[support] Vaultwarden (formerly Bitwarden_rs)

[Akshunhiro]

On 10/19/2023 at 11:12 AM, Akshunhiro said:

???

[JonathanM]

2 hours ago, Akshunhiro said:

Probably need to ask your question in the Vaultwarden application support area, https://github.com/dani-garcia/vaultwarden/issues

This forum is for issues with setting up and deploying the container template in Unraid, the people here can't really help with application specific issues, unless they have run into the same thing and happen to know the answer.

[rama3124]

Hi, I regularly experience my bitwarden logging out on all my devices, more than 3 or 4 times a week. When I check the vaultwarden logs, i see:

[error][ERROR] 2FA token not provided

 

I do have 2fa setup (yubikey) but never had an issue with it randomly logging out until I started self hosting. When I looked up this error online, someone else mentioned it could be the reverse proxy modifying the headers. I use traefik and had security headers middleware running so removed this from the vaultwarden container but this didn't fix anything. I also use crowdsec and geoblock middleware on traefik but don't think this modifies headers. Has anyone else experienced this issue?

[ultimz]

Hi,

 

Running the latest version of Vaultwarden and I enabled the push notifications as well. I am also using Nginx Proxy Manager to expose it (with just https and nothing on 3012)

 

I can see from the logs that I am getting these errors:

 

[2023-11-20 12:42:12.277][rocket::server][ERROR] Upgraded websocket I/O handler failed: WebSocket protocol error: Sending after closing is not allowed

 

Is there something I need to configure on NPM or Vaultwarden?

[ultimz]

On 7/17/2023 at 10:31 AM, yogy said:

Here is a very quick guide how to use Argon2 hash for Vaultwarden. You can use different ways to enable access to admin page here but like I said, this is a very quick solution:

1. Go to https://argon2.online/
2. Enter a passphrase in Plain Text Input, click once on the Salt cogwheel and leave everything as default and click GENERATE HASH
3. Go to Vaultwarden Admin's Page >> General Settings and replace your current admin token in plain text with the generated hash value ($argon2i$v=19$m=16,t=2,p=1$YnJvYm1vSD...........)
4. Save and restart the vaultwarden container
5. To login to admin's page you must use your plain text value, not the hash

 

I hope you will find this very quick tutorial useful.

 

@yogy does the docker variable (ADMIN_TOKEN) also need to be updated?

[yogy]

1 hour ago, ultimz said:

@yogy does the docker variable (ADMIN_TOKEN) also need to be updated?

If all you did is generate the hash from the same passphrase, then no.

[ultimz]

Perfect thanks @yogy that worked

[yogy]

6 hours ago, ultimz said:

Hi,

 

Running the latest version of Vaultwarden and I enabled the push notifications as well. I am also using Nginx Proxy Manager to expose it (with just https and nothing on 3012)

 

I can see from the logs that I am getting these errors:

 

[2023-11-20 12:42:12.277][rocket::server][ERROR] Upgraded websocket I/O handler failed: WebSocket protocol error: Sending after closing is not allowed

 

Is there something I need to configure on NPM or Vaultwarden?

Maybe this can help

[ultimz]

Thanks again @yogy - seems to have worked... I'll test and post back if I pick up any issues. I have just set WEBSOCKET_ENABLED to false and removed the port mapping for 3012

[mgranger]

I am currently running into issues where I can't access vaultwarden anymore.  I am using unraid and when I select the webui it goes back to unraid rather than vaultwarden... Any ideas on why this is?

[rutherford]

Migrated to a new server this evening. It did not go well. I ended up with a fresh install. Previous install was working, so I was able, via the windows chrome plugin, to Settings > Export Vault to json file. Re setup the users, login, and restore from the json file.

Works, but wonk-city. This guide was useless: 

https://bitwarden.com/help/migration/#tab-host-to-host-52Q80N79LCU2kkRJpuPKMy

I couldn't find the bwdata/ anywhere, or the uid whatever. <bah>

it's done.

[Arnavisca]

Hello. When I want to set webauthn for yubikey I get this error:

 

There was a problem reading the security key. Try again.

 

Windows 11, Chrome.

 

Has anyone had a similar problem?

[Arnavisca]

21 hours ago, Arnavisca said:

Hello. When I want to set webauthn for yubikey I get this error:

 

There was a problem reading the security key. Try again.

 

Windows 11, Chrome.

 

Has anyone had a similar problem?

 

OK.

Change in admin panel - general setting - domain url 

 

http://localhost 

 - >  to your real domain

https://bitwarden.xxx.xxx 

[Archonw]

Thanks for posting the solution.

[epark001]

Hello, 

Inline auto fill has been recently released on the browser extension side and works with an bitwarden.com account but when I switch the vaultwarden it is not there. I was wondering if there was  way to enable this or possibly like a env variable or flag that can be set in order to help turn this on? Thank you!

https://community.bitwarden.com/t/inline-autofill-menu-formerly-known-as-overlay-popup-interface/14/1

https://community.bitwarden.com/t/just-released-new-inline-auto-fill/61436/1

[rehlee]

On 9/5/2023 at 4:58 PM, nightpoison said:

So, I appear to be going in circles. I'm going to stop where I'm at, and stick with what I have, but I need to get an issue resolved. 

I've torn down the cloudflare tunnel and went back to port forwarding, using a reverse proxy with nginx, and cloudflare. Here are the steps and the settings I've used. 

 

setting up cloudflare: I already had my domain moved over and handled by cloudflare, so I didn't need to do anything here, but my first step was to setup  new api token. within cloudflare I clicked on profile>api tokens> create token > edit zones > change token name > zone resources > all zones > continue to summary > create token. 

 

it was at this stage I copied the test and pasted into the unraid servers terminal. It appears to have passed with no issues. I copied the api token. 

 

setting up nginx: installed nginx on unraid. I updated the HTTP and HTTPs ports to 1880 and 18443. luanched the UI and first step was to create a ssl certificate. Add ssl cert > lets encrypt > domain names > *.domainname.com > email address > use dns challenge > provider > cloudflare> inserted api token from cloudflare
 

setting up vaultwarden: installed vaultwarden, simply set signup to true. 

 

setting up cloudflare ddns: installed cloudflare-DDNS. configured it with my email that associated with cloudflare, set the doman, and provided the global api key from cloudflare's website. clicked done. Went to cloudflare and verified that the A record has been created. 

 

setting up reverse proxy: visted cloudflare > clicked on domain > dns records > added cname for warden

 

 

next I went to nginx proxy manager and added a new proxy host. 

 

after which I click on the link and I get this error

 

 

if I click on docker and select webui, I'm now able to gain access to the vaultwarden admin, thanks to @yogy's suggestion for updating the admin token. However if I click vault, I get a login, but when I attempt to access it with my password. I get this error. 

 

which doesn't make sense, as I believe I've configured my reverse proxy correctly. 

 

Any insights?

 

 

I believe I just dealt with a similar if not same bad gateway issue setting up my Vaultwarden instance. In Docker, are you using a custom docker network for the nginx and vaultwarden containers? And in nginx are you using your server’s localhost IP or the vaultwarden container name? For me, I have both nginx and vaultwarden set to a custom docker network and I found that if I was using the container name in the proxy host, I had to set the forward port to 80 in the nginx proxy host to get vaultwarden to load successfully via domain name. If I used the unraid server's local host IP, I could set the port to the default 4743 and it would also successfully load. Container name + 4743 which I initially had led to 502 bad gateway.

 

So my hypothesis is this is due to using the custom docker network, because in the Docker tab, I see the port mapping for vaultwarden is "172.19.0.4:80/TCP <-> [localhost IP]:4743". And in the Install / Update Container page for vaultwarden, it doesn't seem to allow changing the Container Port from 80, which is what I am guessing is being used by the custom docker network, so that the container name is resolving to the 172 address instead of the server’s local IP. I am still very new to Unraid and I don't have much experience with Docker containers and templates.

Edited January 4 by rehlee
Additional details.

[Januszmirek]

Hi, not sure if this was ever asked about. I am having issues with different recognition of the credentials on a mac machine (using fire fox plugin) vs safari plugin on my iPhone. This is with services on my home server where the IP is the same but each service is using different port. On my mac this works flawlessly where each service' address is defined as 'regular impression'. So when i punch say 192.168.10.2:6060 address it only gives me a single credentials to fill in the login and password form as seen below, and not say 15 different options for every service set up under 192.168.10.2.

 

On my iPhone this sadly is not the case. First of all the suggested credentials are NOT for the service I am trying to access.

 

 

And second, I need to manually expand the drop-down list to pick up the right credentials. Not only the port is not recognised but because the drop-down menu only shows the logins, not the service address or name, it is really frustrating to actually remember by heart which credentials on the list is the right one. If anyone knows how to solve this issue on the mobile device, please share the solution;)

 

[showstopper]

Does anyone know how to force 2FA for users? It is setup and working, but they do not HAVE to use it.

[phat_cow]

Is it possible to login with passkey instead of master password yet?

[Tucubanito07]

Does anyone know hot wo fix this issue? Any help is greatly appreciated.

 

[panic][ERROR] thread 'rocket-worker-thread' panicked at 'Error loading ciphers: DatabaseError(Unknown, "database disk image is malformed")': src/db/models/cipher.rs:686

[Discode]

Hey guys I created a guide in setting up Vaultwarden and Swag together in Unraid. Hopefully it'd be helpful to you guys trying to set this up. Also let me know if I can add anything to this. This was pretty much how I setup Vaultwarden so if I missed something, I'd like to fix it for my own server as well.

I added the guide to the forum as well: 

 

Edited March 7 by Discode
Added guide to the Unraid forum

[Ectropian]

I'm making a tutorial for my wife on moving my VW Vault back to Bitwarden's Website should anything happen to me (She is super anti-technical).  I want to be sure that any Exports are done via Encrypted .json, but when I try to import back to Bitwarden, I get the following error.

 

 

There doesn't seem to be a way to "Set" the encryption key on the website to match your export key.  The only options are to Change the key ramdonly, or to view the current key.  Is the only way to import a vault in non-encrypted .json or .csv state?

[Moll]

Exeption message: net_http_request_timedout, 100

 

Hallo everybody,

i recently switched my domain. Just the domain, not the provider.

Everything seemed to work. Brower, Browser-extension, IPad - until i tried to login on the Android app.

After entering my serveradress it takes some time and then i get this message: net_http_request_timedout, 100

 

yesterday it worked after i played around with these Settings in nginx. But today it is not working anymore.

 

Any suggestions?

 

I have accidentally found that my Android phone can sync when using my WireGuard VPN. This is not a complete solution, but it is an easy workaround.

 

 

Looks like i solved it! (I didn't -.-)

I'm not 100% sure what the solution was. But what I did was:

Deleted the nginx config and all old certificates on the SSL-Certificates tab.

Then I deleted all certificates my phone. (searched for certs in Android-settings)

Created a new nginx config with a new certificate. 

profit.

 

Edited April 19 by Moll

[Moll]

On 4/3/2024 at 9:06 AM, Moll said:

SOLVED: Exeption message: net_http_request_timedout, 100

 

Hallo everybody,

i recently switched my domain. Just the domain, not the provider.

Everything seemed to work. Brower, Browser-extension, IPad - until i tried to login on the Android app.

After entering my serveradress it takes some time and then i get this message: net_http_request_timedout, 100

 

yesterday it worked after i played around with these Settings in nginx. But today it is not working anymore.

 

Any suggestions?

 

Looks like i solved it!

I'm not 100% sure what the solution was. But what I did was:

Deleted the nginx config and all old certificates on the SSL-Certificates tab.

Then I deleted all certificates my phone. (searched for certs in Android-settings)

Created a new nginx config with a new certificate. 

profit.

 

 Unfortunately this worked only one night. This morning I wasn't able to sync the android app. -.-

I find a lot of posts on the internet that have similar problems, but I can't find a solution.

Are there error logs on both sides I could check?

[Archonw]

Try to disable "cache assets".