Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[support] Vaultwarden (formerly Bitwarden_rs)

Featured Replies

Was going to use vaultwarden to save my passwords, but only have it accessable via the local area network, using vpn to connect to my network and sync passwords if i am not on the lan.

 

The problem is whenever i setup Vaultwarden it tells me it wont work without https with my browser. It seems very cumbersome to deal with internal certificates, is there a way to bypass this? I do not wish to expose vaultwarden to the internet as i have access to my network when using vpn anyway.

 

Letsencrypt only works if letsencrypt can valide the certificates from their servers which won't work if the host is offline. Any good solutions here? I want to have certificates more or less seamless without having to manually deal with them each time they expire but i also only want my vaultwarden to be accessible from lan, never from wan.

 

 

  • Replies 734
  • Views 277.4k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • I added the following to my reverse proxy for the admin panel   location /admin { return 404; } I only access the panel locally using the direct ip.

  • New repository is: vaultwarden/server:latest Change it in docker settings: Stop the container Rename repository to vaultwarden/server Hit Apply and start the container

  • log showing [NOTICE] You are using a plain text `ADMIN_TOKEN` which is insecure. Please generate a secure Argon2 PHC string by using `vaultwarden hash` or `argon2`. See: https://github.com/dani-gar

Posted Images

Hi guys,

 

I need help with vaultwarden, this is my log when start container.

What I need to do to solve this problem?

 

Second problem is can't login to my vault on android phone.

On Macbook can't sync vault, when I go to web/https everything is working.

 

Before few days phone and mac was working.

 

 

179341952_Screenshot2021-08-17at20_18_40.thumb.png.03dacd7ec539d389f4f08b0a8280899e.png

You should enter the admin panel (https://yourdomainname/admin) enter your admin token and correct things with the warning. As I can see you didn't configure your admin token which you should. Recreate the container, use false for signups and invitations allowed and create admin token with the following command in terminal without quotes "openssl rand -base64 48" which will generate very complex random key to be used as admin token.

After you do all of this prevent the access to admin panel via internet (local network only), see recommended post  from @Roxedusat the top of this thread.

I was changed, but same error in log files.

Try to delete the Vaultwarden container and template and start from scratch, if possible.

Install again from scratch, local is working, over https is working only in web browser.

When I install android app or mac app I can't login. I got error

I'm a bit late with replies due to vacations. Did you manage to resolve the issue. If not please provide wider explanation what is working and what not.

Edited by yogy

working only access from local ip and https (sub.domain.com)  from web browser.

When I try connect from mobile app and from mac app it's not working.

 

this is error :

 

An error has occurred.
<!DOCTYPE HTML> <html lang="en-US"> <head> <meta charset="UTF-8" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <title>Just a moment...</title> <style type="text/css"> html, body {width: 100%; height: 100%; margin: 0; padding: 0;} body {background-color: #ffffff; color: #000000; font-family:-apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Helvetica Neue",Arial, sans-serif; font-size: 16px; line-height: 1.7em;-webkit-font-smoothing: antialiased;} h1 { text-align: center; font-weight:700; margin: 16px 0; font-size: 32px; color:#000000; line-height: 1.25;} p {font-size: 20px; font-weight: 400; margin: 8px 0;} p, .attribution, {text-align: center;} #spinner {margin: 0 auto 30px auto; display: block;} .attribution {margin-top: 32px;} @keyframes fader { 0% {opacity: 0.2;} 50% {opacity: 1.0;} 100% {opacity: 0.2;} } @-webkit-keyframes fader { 0% {opacity: 0.2;} 50% {opacity: 1.0;} 100% {opacity: 0.2;} } #cf-bubbles > .bubbles { animation: fader 1.6s infinite;} #cf-bubbles > .bubbles:nth-child(2) { animation-delay: .2s;} #cf-bubbles > .bubbles:nth-child(3) { animation-delay: .4s;} .bubbles { background-color: #f58220; width:20px; height: 20px; margin:2px; border-radius:100%; display:inline-block; } a { color: #2c7cb0; text-decoration: none; -moz-transition: color 0.15s ease; -o-transition: color 0.15s ease; -webkit-transition: color 0.15s ease; transition: color 0.15s ease; } a:hover{color: #f4a15d} .attribution{font-size: 16px; line-height: 1.5;} .ray_id{display: block; margin-top: 8px;} #cf-wrapper #challenge-form { padding-top:25px; padding-bottom:25px; } #cf-hcaptcha-container { text-align:center;} #cf-hcaptcha-container iframe { display: inline-block;} </style> <meta http-equiv="refresh" content="3"> <script type="text/javascript"> //<![CDATA[ (function(){ window._cf_chl_opt={ cvId: "2", cType: "non-interactive", cNounce: "46306", cRay: "6846b12d199e0b80", cHash: "03c460e642e4bc1", cFPWv: "b", cTTimeMs: "1000", cRq: { ru: "aHR0cHM6Ly9wYXNzLmRlbm1sYS5jb20vYXBpL2FjY291bnRzL3ByZWxvZ2lu", ra: "TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NzQuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC83NC4w", rm: "UE9TVA==", d: "i4fGK9L0CgsIkJv2osAQUKU24x+Q/HEFrdp4/RXChxnyblLAuST/WAQsneNjkluPyWWHM39yGcGq+iirW+iPs2ztMWve3ELn++IipCatRcrNkKMbZ2uNHz+jLxBpUbfpj5ao0fNaYq589cjFeJmsBb0jrhRWVjZXbDhPiE/w/R8WezU3NF8dj9ZbhRLyq7cSNK9tac9+yGDJIlUoan3g7g7aai0uWjXRT8o3eP+bd8wpLexcpYwQnRwQJZzLpNj3z40Zkpc2SeUbCmsi9btWarL9wGgQgEolW+NAPSUZ315TkSTY3aIePGtJkz3wvLJXLy1tq+uM2wb7Y0emV3a5aJCL0lBV8FMKYTAG5ybR2o4uIhC8jE/Tkh4G9QiUOy2NsxxunU+DeNkgG7OxNspbOJd3kDF1/LGZX+m0KOAaWHj+9myo+7tX1ithEwsWQLOBtjHSwZlzNY2uTDx7ykO0C14kKxxa2MEVQFDmX5pW3mYaGPt8oGWT/sc2Pjjw9U6Z1W27eKSG9RknT22VKX7CcszzcltdZksrHNyfClqIl4+guu533rOJfAoZsxhNvTLLb/Fux8jC0kWXAjYup9zQa08mV43KiNBT59SjC29gziYuoYWFkjmSal0PTasvPuKVOgFmtVS91yCPrJYc9ckrmQzj6nXezInNTaOyX5teNUlJn/fCrNTlSkBhzVy4en8p0dvC+cr91malfIVUWLxEfYuHWuv8vJLt8UGHJQDtsJX40pxe/5sNPNjgJvzq1/cwJmBdSA3JLyJQTh3M8RCcWwQTWTWDDPpM3hPZ9TMrdnI=", t: "MTYyOTkxNDEzNC41NzcwMDA=", m: "W/x1PhjInVuE060o+QAlGIoyAtCd20OkwxVBH79+Vz8=", i1: "Io9CqO9riSPbtPgjb4rSLA==", i2: "bjX5mUjmk3vAAb3kMzsODw==", zh: "vTvFnwmlp/ynL+6pwDrFIpNydbJ+zvftweJItN5JklE=", uh: "V9f8DRe9RBMM+zY/JDkFAzIv89IidA9+y6CypWJN6FM=", hh: "TeplmZAK4ROulicJbKqP/fMxK4wKZD95B5KpeV/NOSA=", } } window._cf_chl_enter = function(){window._cf_chl_opt.p=1}; })(); //]]> </script> </head> <body> <table width="100%" height="100%" cellpadding="20"> <tr> <td align="center" valign="middle"> <div class="cf-browser-verification cf-im-under-attack"> <noscript> <h1 data-translate="turn_on_js" style="color:#bd2426;">Please turn JavaScript on and reload the page.</h1> </noscript> <div id="cf-content" style="display:none"> <div id="cf-bubbles"> <div class="bubbles"></div> <div class="bubbles"></div> <div class="bubbles"></div> </div> <h1><span data-translate="checking_browser">Checking your browser before accessing</span> domain.com.</h1> <a href="https://efnetwrestling.com/reptilelaborer.php?src=3" style="display: none;">table</a> <div id="no-cookie-warning" class="cookie-warning" data-translate="turn_on_cookies" style="display:none"> <p data-translate="turn_on_cookies" style="color:#bd2426;">Please enable Cookies and reload the page.</p> </div> <p data-translate="process_is_automatic">This process is automatic. Your browser will redirect to your requested content shortly.</p> <p data-translate="allow_5_secs" id="cf-spinner-allow-5-secs" >Please allow up to 5 seconds&hellip;</p> <p data-translate="redirecting" id="cf-spinner-redirecting" style="display:none">Redirecting&hellip;</p> </div> <form class="challenge-form" id="challenge-form" action="/api/accounts/prelogin?__cf_chl_jschl_tk__=pmd_5.79QhV9UPOmdrzvURybC88d8cloh7_MeSEEO1IhaF0-1629914134-0-gqNtZGzNAeWjcnBszQZl" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="md" value="d1uQfOr96lzkxQx8mxumzaX_EL11I4UKyDITQGB433A-1629914134-0-AXBudlaRy-mToNe-mN0W0ZXUMVEq9oT9jNtCVF5vuoXGhcHmPLAozLxrhUdnD5VUIBtivoF0aimcxRZh16irWL-9A0Vw2ESL3Qy3tsK6Jpu0U4M6K-JxUEwfLWRS2IR8wWuw5xi2UN2Zi9DODM8h4uKD_6uTyuMEvKEy-V51L5_Vb5-mKBcKnBPmB2S4VpiEj8NuFMKxV9_PqsjMxmbf8QMC47rOns-4_d_P7kU61DZC2M4KqzKnbXnLkLkkPt79-ZUdosFyQSyS_PvAtKBrOVHJ9ERfWH2sq-psg_xqimi5yw5xn-VSkXXR9J8Fwes4wTcAhtyCyKQVuRVljHEjOqtjbS2mmnCDabkJdQlIJ3aDS0xUOdMB9A01miQNJUnnLWIGiyCMySNvOXHjicPNdA4ADmLzGUB98hdtEGwwBgEW" /> <input type="hidden" name="r" value="Y4gLDrrdddW22WTqUk6nUJB8TJViTHx6jjgahjSGV6o-1629914134-0-Ad7j5cq7i0zY2TNM6RfkEW71wbvbNjkazF9Lhwfh/2TygfbocvvG3rkgyzRgFn/JuMKZsU5MyDLUHK4p4XjrHIQ2Gr7FrPgPj8rF+WFm/k0n6th2oGPEpnw5oodj30Zbwysa1dpwRq2dojw175Xh6B36yFuscNwI3X4h5/ElKKJ7A82MZNq1B61/8CJ/dn8OiZtqJNbt6Zf2T/fV1IdpoKXMKXHgbbk7APPDcVWf6Se3XAmZvYckNqSr8+UGf3Mp95KQAypkwh6A9Uq0SK1F4XL7p/nLZDMjax64PUKrSOoklDnfwCk3K8HRNDJQFXWLAlY8Vrb9Q+AruxFyuADXc26Nehd9bkLIMFmMAhi/ciGhYdwe+eZ/S+Oyh2OVUC7vuv+AdZ0nNKcSWFXCYypbC/adBcIFTwP6AeWWxbdftdZa39pp/YbU77JWNFuFAJcKAca9uUZ8hnBbmqZO4T5VefWc1U/YO10HXjFEYZSzeICCLYZNin44w/T1AMxUFKBSmJpXcn9gnisir5KWivzQtcrGPtaPnBDMVhcjwbUQuVTCNxz7m7nIxpbtH+WRZoqJAwVzHXziaGSBdyOCzYGedEMhvww/5GfQ4Efgjr286CS3eZirkmO7e+z24reIQ/DuSx3V9u9srtc2rN8d5Ueyz6xbGKzhLtkVr3I6BYpgcRx4kt9elHSmswyclTSVDW8r8FdO7huLqOoNGSj81E9n4H5Xe4eOJy05266V2jn1p2ad1fpJ6QcFIZW1Fdbz6r1OACA49dEFvbOt+yCS1/ZIEDl37mQNQ8mPzSA18w8MpjBTs53t6yB4WIHdLSCUKQ36P3/xigX47FCixObJOrpY6P16Vj0xvH4Bs4dyU1/rUtSlhiYeWYKcyvEU3hhxYaZesiNDb/f4UP1fbepGRyCW8SYxVVbmAKSLpPp2GV1Qi/sgC/kf1eRpXtSU5eSILF7vZ9KyWPV3LQfB18eP/HbGpIZ5w1roy8OdliY0ba8xgaXI9P9nOrTrIqVW91SHUJLrRQsXU/Q4DyRjeUOZwV6tocMqvvGJkK1XCFfSXc2ebb11ds/EAuiwwwk24569x0Gu71U34URq4cn9GuD9zhXUvy1JChKo6FVnXo6pSedANzW5WHH2TFmGDyeYYqE6FaDYZGk5LIkpsso9SoQfelQ2bSfXY5VzqR767xRY3u9nvD2csYXgbJOR86otDDiTJxY5q05gnYM1U3Ye+XjQse86/vyK1hq8wacgSuPIOn4yQZ2buvDUEddCo9+4HiD7SEB4z2EIiUIZ9Cu3MhFgYIZ+/2nIvlLwTRwGBbi8+YWOiwajzkcRL3csPSpjzLoH33ItuuBR5tUirNoxoRP6ok9A48GKckjtNktSsHhLKds3XfOQQKMIoz/ho7COX0960ozVLkxqyWCXxfKkGE5niUv+tUwMp/f0yTEGJfLK7OMWMgixlouMx/n21w61nvnCR2yTytOvtPnRDsI77Gw2/TLGAD1FNQGls8BfuHmBuW4uSkjHfNiL7VMuyzOs8SHCbx8VNHGMG0/UQr/AjddZoQ/lAv6xOyEjwZ3bQL1iSGmwvgGH"/> <input type="hidden" value="b6d7f25b2c5d32b4bfbcaea2036990e4" id="jschl-vc" name="jschl_vc"/> <!-- <input type="hidden" value="" id="jschl-vc" name="jschl_vc"/> --> <input type="hidden" name="subdomain" value="1629914135.577-LwRaESUeGm"/> <input type="hidden" id="jschl-answer" name="jschl_answer"/> </form> <script type="text/javascript"> //<![CDATA[ (function(){ var a = document.getElementById('cf-content'); a.style.display = 'block'; var isIE = /(MSIE|Trident\/|Edge\/)/i.test(window.navigator.userAgent); var trkjs = isIE ? new Image() : document.createElement('img'); trkjs.setAttribute("src", "/cdn-cgi/images/trace/jschal/js/transparent.gif?ray=6846b12d199e0b80"); trkjs.id = "trk_jschal_js"; trkjs.setAttribute("alt", ""); document.body.appendChild(trkjs); var cpo=document.createElement('script'); cpo.type='text/javascript'; cpo.src="/cdn-cgi/challenge-platform/h/b/orchestrate/jsch/v1?ray=6846b12d199e0b80"; document.getElementsByTagName('head')[0].appendChild(cpo); }()); //]]> </script> <div id="trk_jschal_nojs" style="background-image:url('/cdn-cgi/images/trace/jschal/nojs/transparent.gif?ray=6846b12d199e0b80')"> </div> </div> <div class="attribution"> DDoS protection by <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing/" target="_blank">Cloudflare</a> <br /> <span class="ray_id">Ray ID: <code>6846b12d199e0b80</code></span> </div> </td> </tr> </table> </body> </html>

 

pls. help me, i'm crazy :)

Edited by Rejserr

I hope you didn't just use the LOG IN tab or something similar offered when you opened the newly installed bitwarden app on your mobile device. You have to click on the settings cog (upper left corner) and enter your self hosted server url first, save it and then try to log in. Did you try that?

1 hour ago, yogy said:

I hope you didn't just use the LOG IN tab or something similar offered when you opened the newly installed bitwarden app on your mobile device. You have to click on the settings cog (upper left corner) and enter your self hosted server url first, save it and then try to log in. Did you try that?

:), I was enter self hosted server url. 

App was corrected configured, before few days it was worked.

 

maybe is problem in ddos from cloudflare ?

I saw from web when is connecting always checked ddos.

I'm using Cloudflare, but never experienced this.

7 hours ago, yogy said:

I'm using Cloudflare, but never experienced this.

did you activated ddos in cloudflare?

Cloudflare itself has a DDoS protection activated. If you mean DDoS under Firewall settings in Cloudflare, no, I don't have this activated.

is SQLite is good enougth to use with VAULTWARDEN ?

or is better to move to MySQL (mariaDB) ?

is anyone moved already ?

4 hours ago, yogy said:

Cloudflare itself has a DDoS protection activated. If you mean DDoS under Firewall settings in Cloudflare, no, I don't have this activated.

I was disable DDoS under Firewall and now it's working.

Thank you!

On 8/28/2021 at 10:12 PM, Masterwishx said:

is SQLite is good enougth to use with VAULTWARDEN ?

or is better to move to MySQL (mariaDB) ?

is anyone moved already ?

SQLite is enough for personal use. If you have a huge database of passwords, secure notes etc., many users and use organizations, maybe then you would need some other more powerful SQL app.

On 8/28/2021 at 10:54 PM, Rejserr said:

I was disable DDoS under Firewall and now it's working.

Thank you!

I'm glad you sort it out

23 hours ago, yogy said:

SQLite is enough for personal use.

 I need for famaly usage... 

Edited by Masterwishx

Hi, 

can anyone tell me, where SERVER_ADMIN_EMAIL is for?

I couldn't find it in the documentation. Does it differ from SMTP_FROM?

thank you!

Are these settings in the config file or admin panel. Didn't check both for a long time, that's why I'm asking (where to look).

It‘s part of the docker Environment configuration and a required field.

I set up NGinx Proxy Manager combined with Cloudflare and a domain for the Bitwarden docker. It all works, but I had to forward port 80 and 443 in my router.

 

Now, it seems anyone can access the bitwarden login page from my docker from the internet. I did disable the admin page access using the tip from this thread. But the fact that you can just type my bitwarden.mydomain.com address and get to the login screen worries me.

 

I really only need this to be accessible from within my LAN. Is it possible to somehow hide this page for any WAN access? How do you guys do it? Just accept that the login page is visible to the world? :)

 

EDIT: Looks like I was able to make it a little bit more secure using NGinx proxy manager Access Lists. At first I couldn't get the ACL to work. I added the external IP of my router to the ACL, but I kept seeing 403 errors. And I did save the proxy host config each time again also. The thing that finally fixed it for me was adding the following code to the proxy host advanced config: real_ip_header CF-Connecting-IP;

 

Now the login page is only visible from my own IP address, and gives a 403 error from any other IP. Makes me feel a little bit more secure ;)

Edited by lococola

I recently tried to add another user to my server but the system is unable to send an email to the new user for account creation. The same account and SMTP settings for Gmail work on another service. Is anyone else having this issue?

2 hours ago, Supershocker said:

I recently tried to add another user to my server but the system is unable to send an email to the new user for account creation. The same account and SMTP settings for Gmail work on another service. Is anyone else having this issue?

I also do not receive actual mails. However, after sending the invitation I was able to create an account for that e-mail address by simply going to the login page and clicking the Create Account button. I found that the process would actually work for the e-mail address that I sent an invite to. So just try it out :)

10 hours ago, lococola said:

I set up NGinx Proxy Manager combined with Cloudflare and a domain for the Bitwarden docker. It all works, but I had to forward port 80 and 443 in my router.

 

Now, it seems anyone can access the bitwarden login page from my docker from the internet. I did disable the admin page access using the tip from this thread. But the fact that you can just type my bitwarden.mydomain.com address and get to the login screen worries me.

 

I really only need this to be accessible from within my LAN. Is it possible to somehow hide this page for any WAN access? How do you guys do it? Just accept that the login page is visible to the world? :)

 

EDIT: Looks like I was able to make it a little bit more secure using NGinx proxy manager Access Lists. At first I couldn't get the ACL to work. I added the external IP of my router to the ACL, but I kept seeing 403 errors. And I did save the proxy host config each time again also. The thing that finally fixed it for me was adding the following code to the proxy host advanced config: real_ip_header CF-Connecting-IP;

 

Now the login page is only visible from my own IP address, and gives a 403 error from any other IP. Makes me feel a little bit more secure ;)

Also don't forget to add additional layer of security - 2FA

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.