[support] Vaultwarden (formerly Bitwarden_rs)


386 posts in this topic Last Reply

Recommended Posts

On 4/29/2021 at 11:34 PM, Tolete said:

 

anyone interested, for NPM

just add under advanced.

Screenshot (21).png

 

✔️✔️✔️

Hi,

 

i have followed spaceinvaders installation steps from this videos:

https://www.youtube.com/watch?v=I0lhZc25Sro&t=1341s

https://www.youtube.com/watch?v=HLcj-p-lcXY&t=442s

 

The vaultwarden is now accessible via the internet with my corresponding DuckDNS Subdomain. The only one thing is that i can reach the /admin page under this DuckDNS Subdomain.
Has anyone a idea how i can use the tip from Tolete with Swag (former Letsencryp). I use Swag as reverse proxy instead NGINX Proxy Manager.

 

Thank you!

Link to post
  • Replies 385
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

New repository is: vaultwarden/server:latest Change it in docker settings: Stop the container Rename repository to vaultwarden/server Hit Apply and start the container

I added the following to my reverse proxy for the admin panel   location /admin { return 404; } I only access the panel locally using the direct ip.

Thanks for the thorough response. Me and the 10479 people that will ask after me VERY MUCH appreciate it :-)

Posted Images

I made a export from my Bitwarden vault. Then deleted everything, installed Vaultwarden and after registration in the admin panel, I import the Jason file and everything is working again.


Sent from my iPhone using Tapatalk Pro

Link to post
32 minutes ago, macfreaker said:

I made a export from my Bitwarden vault. Then deleted everything, installed Vaultwarden and after registration in the admin panel, I import the Jason file and everything is working again.

Why? I suppose it's not a bad idea to do an export occasionally, but that method of moving repositories is not recommended unless you are the only user. If I did that all my other users would kill me.

Link to post
Posted (edited)

Hello, I'm trying to make this container work with Nginx Proxy Manager. After fiddling with the various settings I am to the point where instad of a 502 bad gateway now a page is loaded, but there is only the "broken image" icon and a single word in times new roman "Bitwarden".

 

What can/should I do? I am a complete newbie in this, I managed to set up a nextcloud selfhosted but I can't manage to make vaultwarden work properly...

 

image.thumb.png.c2a14aa20ea2b5a289426b62382db679.png

Edited by Ankareth
added screenshot of the issue
Link to post
Posted (edited)

Hi, 

 

I've decided to remove the requirement for my YubiKey when I access my instance. I have removed the YUBICO_CLIENT_ID: & YUBICO_SECRET_KEY: lines from the template and also disabled the option on the admin page. I have cleared the browser cache and even tried another browser however I keep being asked for the key. The option is also disabled in the config file. 

 

Screenshot_20210515-092133_Brave.thumb.png.3ccdf7dea08f96df7e8d93d2b18f0525.png

 

Screenshot_20210515-092204_Brave.thumb.png.0720c0b56414545097d36810fa993fd0.png

 

1494230576_Screenshot_20210515-093311_DroidEditFree.thumb.png.9675296e9f8cd33f0e54f35e395e9a7d.png

Edited by LoneTraveler
Link to post

That's a very good question. I'm not sure and haven't try multiple users setup, but I guess it should be unlimited since it's self hosted. Maybe someone else could answer who actually setup multiple users.

Link to post

Hi, 

 

Restarted the container and system however no luck, I've even gone back over my config file but it still keeps asking for my YubiKey. 

 

{
  "domain": "https://REDACTED",
  "disable_icon_download": false,
  "signups_allowed": false,
  "signups_verify": false,
  "signups_verify_resend_time": 3600,
  "signups_verify_resend_limit": 6,
  "invitations_allowed": true,
  "password_iterations": 100000,
  "show_password_hint": true,
  "admin_token": "REDACTED",
  "invitation_org_name": "Bitwarden_RS",
  "ip_header": "X-Real-IP",
  "icon_cache_ttl": 2592000,
  "icon_cache_negttl": 259200,
  "icon_download_timeout": 10,
  "icon_blacklist_non_global_ips": true,
  "disable_2fa_remember": false,
  "authenticator_disable_time_drift": false,
  "require_device_email": false,
  "reload_templates": false,
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "disable_admin_token": false,
  "_enable_yubico": false,
  "_enable_duo": false,
  "_enable_smtp": true,
  "smtp_host": "smtp.live.com",
  "smtp_ssl": true,
  "smtp_explicit_tls": false,
  "smtp_port": 587,
  "smtp_from": "REDACTED",
  "smtp_from_name": "Bitwarden_RS",
  "smtp_username": "REDACTED",
  "smtp_password": "REDACTED",
  "smtp_timeout": 15,
  "smtp_debug": false,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "_enable_email_2fa": false,
  "email_token_size": 6,
  "email_expiration_time": 600,
  "email_attempts_limit": 3
}

 

Link to post

Sorry, I'm afraid I'm out of ideas what could be wrong here. It's strange thought, maybe someone with similar issues might provide further assistance. I'm using simple 2FA by Google Authenticator on my mobile phone.

Link to post

Just created new docker of vaultwarden but having error on SMTP gmail sent  -

i watched Spaceinvader One video but i used swag defalt config for bitwarden

i can access to vaultwarden from webui local and from sub.duckdns.org but cant send mail , the setting are same as in nextcloud and its working in nextcloud..

(storage renamed from bitwarden to vaultwarden ...)

 

vaultwarden::mail][ERROR] SMTP 5xx error: lettre::transport::smtp::Error { kind: Permanent(Code { severity: PermanentNegativeCompletion, category: Unspecified3, detail: Five })

 

Link to post
Posted (edited)
On 2/16/2020 at 6:58 PM, Roxedus said:

@Gabriel_B I just managed to setup smtp with a gmail account.
This account is set to allow insecure connections
I used the settings showed in the screenshot, but with my emailimage.thumb.png.90645418593e57b26d3106b1f9206a64.png

 

i have same setting but smtp not working 😞

maybve the problem in conf file ?

 

## Version 2020/12/09
# make sure that your dns has a cname set for bitwarden and that your bitwarden container is not using a base url
# make sure your bitwarden container is named "bitwarden"
# set the environment variable WEBSOCKET_ENABLED=true on your bitwarden container

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name ...xx...vaultwarden.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 128M;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    # enable for Authelia
    #include /config/nginx/authelia-server.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /ldaplogin;

        # enable for Authelia
        #include /config/nginx/authelia-location.conf;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app vaultwarden;
        set $upstream_port 80;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
        
    }

    location /admin {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /ldaplogin;

        # enable for Authelia
        #include /config/nginx/authelia-location.conf;

        return 404;
        #include /config/nginx/proxy.conf;
        #resolver 127.0.0.11 valid=30s;
        #set $upstream_app vaultwarden;
        #set $upstream_port 80;
        #set $upstream_proto http;
        #proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

    location /notifications/hub {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app vaultwarden;
        set $upstream_port 3012;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
        

    }

    location /notifications/hub/negotiate {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app vaultwarden;
        set $upstream_port 80;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
        
    }
}
 

 

Edited by Masterwishx
update
Link to post
Posted (edited)

Can you post a screenshot of your bitwarden/admin SMTP settings

 

Edit:

Sorry, didn't look at the screenshoot you already posted above. OK try this:

  • firstly try with port 587 (save and try if it works)
  • if it still doesn't work try to disable (untick) Enable SSL 
Edited by yogy
Link to post

Hi, I was just wondering if "Emergency Access" was likely to be added to the container?
I used to have this setup with LastPass and I loved the concept.

Link to post

You have Admin access for that with a loooong token key. Go through this thread and you will learn how to disable it over internet and only get access via LAN.

Link to post
26 minutes ago, yogy said:

Go through this thread and you will learn how to disable it over internet and only get access via LAN.

Or just scroll to the top of the page and click on the recommended post.

Link to post
Posted (edited)

Maybe someone know how to import from Norton Password Manger ?

i didnt finded from big list of password managers , so i manualy transfered logins to chrome.csv format and other staff like notes i need to imort manualy too.

Maybe some one know how to do it automaticly if Norton pass manager have same structure as other pass manager from list ?

Edited by Masterwishx
Link to post

You've done it the correct way. Not all password managers are listed, so you have to export your data to *.csv file and import that file to Bitwarden. 

Link to post
On 5/22/2021 at 2:03 AM, yogy said:

You've done it the correct way. Not all password managers are listed, so you have to export your data to *.csv file and import that file to Bitwarden. 

 

Yea i got it, but maybe some other pass manager have same stucture like norton pass ?

its --->   username,password,name,url,notes

Link to post
Posted (edited)

Followed Spaceinvaders a year or so ago and got bitwarden set up. Everthing worked fine until my home was destroyed in a fire.

I had great offsite backups, but decided to rebuild the server from scratch and only use the data files.

Well anyway with Vaultwarden what do I need to change in the nginx proxyconfs file to take advantage of vault warden.

Here is the old file I had.

#BITWARDEN
# make sure that your domain has dns has a cname or a record set for the subdomain bitwarden 
# This config file will work as is when using a custom docker network the same as letesencrypt (proxynet).
# However the container name is expected to be "bitwardenrs" as it is by default the template as this name is used to resolve.  
# If you are not using the custom docker network for this container then change the line "server bitwardenrs:80;" to "server [YOUR_SERVER_IP]:8086;" Also remove line 7

resolver 127.0.0.11 valid=30s;
upstream bitwarden {
    server bitwardenrs:80;
}

server {
    listen 443 ssl;
    server_name bitwarden.*;
    include /config/nginx/ssl.conf;
  client_max_body_size 128M;

  location / {
   proxy_pass http://bitwarden;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
  
  location /notifications/hub {
   proxy_pass http://bitwarden;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }
  
  location /notifications/hub/negotiate {
    proxy_pass http://bitwarden;
  }
}

 

So what in the above file needs to be changed to take advantage of vaultwarden.

Thanks for the help

Edited by carltonwb
Link to post
Posted (edited)
On 4/22/2020 at 6:11 PM, Roxedus said:

I added the following to my reverse proxy for the admin panel
 



	location /admin {
		return 404;
	}

I only access the panel locally using the direct ip.

 

I added this to my nginx and it blocks the admin as it should.  Is there an easy way in the template to have it use the ip instead of the domain for the gui?  Or is everyone manually typing in the ip when they need to access the admin?

 

Edited by Gragorg
Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.