[support] Vaultwarden (formerly Bitwarden_rs)

[yogy]

Maybe this would help https://bitwarden.com/help/setup-two-step-login-yubikey/

[Noirkw]

Hi guys 

 

Could use some advice and any help is appreciated. 

 

I followed the guide to vault warden here ibracorp using cloudflare and NPM. I can access the vaultwarden instance on both WAN and LAN. However, on the admin panel diagnostics , is still states that 

 

"uses a reverse proxy" as "No"

 

and my domain configuration is stated as: 

 

'No match', where the following is shown: 

 

Server: vaultwarden.mydomaind.com

Browser: mylanip

 

Think I may have screwed up the config somewhere - I am still very new to proxy and remote access in general, please go easy on me 

 

[yogy]

What exactly is the problem? If you can access Vaultwarden via internet through NPM and Cloudflare with a valid Let's Encrypt certificate, you should be OK. Just keep in mind you need to block admin page via internet (https://vaultwarden.mydomaind.com/admin). It should only be accesible via LAN. You should insert the following code in NPM (vaultwarden proxy host) >> Advanced >> Custom Nginx Configuration

location /admin {
		return 404;
	}

 

[yogy]

1 hour ago, Noirkw said:

And BTW, this settings are just fine, don't worry about it.

[Noirkw]

7 hours ago, yogy said:

What exactly is the problem? If you can access Vaultwarden via internet through NPM and Cloudflare with a valid Let's Encrypt certificate, you should be OK. Just keep in mind you need to block admin page via internet (https://vaultwarden.mydomaind.com/admin). It should only be accesible via LAN. You should insert the following code in NPM (vaultwarden proxy host) >> Advanced >> Custom Nginx Configuration

location /admin {
		return 404;
	}

 

 

Thank you. Was concerned that it was stating 'no' in the reverse proxy!

 

I've inserted the following line and the admin page is now inaccessible. Appreciate the advice!

[Mattti1912]

Hello people 

 

I have a question:) is it possible to set up a 2fa to this bitwarden?? So that i have to accept with my phone every time i logon on to this service??

I've tried to config in the admin page.. But i cant make smtp email to work with gmail... Any one who might have a guide??

 

thank you

[yogy]

You can always use Goodle Authenticator or something else, there are some options besides email

[Mattti1912]

Hello again..

Thank you for responding:)

 

How to you do that?? Of what i cant see there are two ways to configure the docker... there are the admin page and the login page.. how do i do this??

 

thank you

 

[yogy]

You login to Vaultwarden, click on Profile >> Account Settings >> Security >> Two-step login (tab) and choose your flavor

[Mattti1912]

Hello again..

 

I've tried again.. get the error totp error 172.18.0.1

 

Hope you can help:)

 

Thank you

[yogy]

You have to login over the internet, not intranet.

[Mattti1912]

Hello again.. and thank you..

 

I use cloudflare tunnels.. When i login over the internet the 2 steps login, will not work? i scan the qr-code... And then the error_: totp error 172.18.0.1

 

I've tried to change network-type but no difference ?

hope you can help??

Thank you

 

[Mattti1912]

Could the error be because of the tunnels function at cloudflare??

 

thank you

[Mattti1912]

5 hours ago, Mattti1912 said:

The error now is TOTP code .. And a ip error  IP: 172.19.0.1   ... anyone who can help??

 

i

[yogy]

When you're accessing Vaultwarden through the tunnel you hit the intranet zone. It's like using VPN (your IP). You need to access it over the internet, safely. I'm not going to explain in detail how you can accomplish this. Go over this topic and you will find some guidance.

[Mattti1912]

Hello again 

 

I can access the docker through the cloudflare.. But the error is that i cant make the 2fa work. 

and i get this error : The error now is TOTP code .. And a ip error  IP: 172.19.0.1 ...  Anyone that know how to resolve this??

 

thank you

[Tolete]

anyone try the bitwarden script to backup and encrypt vault from CLI?
-bitwarden blog post 

 

-IThe Interactive script

#!/usr/bin/env bash
export LC_CTYPE=C
export LC_ALL=C
read -p "Bitwarden account email: " BW_ACCOUNT
read -p "Master Password (hidden): " -s BW_PASS
EXPORT_OUTPUT_BASE="bw_export_"
TIMESTAMP=$(date "+%Y%m%d%H%M%S")
ENC_OUTPUT_FILE=$EXPORT_OUTPUT_BASE$TIMESTAMP.enc
export BW_SESSION=$(bw login $BW_ACCOUNT $BW_PASS --raw)
bw export --raw --session $BW_SESSION --format json | openssl enc -aes-256-cbc -pbkdf2 -iter 100000 -k $BW_PASS -out $ENC_OUTPUT_FILE
bw logout > /dev/null
unset BW_SESSION
unset BW_PASS
unset BW_ACCOUNT

 

-The Non-Interactive script

#!/usr/bin/env bash
export LC_CTYPE=C
export LC_ALL=C
export BW_ACCOUNT=EMAIL
export BW_PASS=PASSWORD
export BW_SESSION=$(bw login $BW_ACCOUNT $BW_PASS --raw)
EXPORT_OUTPUT_BASE="bw_export_"
TIMESTAMP=$(date "+%Y%m%d%H%M%S")
ENC_OUTPUT_FILE=$EXPORT_OUTPUT_BASE$TIMESTAMP.enc
bw --raw --session $BW_SESSION export --format json | openssl enc -aes-256-cbc -pbkdf2 -iter 100000 -k $BW_PASS -out $ENC_OUTPUT_FILE
bw logout > /dev/null
unset BW_SESSION
unset BW_PASS
unset BW_ACCOUNT

 

Edited December 23, 2022 by Tolete

[yogy]

On 12/23/2022 at 11:53 AM, Mattti1912 said:

Hello again 

 

I can access the docker through the cloudflare.. But the error is that i cant make the 2fa work. 

and i get this error : The error now is TOTP code .. And a ip error  IP: 172.19.0.1 ...  Anyone that know how to resolve this??

 

thank you

172.19.0.1 is probably your internal docker IP address. You can also try to restrict access in Cloudflare with Applications where you could add policies.

[Mattti1912]

Hello again... Thank you for reply..

the ip is an internal ip:) 

how do i add policies??

 

regards

[yogy]

What you're asking is out of the topic. Sorry, but you will have to do your own research. Watch some recent YT videos from DB Tech and I'm sure you will find the answer.

[Mattti1912]

Thank you so much..

 

I figured it out..

 

thank you

[Maginos]

@gizmer, @Tucubanito07 and @hata:
I have the same issue as you guys, I have to use version 1.24.0 and it's not possible to upgrade to a higher version. I get the same output in the log as gizmer (on page 20).
Have you been able to upgrade the vaultwarden docker meanwhile to 1.25.0 or higher and if yes, how did you do that?

[Sleepyme]

I'm getting this error when trying to enable my Yubikey:

An error has occurred.

`YUBICO_CLIENT_ID` or `YUBICO_SECRET_KEY` environment variable is not set. Yubikey OTP Disabled

 

How do I go about enabling this?

[Tolete]

12 hours ago, Sleepyme said:

I'm getting this error when trying to enable my Yubikey:

An error has occurred.

`YUBICO_CLIENT_ID` or `YUBICO_SECRET_KEY` environment variable is not set. Yubikey OTP Disabled

 

How do I go about enabling this?

 

you need to access your admin panel and turn it ON.

In the admin panel under 'Yubikey settings'. You also need to generate the environment variables
 

`YUBICO_CLIENT_ID` and `YUBICO_SECRET_KEY`

 

Save.

Then just log into your Vault and go to (top right) Account Settings > Security > Two-step Login > Yubikey Manage.

Edited January 3, 2023 by Tolete

[Sleepyme]

2 hours ago, Tolete said:

 

you need to access your admin panel and turn it ON.

In the admin panel under 'Yubikey settings'. You also need to generate the environment variables
 

`YUBICO_CLIENT_ID` and `YUBICO_SECRET_KEY`

 

Save.

Then just log into your Vault and go to (top right) Account Settings > Security > Two-step Login > Yubikey Manage.

THANK YOU! GOT IT WORKING!