[support] Vaultwarden (formerly Bitwarden_rs)


Recommended Posts

4 hours ago, yogy said:

Looks normal, but missing some rows. For some reason it doesn't start or it's stuck. I'm out of ideas. I would make a passwords backup, delete current container and make a new one and then import your passwords.

 

That's the thing - it's running and working just fine. The only thing I can't do is edit it in the unRAID GUI. The container itself is otherwise normal.

 

What is the best procedure for backing up/importing passwords? I believe I had to do that once in the admin panel. Anything I should worry about?

Link to comment
3 hours ago, yogy said:

Just go to Settings >> Tools >> Export Vault and you are good to go

 

Thanks!

 

2 hours ago, JonathanM said:

That assumes a single user only unless I missed something.

 

How would you go about it if you have many friends and family members each with their own vault?

 

In my case, I only have 1 vault, 1 user, myself. So my setup is simple enough that this should be enough.

Link to comment
  • 2 weeks later...

I can no longer access Bitwarden.  When a user tries it says login session expired. When I try to login to the admin page, it says my token is wrong. I check the docker config and the file itself. Tried those passwords and that didnt work either.  I also tried resetting the token and that didnt help me getting into the admin page.  I checked the time settings and all that seems ok.  I am trying to access via a reverse proxy and directly.  Neither works.  It did work a few days ago though.

 

 

Any suggestions?

 

Edit: Also, it seems like when i input the correct admin token, and click enter, the page just refreshes and doesnt let me in.

 

Edit 2:  SOLVED!  Deleted the RSA files, started the docker and it works again!

Edited by sittingmongoose
Link to comment

It could be with self signed certificate, properly imported to Vaultwarden. Since you're not tech savvy as you said, try to find videos on You Tube how to setup Nginx Proxy Manager. You also need your own domain, which later could be added to Cloudflare to boost security, using their DNS service. Watch this video, might be very helpfull. If you need additional support just ask, but do your "homework" first, please.

 

  • Like 1
Link to comment

Silly question maybe, but would Vaultwarden work without setting up so it's publicly facing with a domain name? I don't need that functionality ATM, thx covid, but I'd like to host my own password manager while leaving the option for making it available outside the home open for the future. As long as it would work on the LAN it'd be good enough for now.

Link to comment

Yes you can, but in that case it's more exposed to possible "attacks". You should open port(s) on your endpoint but if you use NPM you don't. I would still consider using Cloudflare DNS and add aditional layer of security. If not selfhosted you could also run it in the VPS, but then you should protect the acces to that VPS properly. There are many options, consider finding what suits you best and most secure.

Link to comment
46 minutes ago, yogy said:

Yes you can, but in that case it's more exposed to possible "attacks".

 

I currently use IP:port to access my Unraid, haven't messed too much with networking with it beyond setting a fixed IP address in the setting. What would be the easiest way to allow the docker to work just on the LAN? I currently have it installed, it's blocking me from creating an account due to lack of HTTPS, resources online seem to indicate I still need a certificate, which make sense, however at that point I might as well bite the bullet now and set up a domain.

Link to comment

I understand your frustration. You only used Vaultwarden in LAN and if you need it from outside you used VPN. I'm not sure if local access could be established with self signed certificate, just because I never tried that option. I would warmly suggest you to buy a domain (it's very cheap) and that is the only cost. All in all you can use your domain, e. g. subdomain for other access also (emby, plex, nas, blog, website .... you name it), it's usefull. Setup Nginx Proxy Manager container, connect your domain to Clouflare and you are preety safe. It's not so hard to do, it really isn't. Not to mention Let's Encrypt certs are also free.

Edited by yogy
Link to comment
  • 2 weeks later...

Edit:  nuking SWAG and starting fresh with Ngnix PM seems to have solved it for the time being.  Not sure what the problem was, but it didn't appear to be related to my vaultwarden setup.

------------------------------------------------------------------

I'm getting my butt kicked by certificates.  The problem I'm trying to solve is the "chain validation failed" when using the bitwarden android app.  Everything else works fine.  The iOS app, macos app, and windows app all work.  All browsers on windows/linux/android/iphone all work perfectly. 

 

What's worse is that I have managed to have the android app working for maybe a day or so after changing to a fresh domain, but then it breaks again once I reissue a cert.

 

I'm running bitwarden through the swag container.  Nothing super elaborate.  Mostly running stock out of the box, per space invader one tutorials.  've tried a few different domains on google, with no change in results. 

 

What I'm most hung up on is I get different behavior checking on SSL Labs vs Digicert.  If it matters, I changed the "only subdomains" key in swag to false, so I could test the main domain.

 

SSL Labs

  • mydomain.group   = A
  • bitwarden.mydomain.group  = A
  • nextcloud.myomain.group = A+

 

Digicert

  • mydomain.group   = all green checks
  • bitwarden.mydomain.group  = "unable to connect"
  • nextcloud.mydomain.group  = all green checks

 

The few brief times the Android app did work, I think it corresponded with the digicert check passing the bitwarden.mydomain.group test, but I'm not positive.  I seem to be at a dead end here though. 

Any suggestions for next steps?

 

image.png.c58219e37952167e368757ff76668858.png

image.thumb.png.75fc8e8897bad6505dfb93be7b808b74.png

 

Edited by Wimp Lo
Link to comment
1 hour ago, Wimp Lo said:

What's worse is that I have managed to have the android app working for maybe a day or so after changing to a fresh domain, but then it breaks again once I reissue a cert.

 

I think your problem is here.

Did you try to completely delete the android app and install it again or at least delete the apps cache?

  • Like 1
Link to comment
1 hour ago, yogy said:

I think your problem is here.

Did you try to completely delete the android app and install it again or at least delete the apps cache?

 

Yeah, I've tried that a few times with no changes.  Also I've tried older versions, and tried installing on a few of my old devices that had never had the app before.  I think I have android 10, 11, and 12 attempted.

Edited by Wimp Lo
Link to comment
19 hours ago, Wimp Lo said:

 

Yeah, I've tried that a few times with no changes.  Also I've tried older versions, and tried installing on a few of my old devices that had never had the app before.  I think I have android 10, 11, and 12 attempted.

Have no more ideas. Where does SWAG keeping the certs, maybe worth checking. Or you need to enable something there, just guessing. I don't use it, prefer Nginx Proxy Manager.

  • Like 1
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.