[support] Vaultwarden (formerly Bitwarden_rs)


Recommended Posts

Just now, Roxedus said:

Personally i have my domain go trough my reverse proxy locally too.

But how? My DNS (pihole) and or router (untangle) know my domain and automatically resolve it. I erased static DNS Entries and it still resolves to local. Flushed DNS too...

Link to comment
17 minutes ago, Roxedus said:

as long as the domian is resolving to the ip of your reverse proxy, and it uses port 443 locally there is no problem

 

Just tried this but still a no go... I am reverting and trying the Rocket TLS things... 

 

Apart from this I had another question, but I'll update about this when I remember...

Link to comment
3 hours ago, live4soccer7 said:

Yes, I always hit save after inputting new settings and then sending a test email after it has saved. What did you do to fix the problem? Are you using port 465 or 587 and do you have TLS checked or not?

I fixed my problem by hitting the save button after changing my settings.  I wasn't doing that before and so the info was not getting saved.  I don't have 2FA enabled on this account.

 

My SMTP settings: 

Host - smtp.gmail.com

Enable SSL and Use explicit TLS are enabled

Port 465

From Address - [email protected]

From Name - Bitwarden_RS

Username - [email protected]

Password - [email protected] password

 

Link to comment

Hi I posted this already but in a wrong thread.

I have issues connecting to bitwarden using my domain.

 

I used to use duckdns for domain and it didn't work so I decided to have my own domain to try and see if bitwarden would work.

first, I know that Letenrypt is set up right with my domain name and subdomains, the log connected to all my 2 subdomain Nextcloud, bitwarden. I . made sure the Cnam is set right spelled right...

 

Second, my duckdns is set up right since my Nextcloud is working following Spaceenvador's Video

for Bitwarden,  i set up the network to custom,  just like Nextcloud.

I tried 2 different config files in letencryp for bitwarden, one with spaceinvador file and i left the  container name as original with bitwardenrs

of course i alway restart my dockers.

 

#BITWARDEN
# make sure that your domain has dns has a cname or a record set for the subdomain bitwarden 
# This config file will work as is when using a custom docker network the same as letesencrypt (proxynet).
# However the container name is expected to be "bitwardenrs" as it is by default the template as this name is used to resolve.  
# If you are not using the custom docker network for this container then change the line "server bitwardenrs:80;" to "server [YOUR_SERVER_IP]:8086;" Also remove line 7

resolver 127.0.0.11 valid=30s;
upstream bitwarden {
    server bitwardenrs:80;
}

server {
    listen 443 ssl;
    server_name bitwarden.*;
    include /config/nginx/ssl.conf;
  client_max_body_size 128M;

  location / {
   proxy_pass http://bitwarden;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
  
  location /notifications/hub {
   proxy_pass http://bitwarden;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }
  
  location /notifications/hub/negotiate {
    proxy_pass http://bitwarden;
  }
}

second i tried the default config which  what was in letenrypt and change .sample to .conf and i change the container name to bitwarden.

make sure that your dns has a cname set for bitwarden and that your bitwarden container is not using a base url
# make sure your bitwarden container is named "bitwarden"

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name bitwarden.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 128M;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app bitwarden;
        set $upstream_port 80;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

    location /notifications/hub {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app bitwarden;
        set $upstream_port 80;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }

    location /notifications/hub/negotiate {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app bitwarden;
        set $upstream_port 80;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

}

 

now the weird part. when i use http://bitwarden.mydomain.com it will direct me to nextcloud i don't understand why?, when i stop nextcloud and try again i have error 502 Bad Gateway nginx/1.16.1

i am able only to connect locally with bitwarden i dont know what am i missing. this was the same using duckdns as domain

Link to comment
On 4/30/2020 at 5:03 PM, ceyo14 said:

Just tried this but still a no go... I am reverting and trying the Rocket TLS things... 

 

Apart from this I had another question, but I'll update about this when I remember...

ok, So for anyone else who might want to do this how I did it, I was able to setup Rocket TLS with only the following on the Extra Parameters in the advanced tab

 

Extra Parameters:

-e ROCKET_TLS='{certs="/data/ssl/fullchain.pem",key="/data/ssl/privkey.pem"}' -e ROCKET_PORT=443

 

Then in unraid Terminal I typed the following to copy the corresponding Letsencrypt Certs from Nginx Proxy Manager (update the port [443] and scheme [https] on NPM too):

scp /mnt/user/appdata/NginxProxyManager/letsencrypt/live/npm-14/fullchain.pem /mnt/user/appdata/bitwarden/ssl/

scp /mnt/user/appdata/NginxProxyManager/letsencrypt/live/npm-14/privkey.pem /mnt/user/appdata/bitwarden/ssl/

Then make sure to change your WebUI HTTP Port to 443 and I also changed the WebUI Link for when you right click on the Dashboard and want to be taken to Bitwarden.

 

image.png.f467884e6864255d79262c41fa2cb084.png

 

I guess I would need to make sure bitwarden copies the cert files on a schedule so when the certs change they are update... not sure how to do this one yet... Any ideas?

 

Also @Roxedus what I forgot earlier is that on the emails I get the Reverse Proxies IP instead of the actual IP, I read somewhere that NPM supports the X-Real-IP $remote_addr; stuff, but I am not sure if it does or what needs to be fixed....

Edited by ceyo14
Remembered what I forgot before...
Link to comment
13 hours ago, ssinseeme said:

Hi I posted this already but in a wrong thread.

I have issues connecting to bitwarden using my domain.

 

I used to use duckdns for domain and it didn't work so I decided to have my own domain to try and see if bitwarden would work.

first, I know that Letenrypt is set up right with my domain name and subdomains, the log connected to all my 2 subdomain Nextcloud, bitwarden. I . made sure the Cnam is set right spelled right...

 

Second, my duckdns is set up right since my Nextcloud is working following Spaceenvador's Video

for Bitwarden,  i set up the network to custom,  just like Nextcloud.

I tried 2 different config files in letencryp for bitwarden, one with spaceinvador file and i left the  container name as original with bitwardenrs

of course i alway restart my dockers.

 

second i tried the default config which  what was in letenrypt and change .sample to .conf and i change the container name to bitwarden.

 

now the weird part. when i use http://bitwarden.mydomain.com it will direct me to nextcloud i don't understand why?, when i stop nextcloud and try again i have error 502 Bad Gateway nginx/1.16.1

i am able only to connect locally with bitwarden i dont know what am i missing. this was the same using duckdns as domain

 

 

I have both working with no issues.  Here's my config in case it helps

 

Nextcloud subdomain config:


 

Quote

 


server {
    listen 443 ssl;

    server_name nextcloud.*;

    include /config/nginx/ssl.conf;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomain; preload;";
    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_nextcloud nextcloud;
        proxy_max_temp_file_size 2048m;
        proxy_pass https://$upstream_nextcloud:443;
    }
}

 

 

Bitwarden subdomain config:

 

Quote

 

resolver 127.0.0.11 valid=30s;
upstream bitwarden {
    server bitwardenrs:80;
}

server {
    listen 443 ssl;
    server_name bitwarden.*;
    include /config/nginx/ssl.conf;
  client_max_body_size 128M;

  location / {
   proxy_pass http://bitwarden;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
 
  location /notifications/hub {
   proxy_pass http://bitwarden;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }


  location /admin {
          return 404;
      }
 
  location /notifications/hub/negotiate {
    proxy_pass http://bitwarden;
  }
}

 

 

Hope it helps.

Edited by bugster
typo
Link to comment
9 hours ago, bugster said:

 

 

I have both working with no issues.  Here's my config in case it helps

 

Nextcloud subdomain config:


 

 

Bitwarden subdomain config:

 

 

Hope it helps.

Thanks for sharing mine was a little different as you see above, i tried your config file and i have the same thing. i know this is not Letencrypt help thread but i believe it is the probleme. what did you set your port 443 and 80 in letengrypt. please see this my Letenrypt docker and let me know if it is the same i have follloed SpaceiCapture.thumb.PNG.d2bedc60064f5468b49d15d9c379d89f.PNGCapture.thumb.PNG.d2bedc60064f5468b49d15d9c379d89f.PNGnvador set up

Link to comment
On 5/1/2020 at 6:05 PM, ssinseeme said:

Thanks for sharing mine was a little different as you see above, i tried your config file and i have the same thing. i know this is not Letencrypt help thread but i believe it is the probleme. what did you set your port 443 and 80 in letengrypt. please see this my Letenrypt docker and let me know if it is the same i have follloed Spaceinvador set up

 

Mine is same as yours. What port are you using for nextcloud?

Link to comment

Try port 443. I know spaceinvader says to change it, however that is the only way I could get mine to work as well. It was weird as it didn't make sense to me because I changed the port in the conf files, but it was like it wouldn't listen to what I was setting. It was like there was another setting somewhere defining which port nextcloud was listening on. I also left the bitwarden on the default port too. I was able to get both working.

Link to comment
6 hours ago, live4soccer7 said:

Try port 443. I know spaceinvader says to change it, however that is the only way I could get mine to work as well. It was weird as it didn't make sense to me because I changed the port in the conf files, but it was like it wouldn't listen to what I was setting. It was like there was another setting somewhere defining which port nextcloud was listening on. I also left the bitwarden on the default port too. I was able to get both working.

Did you change anything else. Because I change d the port from 444 to 443 in Nextcloud docker and it giving me Error 502 and nginx 1.16.1. Did you change the config file to your localIP:444 to 443?
for bitwarden port 80 default will not work. It fail the compile. ! Could you share screen shots. Thanks. 

Link to comment
  • 2 weeks later...

Hi, I just wanted to add to this thread a trouble I hit with SMTP in the Admin panel.

No matter what combinations of settings I used, or providers I used, even following the various example email SMTP setups in this thread it would always result in this line in the logs:

Quote

[response][INFO] POST /admin/test/smtp (test_smtp) => 400 Bad Request

 

I ended up disabling the "enable" option, saving, enabling the "enable" option, saving, then trying to send a test email and it worked. Without adjusting any further settings. Was starting to annoy me but glad it is resolved. Tried and tested "turn if off and on again" to the rescue.

Link to comment
  • 2 weeks later...

Hi, I have already searched all over the internet but did not find anything. Is there a way to make the admin panel login more secure?
E.g. with a 2FA or something like this.

I have a very long admin token, but I don't like the fact that theoretically everybody can reach the admin panel with the admin token.

Link to comment
5 hours ago, Teddybaer123 said:

Hi, I have already searched all over the internet but did not find anything. Is there a way to make the admin panel login more secure?
E.g. with a 2FA or something like this.

I have a very long admin token, but I don't like the fact that theoretically everybody can reach the admin panel with the admin token.

At the top of every page of this thread.

https://forums.unraid.net/topic/88086-support-bitwardenrs-bitwarden_rs/?do=findComment&comment=847803

 

  • Like 1
Link to comment

Hi, looking for a little help to https working with NginxProxyManager. Screenshot shows config for vault.domain.com

 

http works fine when using http scheme, disabling ssl/http2 and forward port to 1080 (configured in bitwarder container as well).

http also works fine by going to the local server IP:1080, however can't login as admin because it says https is required.

Is there a way to log in locally with https?

 

With the below https config, firefox gives error "This page isn't redirecting properly"

 

image.png.32701905b85b56706177dae06bea222c.png

 

image.png.bf50b7ae8df6c809029937dafaf61b42.png

Edited by itlists
Link to comment
  • 1 month later...
  • 2 weeks later...
  • Roxedus changed the title to [support] Vaultwarden (formerly Bitwarden_rs)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.