[support] Vaultwarden (formerly Bitwarden_rs)


Recommended Posts

On 4/5/2023 at 2:20 AM, Masterwishx said:

 

Vaultwarden default changed to 350000 and bitwarden to 600000

But I thought password iteration it's in server side not client. 

 

After changed Token to hash having 2 warning like posted above but all working.... 

Thanks for explaining... 

 

no problem, i'm also seeing in the logs after after changing the admin token from plain text to an Argon2 PHC string,

 

[vaultwarden::api::admin::_][WARN] Request guard `AdminToken` failed: "Unauthorized".

 

 

 

Edited by Tolete
  • Like 1
Link to comment
  • 2 weeks later...

Hello guys,

I have installed the Vaultwarden for the first time with a SWAG reverse proxy. I can access the server's webUI from Internet, but I am stack on SMTP settings.

I set up SMTP with my Gmail App password at the Vaultwarden's Admin setting page as per screenshot.

Spoiler

1725823317_SMTPsetings.thumb.jpg.5f7a0caccfeeff750eda7f91ada5efc6.jpg

Then I get an error

"Error sending SMTP test email

SMTP error: Connection error: Cannot assign requested address (os error 99)"

Spoiler

1345662701_SMTPErrormessage.jpg.ff9bbd0f4292d261ef7343a63a38f470.jpg2131190684_ErrorLog.thumb.jpg.6d6e0fb7462c0e101ebe53a4785ca7d1.jpg

I googled this error and tried many things as another App password, "force_tls" with the port 465, "Plain" and "Login" and so on.

I also tried another mail service with the same result.

 

Could you please help me to find out a SMTP error root cause?

Link to comment
3 hours ago, yogy said:

Under host try smtp.gmail.com. All other settings you have are good.

Many thanks! Changing to smtp.gmail.com did the trick. It works under reverse proxy and bridge now. Although the container does not start under host at all, showing an error "Address already in use"

Spoiler

host.jpg.309f25a2c8f47bf39c198a0a0d7245c4.jpg

 

Link to comment

If I remember correctly these are defaults in the config file. I would change SIGNUPS_ALLOWED to false. If you don't want to mess with config file, you can do it in the admin's page under General settings. To access admin page via LAN >> http://IP_ADDRESS:port/admin.

Link to comment

I recently switched from Reverse Proxy Docker Container (NginxProxyManager - NPM) to Cloudflare's Zero Trust platform. You can find many tutorials online (YT) on how to do that, this is not the topic here. Please find bellow a short guide on

 

HOW TO PROTECT VAULTWARDEN ADMIN'S PAGE (access via internet) WHEN USING CLOUDFLARE'S ZERO TRUST TUNNELS  

 

If you enabled admin's page in Vaulwarden, you should (or already) know it shouldn't be exposed to the internet (only via local network).

 

If you are still using NPM >> Edit (Vaulwarden Proxy Host) >> Advancend, and put the following line under Custom Nginx Configuration

location /admin {
		return 404;
	}

 

If you are using Cloudflare's Zero Trust platform (tunnels) instead, you can secure the Vaultwarden's admin page from being accessed over the internet with the following instructions:

This will be a very simple policy rule, you can later tweak your settings as you choose and try it out

1. In the Zero Trust Overview (https://one.dash.cloudflare.com/) under Access >> chose Applications

2. Click on Add an application

3. Select Self-hosted

4. Tab - Configure App - Enter Application name (example: Vaulwarden_admin_access), subdomain (your actual subdomain for vaultwarden), domain (your root domain) and Path (enter: admin) and click Next

6. Tab - Add Policies - Enter Policy name >> Action (Allow)

7. Under Configure rules >> Include >> Selector choose Emails >> under Value enter the email address you own (have access to, but only you. You can put as many email addresses you want) and click Next.

8. Tab - Setup - no need to configure anything, just click Add Aplication

Now go to your admin's page over the internet (https://sub.domain.com/admin) and you will be presented with Cloudflare's Zero Trust (access) page where you first need to enter one of the authorised emails in step 7. When you receive a code to your mailbox, enter the code in the next page and now you have access to admin's page over the internet.

You can add additional security layers in step 7 (Include >> Add Include or Add require or Add exlude

 

I hope you will find this short tutorial useful. 

  • Like 1
  • Thanks 1
Link to comment

My Vaultwarden log shows...

 

[2023-04-21 20:19:32.318][start][INFO] Rocket has launched from http://0.0.0.0:80
[2023-04-21 20:19:33.189][rocket::server::_][ERROR] No matching routes for OPTIONS /.
[2023-04-21 20:19:33.189][rocket::server::_][WARN] Responding with registered (not_found) 404 catcher.
[2023-04-21 20:19:34.198][rocket::server::_][ERROR] No matching routes for OPTIONS /.
[2023-04-21 20:19:34.198][rocket::server::_][WARN] Responding with registered (not_found) 404 catcher.

 

...after a normal restart, as Joeyleigh posted above (version 1.28.1, etc.). The [WARN] and [ERROR] repeat every second to infinity after the, "Rocket has launched from http://0.0.0.0:80." Everything seems to be working fine and I've seen others with the same issue (repeated warning and error), but no solution yet.

 

Anyone here have any ideas?

 

MrGrey.

 

 

Link to comment
17 hours ago, patm95 said:

I downloaded Vaultwarden and on the docker tab is says "not available" Just like the old bitwardenrs does.  Is this one depreciated as well now?  If not, is there a tutorial to migrate our old installation to the new one?

 

Maybe this post from March 27th will help?

https://forums.unraid.net/topic/88086-support-vaultwarden-formerly-bitwarden_rs/?do=findComment&comment=1244980

Link to comment
On 4/25/2023 at 2:34 AM, flosken said:


I mentioned this previously, but I'm on unraid version 6.9.2 and I still have the not available issue.  The problem stated here isn't on the older version of unraid and cannot be solved with this solution.

Link to comment
18 minutes ago, clowncracker said:


I mentioned this previously, but I'm on unraid version 6.9.2 and I still have the not available issue.  The problem stated here isn't on the older version of unraid and cannot be solved with this solution.

Yes, I'm on 6.11.5

Link to comment
  • 2 weeks later...

Hi all,

 

I'm more or less new on unraid. I would like to use vaultwarden initially only with local access in my LAN. I struggle now how to continue to get https enabled. Do I really need to install swag? With cloudfare etc.?

Is there somewhere a description how to get vaultwarden up and running locally?

 

thanks & regards

Pallalino

Link to comment
42 minutes ago, Archonw said:

That would be great, thanks.

I was able to create the certificate, but I struggle to connect it with vaultwarden. In the video it's working as it's calling the docker manually but I use it in unraid. Do I need to import the certificate into swag? I've imported it in Firefox, but this is not sufficient.

Link to comment
On 3/28/2023 at 9:16 AM, clowncracker said:

I'm on version 6.9.2, so it isn't a bug with a new version.  Additionally, Squid's docker patch app isn't available in the app store (presumably because I am on an older version of unraid).


I want to reiterate that I'm still having this issue.  This is the only docker where this is a problem.  I noticed that I'm still on version 2023.4.0, so updates aren't coming through.  Something has broken to the link to vaultwarden/server.

Link to comment
  • 2 weeks later...

Maybe someone can help me:

 

I setup vaultwarden behind a traefik proxy. And it's working so far. Also I installed the bitwarden plugin for Chrome and I can login, access my passwords and so on.

But I'm not able to use the create new account option of the plugin.

 

In this case I'm getting an error:

 

Unexpected token '<', "<!DOCTYPE "... is not valid JSON

 

Any idea what is going wrong and how I can avoid it?

 

Best regards

Link to comment
On 4/21/2023 at 3:45 AM, Joeyleigh said:

Hey!

 

Can anyone give me an idea why my logs within the container are showing this?

 

image.png.3941753c5df47beeaad3c499b0baad2b.png

 

Same happens here, even if signups and invitations are turned off everywhere.
Or is this just a warning about that this 3 variables are overridden by the config.json file?
It also complains about that the admin-token is in clear text but I have not managed to successful change this.

Edited by isvein
Link to comment
  • 2 weeks later...

I recently changed my domain name on Vaultwarden.  I logged into the admin panel and changed it in the "domain URL" box to the new one.  After is saved the settings and logged out I restarted vaultwarden but the WEBUI option on the docker still goes to the old domain.  I logged back into Vaultwarden and confirmed that the new domain was saved.  The new domain is working fine.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.