[support] Vaultwarden (formerly Bitwarden_rs)


384 posts in this topic Last Reply

Recommended Posts

17 minutes ago, yogy said:

Trusted Self signed certificate. But you need to store it somewhere in bitwarden configuration. I didn't yet test that and I'm not sure if it's even possible, but it would be worth to try.

I think that's beyond my abilities. I might just stick with blocking public access to /admin.

edit:This post was very helpful for adding those lines for blocking admin access through Nginx Proxy Manager: 

 

Edited by tonic
Link to post
  • Replies 383
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

New repository is: vaultwarden/server:latest Change it in docker settings: Stop the container Rename repository to vaultwarden/server Hit Apply and start the container

I added the following to my reverse proxy for the admin panel   location /admin { return 404; } I only access the panel locally using the direct ip.

Thanks for the thorough response. Me and the 10479 people that will ask after me VERY MUCH appreciate it :-)

Posted Images

I know, I wrote this post. But I should also correct the first sentence "You can access Bitwarden server through the browser by entering local IPaddress:port assigned by unRAID". I just tried that. IT DOESN'T WORK. It requires https.

Just block the admin access, use a trusted certificate, long password (with lower case, upper case, numbers and special characters, at least 14 characters long) and you are good to go.

Link to post
On 12/19/2020 at 11:33 PM, Endy said:

I've been struggling to get Bitwarden to work. The docker is installed and I can access it by IP, but not by reverse proxy.

 

My ISP blocks port 80, but not port 443 so I am using Cloudflare to force 443.

 

First I followed SpaceInvader's video and was using SWAG. I just get an Error 522 from Cloudflare. (Everything else through SWAG was working just fine.)

 

Then I switched everything over to using HAProxy in Pfsense. Instead of using the custom network, I gave each of the docker containers their own static IP addresses. Again, I can get everything working, but Bitwarden gets Error 522 from Cloudflare. HAProxy stats shows that Bitwarden is up.

 

I've searched and searched, but I can not find an answer. Any ideas?

 

Did you find any solution for it?

 

I have same issue as you

Link to post

Having an odd issue. I recently switched from swag to npm for convenience. If I set npm to http it works perfectly but I want to use https and whenever I do that it gives me a 502 bad gateway. I know I am missing something but I have searched all over and cant seem to find out how to fix it. Any advice would be greatly appreciated. 

Link to post

Ussualy you set NPM proxy hosts to use http. This is because docker containers ussualy don't use https port (variables should allow ssl). Just to be clear, this is in your local network, so no harm done.

When you use http in NPM proxy host this doesn't mean your will access docker app via http over internet, that is if you set correct subdomain in your domain cPanel (CNAME) and use the same subdomain in Domain Names in NPM. With Let's Encrypt certificate which is free to use, you will only be able (if you set NPM correctly - SSL tab in NPM) to access your docker app via https.

Link to post
6 hours ago, yogy said:

Ussualy you set NPM proxy hosts to use http. This is because docker containers ussualy don't use https port (variables should allow ssl). Just to be clear, this is in your local network, so no harm done.

When you use http in NPM proxy host this doesn't mean your will access docker app via http over internet, that is if you set correct subdomain in your domain cPanel (CNAME) and use the same subdomain in Domain Names in NPM. With Let's Encrypt certificate which is free to use, you will only be able (if you set NPM correctly - SSL tab in NPM) to access your docker app via https.

 

This is very helpfull. thanks for this!

Link to post
  • Roxedus changed the title to [support] Vaultwarden (formerly Bitwarden_rs)
On 4/22/2020 at 6:11 PM, Roxedus said:

I added the following to my reverse proxy for the admin panel
 



	location /admin {
		return 404;
	}

I only access the panel locally using the direct ip.

 

anyone interested, for NPM

just add under advanced.

Screenshot (21).png

 

✔️✔️✔️

Edited by Tolete
Link to post

Can someone please explain what's with this new vaultwarden. Bitwarden_rs is now deprecated, so can we just change the repository or we should start from scratch (create a new docker container)?

Link to post
Can someone please explain what's with this new vaultwarden. Bitwarden_rs is now deprecated, so can we just change the repository or we should start from scratch (create a new docker container)?

Just change repository
Link to post
New repository is: vaultwarden/server:latest
Change it in docker settings:
  1. Stop the container
  2. Rename repository to vaultwarden/server
  3. Hit Apply and start the container
That's it. Don't forget to go to unRAID Settings >> click on Fix Common Problems (if the scan doesn't start automatically then click RESCAN) and you will receive a notification to apply a fix for *.xml file change.
I just went through this procedure and can verify everything went smooth and well. 

Thanks for the thorough response. Me and the 10479 people that will ask after me VERY MUCH appreciate it :-)
  • Like 3
  • Haha 1
Link to post

Hello, i had Bitwardenrs installed and worked fine.

Now I switched to Vaultwarden as described and now have a problem after restarting the server.

Accessing Vaultwarden via duckdns.org, this page comes up:

 

grafik.thumb.png.ecfff1c990be07d20234a7d67021379f.png

 

The /admin page works.

 

grafik.png.2abde92b95f23728759f6f5291a79216.png

 

I've tried everything possible all day, including reinstalling Nginx Proxy and Vaultwarden. Unfortunately nothing works. Other Dockers can be reached via the Nginx proxy. I can't find anything where Vaultwarden pulls this page from. Maybe you can give me a tip.

Best regards

Averall

Link to post
17 hours ago, blaine07 said:


Thanks for the thorough response. Me and the 10479 people that will ask after me VERY MUCH appreciate it 🙂

 

Can confirm that changing the repo and then running Fix Common Problems plugin works with no issue. I did run into a problem with the extension on my browser. I had to log out and back in before it would sync again.

Link to post

Agreed, this does work correctly.
it did disappear from my Docker list, but once the xml was fixed, it came back.
No data seems to have been lost.

Link to post
1 hour ago, Averall said:

Hello, i had Bitwardenrs installed and worked fine.

Now I switched to Vaultwarden as described and now have a problem after restarting the server.

Accessing Vaultwarden via duckdns.org, this page comes up:

 

grafik.thumb.png.ecfff1c990be07d20234a7d67021379f.png

 

The /admin page works.

 

grafik.png.2abde92b95f23728759f6f5291a79216.png

 

I've tried everything possible all day, including reinstalling Nginx Proxy and Vaultwarden. Unfortunately nothing works. Other Dockers can be reached via the Nginx proxy. I can't find anything where Vaultwarden pulls this page from. Maybe you can give me a tip.

Best regards

Averall

This has something to do with Nginx Proxy. You should take a look at your Nginx settings and config files. Not many people are using Nginx Proxy, usually Swag or Nginx Proxy Manager. I use the latter and didn't have to change or add anything to my proxy configuration. Maybe someone could provide you with some assistance who is actually using Nginx Proxy.

Link to post
Posted (edited)

Hello

 

34 minutes ago, yogy said:

This has something to do with Nginx Proxy. You should take a look at your Nginx settings and config files. Not many people are using Nginx Proxy, usually Swag or Nginx Proxy Manager.

 

sorry i wrote that wrong.

i am using the Nginx Proxy Manager.

Nginx Proxy Manager works with the other Dockers.

When I click the Vaultwarden WebGUI:

 

grafik.png.f3d99497f1e8ab613610edb5b55472de.png

 

nothing happens.

 

Edited by Averall
Link to post

That's strange. Check the network type in docker settings. Did you follow the procedure with all the steps. Did you change anything? WebUI should take you to the internal (LAN) Bitwarden login page. Since your picture above shows access to Bitwarden through the internet I still think there is an issue in Nginx Proxy Manager (check *.conf file and ip range)

Link to post

Hello again,
After trying everything possible, I opened Vaultwarden with a different browser. Great, it works with that.
I have now emptied the browser cache of my Firefox and now it works again.


Small cause, big effect.
Thank you for your support.

Link to post

Ok.  I read through all 14 pages and am completely unclear about this. 
 

early posts seem to indicate logging was insecure for reverse proxies. With a reasonably long fix posted around page 4 or so.  
 

 Also if I am running Bitwarden _rs now as a Docker how do I transition cleanly?

 

 

Link to post
On 5/2/2021 at 7:53 PM, tknx said:

indicate logging was insecure for reverse proxies

What logging?
 

 

On 5/2/2021 at 7:53 PM, tknx said:

Also if I am running Bitwarden _rs now as a Docker how do I transition cleanly?

Follow the fantastic step-by-step provided by @yogy in the recommended posts

Link to post

Ok so I have updated the repository and ran the fix on fix common problems.  When I load the WebUi i get this message....

 

 

This browser requires HTTPS to use the web vault

Check the bitwarden_rs wiki for details on how to enable it

 

The admin page still works fine and seem to work otherwise.  Any thoughts?

 

Link to post

This is because you are trying to access bitwarden through local network. This will only work with self signed certificate. Self hosted bitwarden_rs/vaultwarden is not meant to work in local network, I mean it's duable but ....

The easiest and safest way is if you own a domain, use Cloudflare to manage it and Nginx Proxy Manager with Let's encrypt certificate and you are safe enough to access Bitwarden self hosted password vault through the internet. Domain is very cheap (€ or $ 2-10) and the rest is free of charge, so I really try to encourage every user to do it that way. All mentioned can be used for other docker containers too. I'm running 10 docker containers/apps via internet with 2FA this way and I feel very safe and happy. 

Link to post
On 4/30/2021 at 3:42 PM, yogy said:

New repository is: vaultwarden/server:latest

Change it in docker settings:

  1. Stop the container
  2. Rename repository to vaultwarden/server
  3. Hit Apply and start the container

That's it. Don't forget to go to unRAID Settings >> click on Fix Common Problems (if the scan doesn't start automatically then click RESCAN) and you will receive a notification to apply a fix for *.xml file change.

I just went through this procedure and can verify everything went smooth and well. 

Worked for me. Thanks for detailed procedure. :D

Link to post
Posted (edited)
On 5/1/2021 at 9:46 AM, Averall said:

Hello, i had Bitwardenrs installed and worked fine.

Now I switched to Vaultwarden as described and now have a problem after restarting the server.

Accessing Vaultwarden via duckdns.org, this page comes up:

 

grafik.thumb.png.ecfff1c990be07d20234a7d67021379f.png

 

The /admin page works.

 

grafik.png.2abde92b95f23728759f6f5291a79216.png

 

I've tried everything possible all day, including reinstalling Nginx Proxy and Vaultwarden. Unfortunately nothing works. Other Dockers can be reached via the Nginx proxy. I can't find anything where Vaultwarden pulls this page from. Maybe you can give me a tip.

Best regards

Averall

 

I tried following the steps posted elsewhere to rename the repository and use the fix plugin to fix the XML file.  I can no longer access my container login page via https.  If I try via http I get the error page someone posted about it only being accessible via https, even though I have a trusted cert available.  It just isn't listening yet.  If I go to the /admin URL then I get the same thing you're showing here, and I have no idea where to get that authentication key from.  

 

Any help would be appreciated.  This was working just fine until I tried to "fix" it to the new repository.

 

EDIT -  figured it out.  Primarily it was because I needed to update my reverse proxy to account for the new app name.  That really fixed it.  With respect to the "authentication key", I remembered it was in the container settings and I have it written down in the event I needed it anyway.  I think I'm good to go now..

Edited by BurntOC
Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.