[support] Vaultwarden (formerly Bitwarden_rs)


Recommended Posts

Was going to use vaultwarden to save my passwords, but only have it accessable via the local area network, using vpn to connect to my network and sync passwords if i am not on the lan.

 

The problem is whenever i setup Vaultwarden it tells me it wont work without https with my browser. It seems very cumbersome to deal with internal certificates, is there a way to bypass this? I do not wish to expose vaultwarden to the internet as i have access to my network when using vpn anyway.

 

Letsencrypt only works if letsencrypt can valide the certificates from their servers which won't work if the host is offline. Any good solutions here? I want to have certificates more or less seamless without having to manually deal with them each time they expire but i also only want my vaultwarden to be accessible from lan, never from wan.

 

 

Link to comment

Hi guys,

 

I need help with vaultwarden, this is my log when start container.

What I need to do to solve this problem?

 

Second problem is can't login to my vault on android phone.

On Macbook can't sync vault, when I go to web/https everything is working.

 

Before few days phone and mac was working.

 

 

179341952_Screenshot2021-08-17at20_18_40.thumb.png.03dacd7ec539d389f4f08b0a8280899e.png

Link to comment

You should enter the admin panel (https://yourdomainname/admin) enter your admin token and correct things with the warning. As I can see you didn't configure your admin token which you should. Recreate the container, use false for signups and invitations allowed and create admin token with the following command in terminal without quotes "openssl rand -base64 48" which will generate very complex random key to be used as admin token.

After you do all of this prevent the access to admin panel via internet (local network only), see recommended post  from @Roxedusat the top of this thread.

Link to comment

working only access from local ip and https (sub.domain.com)  from web browser.

When I try connect from mobile app and from mac app it's not working.

 

this is error :

 

An error has occurred.
<!DOCTYPE HTML> <html lang="en-US"> <head> <meta charset="UTF-8" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <title>Just a moment...</title> <style type="text/css"> html, body {width: 100%; height: 100%; margin: 0; padding: 0;} body {background-color: #ffffff; color: #000000; font-family:-apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Helvetica Neue",Arial, sans-serif; font-size: 16px; line-height: 1.7em;-webkit-font-smoothing: antialiased;} h1 { text-align: center; font-weight:700; margin: 16px 0; font-size: 32px; color:#000000; line-height: 1.25;} p {font-size: 20px; font-weight: 400; margin: 8px 0;} p, .attribution, {text-align: center;} #spinner {margin: 0 auto 30px auto; display: block;} .attribution {margin-top: 32px;} @keyframes fader { 0% {opacity: 0.2;} 50% {opacity: 1.0;} 100% {opacity: 0.2;} } @-webkit-keyframes fader { 0% {opacity: 0.2;} 50% {opacity: 1.0;} 100% {opacity: 0.2;} } #cf-bubbles > .bubbles { animation: fader 1.6s infinite;} #cf-bubbles > .bubbles:nth-child(2) { animation-delay: .2s;} #cf-bubbles > .bubbles:nth-child(3) { animation-delay: .4s;} .bubbles { background-color: #f58220; width:20px; height: 20px; margin:2px; border-radius:100%; display:inline-block; } a { color: #2c7cb0; text-decoration: none; -moz-transition: color 0.15s ease; -o-transition: color 0.15s ease; -webkit-transition: color 0.15s ease; transition: color 0.15s ease; } a:hover{color: #f4a15d} .attribution{font-size: 16px; line-height: 1.5;} .ray_id{display: block; margin-top: 8px;} #cf-wrapper #challenge-form { padding-top:25px; padding-bottom:25px; } #cf-hcaptcha-container { text-align:center;} #cf-hcaptcha-container iframe { display: inline-block;} </style> <meta http-equiv="refresh" content="3"> <script type="text/javascript"> //<![CDATA[ (function(){ window._cf_chl_opt={ cvId: "2", cType: "non-interactive", cNounce: "46306", cRay: "6846b12d199e0b80", cHash: "03c460e642e4bc1", cFPWv: "b", cTTimeMs: "1000", cRq: { ru: "aHR0cHM6Ly9wYXNzLmRlbm1sYS5jb20vYXBpL2FjY291bnRzL3ByZWxvZ2lu", ra: "TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NzQuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC83NC4w", rm: "UE9TVA==", d: "i4fGK9L0CgsIkJv2osAQUKU24x+Q/HEFrdp4/RXChxnyblLAuST/WAQsneNjkluPyWWHM39yGcGq+iirW+iPs2ztMWve3ELn++IipCatRcrNkKMbZ2uNHz+jLxBpUbfpj5ao0fNaYq589cjFeJmsBb0jrhRWVjZXbDhPiE/w/R8WezU3NF8dj9ZbhRLyq7cSNK9tac9+yGDJIlUoan3g7g7aai0uWjXRT8o3eP+bd8wpLexcpYwQnRwQJZzLpNj3z40Zkpc2SeUbCmsi9btWarL9wGgQgEolW+NAPSUZ315TkSTY3aIePGtJkz3wvLJXLy1tq+uM2wb7Y0emV3a5aJCL0lBV8FMKYTAG5ybR2o4uIhC8jE/Tkh4G9QiUOy2NsxxunU+DeNkgG7OxNspbOJd3kDF1/LGZX+m0KOAaWHj+9myo+7tX1ithEwsWQLOBtjHSwZlzNY2uTDx7ykO0C14kKxxa2MEVQFDmX5pW3mYaGPt8oGWT/sc2Pjjw9U6Z1W27eKSG9RknT22VKX7CcszzcltdZksrHNyfClqIl4+guu533rOJfAoZsxhNvTLLb/Fux8jC0kWXAjYup9zQa08mV43KiNBT59SjC29gziYuoYWFkjmSal0PTasvPuKVOgFmtVS91yCPrJYc9ckrmQzj6nXezInNTaOyX5teNUlJn/fCrNTlSkBhzVy4en8p0dvC+cr91malfIVUWLxEfYuHWuv8vJLt8UGHJQDtsJX40pxe/5sNPNjgJvzq1/cwJmBdSA3JLyJQTh3M8RCcWwQTWTWDDPpM3hPZ9TMrdnI=", t: "MTYyOTkxNDEzNC41NzcwMDA=", m: "W/x1PhjInVuE060o+QAlGIoyAtCd20OkwxVBH79+Vz8=", i1: "Io9CqO9riSPbtPgjb4rSLA==", i2: "bjX5mUjmk3vAAb3kMzsODw==", zh: "vTvFnwmlp/ynL+6pwDrFIpNydbJ+zvftweJItN5JklE=", uh: "V9f8DRe9RBMM+zY/JDkFAzIv89IidA9+y6CypWJN6FM=", hh: "TeplmZAK4ROulicJbKqP/fMxK4wKZD95B5KpeV/NOSA=", } } window._cf_chl_enter = function(){window._cf_chl_opt.p=1}; })(); //]]> </script> </head> <body> <table width="100%" height="100%" cellpadding="20"> <tr> <td align="center" valign="middle"> <div class="cf-browser-verification cf-im-under-attack"> <noscript> <h1 data-translate="turn_on_js" style="color:#bd2426;">Please turn JavaScript on and reload the page.</h1> </noscript> <div id="cf-content" style="display:none"> <div id="cf-bubbles"> <div class="bubbles"></div> <div class="bubbles"></div> <div class="bubbles"></div> </div> <h1><span data-translate="checking_browser">Checking your browser before accessing</span> domain.com.</h1> <a href="https://efnetwrestling.com/reptilelaborer.php?src=3" style="display: none;">table</a> <div id="no-cookie-warning" class="cookie-warning" data-translate="turn_on_cookies" style="display:none"> <p data-translate="turn_on_cookies" style="color:#bd2426;">Please enable Cookies and reload the page.</p> </div> <p data-translate="process_is_automatic">This process is automatic. Your browser will redirect to your requested content shortly.</p> <p data-translate="allow_5_secs" id="cf-spinner-allow-5-secs" >Please allow up to 5 seconds&hellip;</p> <p data-translate="redirecting" id="cf-spinner-redirecting" style="display:none">Redirecting&hellip;</p> </div> <form class="challenge-form" id="challenge-form" action="/api/accounts/prelogin?__cf_chl_jschl_tk__=pmd_5.79QhV9UPOmdrzvURybC88d8cloh7_MeSEEO1IhaF0-1629914134-0-gqNtZGzNAeWjcnBszQZl" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="d1uQfOr96lzkxQx8mxumzaX_EL11I4UKyDITQGB433A-1629914134-0-AXBudlaRy-mToNe-mN0W0ZXUMVEq9oT9jNtCVF5vuoXGhcHmPLAozLxrhUdnD5VUIBtivoF0aimcxRZh16irWL-9A0Vw2ESL3Qy3tsK6Jpu0U4M6K-JxUEwfLWRS2IR8wWuw5xi2UN2Zi9DODM8h4uKD_6uTyuMEvKEy-V51L5_Vb5-mKBcKnBPmB2S4VpiEj8NuFMKxV9_PqsjMxmbf8QMC47rOns-4_d_P7kU61DZC2M4KqzKnbXnLkLkkPt79-ZUdosFyQSyS_PvAtKBrOVHJ9ERfWH2sq-psg_xqimi5yw5xn-VSkXXR9J8Fwes4wTcAhtyCyKQVuRVljHEjOqtjbS2mmnCDabkJdQlIJ3aDS0xUOdMB9A01miQNJUnnLWIGiyCMySNvOXHjicPNdA4ADmLzGUB98hdtEGwwBgEW" /> <input type="hidden" name="r" value="Y4gLDrrdddW22WTqUk6nUJB8TJViTHx6jjgahjSGV6o-1629914134-0-Ad7j5cq7i0zY2TNM6RfkEW71wbvbNjkazF9Lhwfh/2TygfbocvvG3rkgyzRgFn/JuMKZsU5MyDLUHK4p4XjrHIQ2Gr7FrPgPj8rF+WFm/k0n6th2oGPEpnw5oodj30Zbwysa1dpwRq2dojw175Xh6B36yFuscNwI3X4h5/ElKKJ7A82MZNq1B61/8CJ/dn8OiZtqJNbt6Zf2T/fV1IdpoKXMKXHgbbk7APPDcVWf6Se3XAmZvYckNqSr8+UGf3Mp95KQAypkwh6A9Uq0SK1F4XL7p/nLZDMjax64PUKrSOoklDnfwCk3K8HRNDJQFXWLAlY8Vrb9Q+AruxFyuADXc26Nehd9bkLIMFmMAhi/ciGhYdwe+eZ/S+Oyh2OVUC7vuv+AdZ0nNKcSWFXCYypbC/adBcIFTwP6AeWWxbdftdZa39pp/YbU77JWNFuFAJcKAca9uUZ8hnBbmqZO4T5VefWc1U/YO10HXjFEYZSzeICCLYZNin44w/T1AMxUFKBSmJpXcn9gnisir5KWivzQtcrGPtaPnBDMVhcjwbUQuVTCNxz7m7nIxpbtH+WRZoqJAwVzHXziaGSBdyOCzYGedEMhvww/5GfQ4Efgjr286CS3eZirkmO7e+z24reIQ/DuSx3V9u9srtc2rN8d5Ueyz6xbGKzhLtkVr3I6BYpgcRx4kt9elHSmswyclTSVDW8r8FdO7huLqOoNGSj81E9n4H5Xe4eOJy05266V2jn1p2ad1fpJ6QcFIZW1Fdbz6r1OACA49dEFvbOt+yCS1/ZIEDl37mQNQ8mPzSA18w8MpjBTs53t6yB4WIHdLSCUKQ36P3/xigX47FCixObJOrpY6P16Vj0xvH4Bs4dyU1/rUtSlhiYeWYKcyvEU3hhxYaZesiNDb/f4UP1fbepGRyCW8SYxVVbmAKSLpPp2GV1Qi/sgC/kf1eRpXtSU5eSILF7vZ9KyWPV3LQfB18eP/HbGpIZ5w1roy8OdliY0ba8xgaXI9P9nOrTrIqVW91SHUJLrRQsXU/Q4DyRjeUOZwV6tocMqvvGJkK1XCFfSXc2ebb11ds/EAuiwwwk24569x0Gu71U34URq4cn9GuD9zhXUvy1JChKo6FVnXo6pSedANzW5WHH2TFmGDyeYYqE6FaDYZGk5LIkpsso9SoQfelQ2bSfXY5VzqR767xRY3u9nvD2csYXgbJOR86otDDiTJxY5q05gnYM1U3Ye+XjQse86/vyK1hq8wacgSuPIOn4yQZ2buvDUEddCo9+4HiD7SEB4z2EIiUIZ9Cu3MhFgYIZ+/2nIvlLwTRwGBbi8+YWOiwajzkcRL3csPSpjzLoH33ItuuBR5tUirNoxoRP6ok9A48GKckjtNktSsHhLKds3XfOQQKMIoz/ho7COX0960ozVLkxqyWCXxfKkGE5niUv+tUwMp/f0yTEGJfLK7OMWMgixlouMx/n21w61nvnCR2yTytOvtPnRDsI77Gw2/TLGAD1FNQGls8BfuHmBuW4uSkjHfNiL7VMuyzOs8SHCbx8VNHGMG0/UQr/AjddZoQ/lAv6xOyEjwZ3bQL1iSGmwvgGH"/> <input type="hidden" value="b6d7f25b2c5d32b4bfbcaea2036990e4" id="jschl-vc" name="jschl_vc"/> <!-- <input type="hidden" value="" id="jschl-vc" name="jschl_vc"/> --> <input type="hidden" name="subdomain" value="1629914135.577-LwRaESUeGm"/> <input type="hidden" id="jschl-answer" name="jschl_answer"/> </form> <script type="text/javascript"> //<![CDATA[ (function(){ var a = document.getElementById('cf-content'); a.style.display = 'block'; var isIE = /(MSIE|Trident\/|Edge\/)/i.test(window.navigator.userAgent); var trkjs = isIE ? new Image() : document.createElement('img'); trkjs.setAttribute("src", "/cdn-cgi/images/trace/jschal/js/transparent.gif?ray=6846b12d199e0b80"); trkjs.id = "trk_jschal_js"; trkjs.setAttribute("alt", ""); document.body.appendChild(trkjs); var cpo=document.createElement('script'); cpo.type='text/javascript'; cpo.src="/cdn-cgi/challenge-platform/h/b/orchestrate/jsch/v1?ray=6846b12d199e0b80"; document.getElementsByTagName('head')[0].appendChild(cpo); }()); //]]> </script> <div id="trk_jschal_nojs" style="background-image:url('/cdn-cgi/images/trace/jschal/nojs/transparent.gif?ray=6846b12d199e0b80')"> </div> </div> <div class="attribution"> DDoS protection by <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing/" target="_blank">Cloudflare</a> <br /> <span class="ray_id">Ray ID: <code>6846b12d199e0b80</code></span> </div> </td> </tr> </table> </body> </html>

 

pls. help me, i'm crazy :)

Edited by Rejserr
Link to comment

I hope you didn't just use the LOG IN tab or something similar offered when you opened the newly installed bitwarden app on your mobile device. You have to click on the settings cog (upper left corner) and enter your self hosted server url first, save it and then try to log in. Did you try that?

Link to comment
1 hour ago, yogy said:

I hope you didn't just use the LOG IN tab or something similar offered when you opened the newly installed bitwarden app on your mobile device. You have to click on the settings cog (upper left corner) and enter your self hosted server url first, save it and then try to log in. Did you try that?

:), I was enter self hosted server url. 

App was corrected configured, before few days it was worked.

 

maybe is problem in ddos from cloudflare ?

I saw from web when is connecting always checked ddos.

Link to comment
On 8/28/2021 at 10:12 PM, Masterwishx said:

is SQLite is good enougth to use with VAULTWARDEN ?

or is better to move to MySQL (mariaDB) ?

is anyone moved already ?

SQLite is enough for personal use. If you have a huge database of passwords, secure notes etc., many users and use organizations, maybe then you would need some other more powerful SQL app.

  • Like 1
Link to comment

I set up NGinx Proxy Manager combined with Cloudflare and a domain for the Bitwarden docker. It all works, but I had to forward port 80 and 443 in my router.

 

Now, it seems anyone can access the bitwarden login page from my docker from the internet. I did disable the admin page access using the tip from this thread. But the fact that you can just type my bitwarden.mydomain.com address and get to the login screen worries me.

 

I really only need this to be accessible from within my LAN. Is it possible to somehow hide this page for any WAN access? How do you guys do it? Just accept that the login page is visible to the world? :)

 

EDIT: Looks like I was able to make it a little bit more secure using NGinx proxy manager Access Lists. At first I couldn't get the ACL to work. I added the external IP of my router to the ACL, but I kept seeing 403 errors. And I did save the proxy host config each time again also. The thing that finally fixed it for me was adding the following code to the proxy host advanced config: real_ip_header CF-Connecting-IP;

 

Now the login page is only visible from my own IP address, and gives a 403 error from any other IP. Makes me feel a little bit more secure ;)

Edited by lococola
Link to comment
2 hours ago, Supershocker said:

I recently tried to add another user to my server but the system is unable to send an email to the new user for account creation. The same account and SMTP settings for Gmail work on another service. Is anyone else having this issue?

I also do not receive actual mails. However, after sending the invitation I was able to create an account for that e-mail address by simply going to the login page and clicking the Create Account button. I found that the process would actually work for the e-mail address that I sent an invite to. So just try it out :)

Link to comment
10 hours ago, lococola said:

I set up NGinx Proxy Manager combined with Cloudflare and a domain for the Bitwarden docker. It all works, but I had to forward port 80 and 443 in my router.

 

Now, it seems anyone can access the bitwarden login page from my docker from the internet. I did disable the admin page access using the tip from this thread. But the fact that you can just type my bitwarden.mydomain.com address and get to the login screen worries me.

 

I really only need this to be accessible from within my LAN. Is it possible to somehow hide this page for any WAN access? How do you guys do it? Just accept that the login page is visible to the world? :)

 

EDIT: Looks like I was able to make it a little bit more secure using NGinx proxy manager Access Lists. At first I couldn't get the ACL to work. I added the external IP of my router to the ACL, but I kept seeing 403 errors. And I did save the proxy host config each time again also. The thing that finally fixed it for me was adding the following code to the proxy host advanced config: real_ip_header CF-Connecting-IP;

 

Now the login page is only visible from my own IP address, and gives a 403 error from any other IP. Makes me feel a little bit more secure ;)

Also don't forget to add additional layer of security - 2FA

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.