Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[support] Vaultwarden (formerly Bitwarden_rs)

Featured Replies

19 hours ago, Archonw said:

Try to disable "cache assets".

Thanks for your reply!

This worked! Yesterday..

Today I tried to edit an entry but couldn't save it. I get the same error message again.

I then logged out of the the app and couldn't login again. :(

 

Edited by Moll

  • Replies 734
  • Views 278.2k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • I added the following to my reverse proxy for the admin panel   location /admin { return 404; } I only access the panel locally using the direct ip.

  • New repository is: vaultwarden/server:latest Change it in docker settings: Stop the container Rename repository to vaultwarden/server Hit Apply and start the container

  • log showing [NOTICE] You are using a plain text `ADMIN_TOKEN` which is insecure. Please generate a secure Argon2 PHC string by using `vaultwarden hash` or `argon2`. See: https://github.com/dani-gar

Posted Images

Hi all, I encountered issue logging in any devices (Mac OS, Windows, IOS etc), but web login is fine. I don't see any error through vaultwaden log. I have tried removing the app & reinstall, creating a new account along with new email & password, log in & out (I won't be able login again once I log out). I have things backup, but the problem is that I won't be able to use any form of vaultwarden client; all clients don't talk to the vaultwarden app anymore (entering the password don't trigger the log at all).

 

As far as I noticed the rsa_key.pem has been changed when I change the network type from a bridge to a custom network. I don't know if this is a cause of it.

nothing wrong with the cloudflared tunnel & firewall. I use cloudflared tunnel, and I can log in anywhere through any browsers. also nothing wrong on the OS side, Installing vaultwarden on a fresh copy of OS doesn't solve the problem either.

Screen Shot 2024-04-12 at 2.35.13 PM.png

 

Screen Shot 2024-04-12 at 10.07.00 PM.png

 

Screen Shot 2024-04-13 at 8.59.17 AM.png

Edited by winglam

Hey braintrust, I've got vaultwarden currently exposed to the internet through a cloudflare tunnel pointing to traefik reverse proxy but am looking to make it only available on my internal network (and on tailscale VPN) for increased security. I know that vaultwarden needs HTTPS to function but can't work out a way to make my subdomain (vaultwarden.mydomain.com) point to traefik so that it can generate a wildcard SSL certificate for vaultwarden. I tried to follow this guide linked below but when I set up the DNS record on cloudflare to point to my internal server address, it just leads to the unraid login page rather than vaultwarden and I don't have the ability to add a port number on the DNS record. How can I make the DNS record point to the traefik port of my unraid server?

 

https://github.com/dani-garcia/vaultwarden/wiki/Running-a-private-vaultwarden-instance-with-Let's-Encrypt-certs

 

  • 1 month later...

FYI: The user, who posted on April 18, 2024 (see just two posts above), seems to have identical problem that I am having.

 

  1. I am unable to access vaultwarden (VW) via MacOS desktop Bitwarden app, and iOS Bitwarden app.
    1. MacOS desktop app error: "Failed to fetch"
    2. iOS app error: "An error has occurred. Exception message: An SSL error has occurred and a secure connection to the server cannot be made"
  2. I do not have any problems accessing VW either via browser (intra- or internet) or via browser add-ons.

Moreover, accessing (1) was never an issue with retired bitwarden docker (before it was renamed to vaultwarden).

 

Background store:

  • I installed bitwarden (BW) ~6 years ago. Everything worked well. Access by any means (browser, browser add-on, MAcOS desktop app, iOS app)
  • When bitwarden docker was retired and replaced with VW docker....all I did was reuse the same BW docker, and changed repository to "vaultwarden/server"
  • Today, I installed the new VW docker on UNRAID... set it up the way I set up BW. Access via intra/internet using browser/browser-addon, works fine. However, access is not possible on MacOS desktop Bitwarden app (downloaded from Apple Store) and iOS bitwarden app
  • ATM, I have two dockers in UNRAID running (BW and VW). Both point to the same repository.
    • BW dockers works perfectly fine.
    • VW: issues as explained above

 

Attached are proxy config files from SWAG, and diagnostics files from each docker. The latter seem pretty similar.

 

When I look at both VW and BW DOCKER-specific(!) CLI logs when trying to login to MacOS Bitwarden desktop app:

  1. on BW CLI, I can see server responds to when username is entered, then password
  2. on VW CLI, server doesn;t respond to anything. It's as if no requests are being made to server at all.

 

How do I solve this issue?

Thnx

 

 

 

Edited by tmor2

  • 2 weeks later...

Please add the Log Variable/Storage to the Template.

On 5/31/2024 at 5:24 AM, Revan335 said:

Please add the Log Variable/Storage to the Template.

If this was in response to my comment, then I do not understand what you are talking about. Can you explain?

 

Where is "log Variable/Storage" and where is "Template"?

Edited by tmor2

3 hours ago, tmor2 said:

If this was in response to my comment, then I do not understand what you are talking about. Can you explain?

 

Where is "log Variable/Storage" and where is "Template"?

No.

The Maintainer of the Docker Container Template can ad this. Maybe @Roxedus  can this.

 

This from here was mean:

On 3/5/2024 at 3:05 PM, Discode said:

LOG_FILE: /logs/vaultwarden.log (This variable has to be manually added. See LOG_FILE and Log Storage)

Log Storage: /mnt/user/appdata/logs/ (This variable has to be manually added. See LOG_FILE and Log Storage)

 

On 3/5/2024 at 3:05 PM, Discode said:

Log Storage Path

This is used for fail2ban.

Under SWAG's docker settings, Add another Path, Port, Variable, Label or Device

Setting:  Value

Config Type: Path

Name: Log Storage Path

Container Path: /logs

Host Path: /mnt/user/appdata/logs/

Default Value: 

Access Mode: Read Only

Create a folder wherever you would like(Host Path). In my case I used `/mnt/user/appdata/logs`

On 5/19/2024 at 6:19 AM, tmor2 said:

I installed bitwarden

Bitwarden have a official Docker Container?

I mean this was a Beta (All in One and easyer, better, performance) and the old one was a Bundle of many separated Docker Containers and not so easy and bad performance. So my informations about this two ways from bitwarden.

It's a pain the ass and I gave up. I end up self-hosting official bitwarden on my mini server proxmox instead. which is good, I can free up more resources for my unraid server.

Edited by winglam

  • 2 weeks later...

Hi all,

 

I was browsing the diagnostic page on the admin panel and found out that under the 'Check', 'Uses reverse proxy' and 'Internet access via proxy' are set to 'no'.

 

I know I've set up reverse proxy via Cloudflare with correct DNS set up and tunnelled as well. I can access the site via https and log in perfectly fine (though when I click on the 'vault' through the vault admin panel, it shows up as http)

 

I can't seem to figure out why and it's making me paranoid that my server is exposed to the internet.

  • 2 months later...

I'm concerned about a security vulnerability because Vaultwarden requires HTTPS, and the instructions tell me to use a reverse proxy.  Using a reverse proxy opens up my password vault to everyone on the internet.

 

Is there something I can do/use to limit my security risk?  I want to use a selfhosted password storage solution to store/access my passwords from my phone, laptop, desktop devices.  

 

Thank you.

  • 1 month later...

Hi I have a question, how can I disable the admin panel if I dont use ngix proxy manager but only CF tunnel, I know I could put a rule in the firewall but I wonder ifg there is an easier way in the container itself. The official instructions says that i need to delete the admin token and remove the variable from the container.

This is for anyone experiencing the 502 Bad gateway when importing data into vaultwarden.

I am using swag for reverse proxy.  Make sure that you use the vaultwarden container IP address as $upstream_app instead of default (which is the name of the docker).

My mistake was that I only used IP address for "location / {", It is when I scrolled down on that conf file, I realised there are separate section for /admin , /api and /notification as well.

 

I hope this helps someone.

On 9/10/2024 at 11:29 AM, Jaybau said:

I'm concerned about a security vulnerability because Vaultwarden requires HTTPS, and the instructions tell me to use a reverse proxy.  Using a reverse proxy opens up my password vault to everyone on the internet.

 

You only open a vault to the internet if you open your vault to the internet. ;)

 

In other (less cheeky) words, opening means opening ports on your firewall/router - don't do that. Running a reverse proxy without opening ports doesn't expose anything to the outside. Everything will be accessible only to your LAN (the starting point).

 

Now to make it work with you mobile clients, you'd set up Tailscale. That doesn't require opening any ports and lets you access your lan machines/services from anywhere else on your devices that are set up as part of the same "tailnet."

 

This is how I've got my network set up. No one can come in. Only my family can access our vaults, via our personal devices which are part of the same tailnet.

 

  

On 10/20/2024 at 3:31 AM, Kraizel said:

The official instructions says that i need to delete the admin token and remove the variable from the container.

 

That works. You won't be able to access the admin features if there's no token. If that solves it for you, just make the changes to your docker settings.

 

Otherwise, the reverse proxy solution is nice because you can maintain admin access for local connections and deny it for external. But if exposing it to the outside, you really should consider Tailscale or another mesh VPN, to avoid opening ports on your LAN.

 

 

Edited by Espressomatic

  • 1 month later...

I have a two part question:

Maybe a dumb question but I'm not an IT guy. Just a hobbiest.

 

1. I have Swag running and have ssl running on swag. So to access any of these feature you must put       <https://webaddress_name>/api or whatever, the outside connection is https. internally it forwards to http

 

    location ~ (/vaultwarden)?/api {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app 192.168.x.x;
        set $upstream_port 4040;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

    location ~ (/vaultwarden)?/notifications/hub {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app 192.168.x.x;
        set $upstream_port 4040;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

image.png.d8fb449063bc643e404290ea326d1c29.png

 

 I am assuming this is ok? externally its encrypted internally its not.

 

Second question:

I have enabled emergency access. But when I go to try to enter the info and then click "save" nothing happens.

What am I doing wrong?

image.thumb.png.0f4777a7230f0b8fbfaacf9a5526f382.png

 

image.thumb.png.23ddf0f84c54a427c2f9a3636ec2b3c6.png

 

Maybe I have a third question if its not to much.

I created a "organization" called "family" which I would like to be able to share some passwords across. I am the owner of the organization and the admin. Maybe I should have created a separate admin account or does it matter? I want to invite another user to that "family" but cant seem to find how to add them? Any tips?

Edited by xokia

I can only answer question 2 and 3 since I don't use Swag and I'm not familiar with it.

Question 2:

you probably didn't configure SMTP Email Settings in the Admin console. Do that and email can be sent to user, the same goes for invitations (but you have to enable that option first >> Allow invitations.

Question 3:

You just create additional users in the Admin console (see attached picture) with whoom you would like to share passwords within organisation. To be able to invite new users you have to do the same as per question 2, configure SMTP Email Settings and enable Allow invitations.

 

Screenshot 2024-12-17 070453.png

24 minutes ago, yogy said:

I can only answer question 2 and 3 since I don't use Swag and I'm not familiar with it.

Question 2:

you probably didn't configure SMTP Email Settings in the Admin console. Do that and email can be sent to user, the same goes for invitations (but you have to enable that option first >> Allow invitations.

Question 3:

You just create additional users in the Admin console (see attached picture) with whoom you would like to share passwords within organisation. To be able to invite new users you have to do the same as per question 2, configure SMTP Email Settings and enable Allow invitations.

 

 

Yea I setup the admin email

 

I am part of "family" but I cant set the other user as part of family. And the emergency contact thing refuses to "save"

 

image.thumb.png.1f03e696d1a99231214dfb47b8976dd9.png

 

image.thumb.png.ac7bf7b9ed4d81fc39be4ea88e5e6d6d.png

Maybe a stupid question, but you did test if SMTP Email Settings is actualy working properly?

31 minutes ago, yogy said:

Maybe a stupid question, but you did test if SMTP Email Settings is actualy working properly?

yea email test works fine. Not a stupid question appreciate the help. I went through the basic things and couldnt get it to work.

 

image.png.bf7d512c90718bcd065221e1b72ffe4c.png

 

VW itself is fully functional and we use it for our passwords both on PC and our iphones. The emergency access and shared "organization" to share specific passwords I cant seem to get to work.

Edited by xokia

Under "gerneral settings" is Enable emergency access. Did you activate this?

2 minutes ago, Archonw said:

Under "gerneral settings" is Enable emergency access. Did you activate this?

The picture above says he did.

 

Hmm, I'm out of options. Maybe you should change something in the config file.

Thanks for the hint. I'd rather go back to sleep. ;-)

  • 4 weeks later...

I have also set up my vaultwarden so that it is almost satisfactory. Since my vaultwarden installation is only to be accessible in the local LAN, my domain points to my local IP. Everything works well. A minor blemish is only if I am not in my LAN or connected via VPN, I have no icons in the entries. As soon as I am connected, however, it will be displayed. I have seen an icon server in the iOS app. I tried with https://icons.bitwarden.net, but still no icons appear in "Database offline mode ". Is there another way?

  • 1 month later...

Does anyone set a custom icon for Vualtwarden docker?

 

I'm seeing that regardless of the icon I specify, within a week or two, the icon file is deleted from the share it normally sits in.

The icon is in a folder containing some 100+ png files. Every other file is still there. Once the file goes missing, I can edit the docker settings, change the icon to use another file, and soon that file will also go missing.

 

 

  • 4 weeks later...

Unfortunately, my Vaultwarden install stopped loading the GUI. I can get into the admin page with no problem. The log shows nothing abnormal in my understanding. Being quite the newb with Vaultwarden and only halfway educated with Unraid, I don't know how to move on. If you need anything more, just let me know.

vaultwarden_log.webp

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.