up using Unraid. I looked into it, Vaultwarden will not work over HTTP with the Bitwarden browser plugin due to Crypto APIs requiring HTTPS. source Edited December 14, 20241 yr by MowMdown
December 15, 20241 yr 21 hours ago, MowMdown said: I looked into it, Vaultwarden will not work over HTTP with the Bitwarden browser plugin due to Crypto APIs requiring HTTPS. source This was in the message you quoted: Quote #1 issue is likely that VW is set up to start on port 80 and that browsers won't use cryptographic features on HTTP - that what prompts the error - VW won't have access to features it needs from the browser. Red text "of course you can" in reference to the repeated mention that no internet connection is needed for VW. Edited December 15, 20241 yr by Espressomatic
December 16, 20241 yr On 12/14/2024 at 4:56 AM, lococola said: And from then on all information I've found points to setting up a reverse proxy Just to get deeper into the weeds, if you wanted to avoid running a dedicated reverse proxy but DO intend to run Tailscale for secure VPN access, you can use Tailscale to obtain and server certificates via its MagicDNS feature. I thought I recalled reading about this, so I went looking for it again this morning to confirm... Details: It looks like Tailscale has built-in support to obtain a certificate from Let's Encrypt. And using its MagicDNS, it can serve this certificate to your browser so it doesn't complain when visiting the URL in the cert. In other words, Tailscale already does encrypted VPN, but a browser needs a TLS cert. Use Tailscale for both: https://tailscale.com/kb/1153/enabling-https IMO, this is more work on the long-term than using a reverse proxy and isn't nearly as scaleable. Might be a good solution if you only need to do one or two domain names and don't care that you can't use your own custom FQDN (it uses the tailnet name). Edited December 16, 20241 yr by Espressomatic
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.