[support] Vaultwarden (formerly Bitwarden_rs)


400 posts in this topic Last Reply

Recommended Posts

On 2/13/2020 at 1:04 PM, Roxedus said:

It has the important bits which I was looking for, if you want to try another one you can try the one from Linuxserver. To eliminate the possibility of it being the reverse proxy, you should connect the extension to your local address on the homecomputer.

I am using the Linuxserver one now.  The extension opens up much faster now.  The extensions don't sync unless I logout and back in but maybe it's always been that way and I never noticed before.  

Link to post
  • Replies 399
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

New repository is: vaultwarden/server:latest Change it in docker settings: Stop the container Rename repository to vaultwarden/server Hit Apply and start the container

I added the following to my reverse proxy for the admin panel   location /admin { return 404; } I only access the panel locally using the direct ip.

Thanks for the thorough response. Me and the 10479 people that will ask after me VERY MUCH appreciate it :-)

Posted Images

Thanks for your help.

It keeps saying "Username and Password not accepted. Learn more at..." While I copy paste everything. Enable less secure apps is on...
When I try to login (gmail web) it says account not found. But when I do it on firefox it lets me right in ?!
Have the gmail address working in Thunderbird, send and recieve.

 

EDIT: Using my main gmail account now and it sends. Why the new gmail account I just set up yesterday won't do this is a mystery.

Edited by Gabriel_B
Link to post
1 hour ago, Gabriel_B said:

Thanks for your help.

It keeps saying "Username and Password not accepted. Learn more at..." While I copy paste everything. Enable less secure apps is on...
When I try to login (gmail web) it says account not found. But when I do it on firefox it lets me right in ?!
Have the gmail address working in Thunderbird, send and recieve.

 

EDIT: Using my main gmail account now and it sends. Why the new gmail account I just set up yesterday won't do this is a mystery.

Did you go to your google account and created a new App password? If you you 2-step verification then this is the way to get bitwarden to log in to your gmail account. 

https://myaccount.google.com/apppasswords

 

Capture.PNG

Edited by bulletjie
Link to post

Beware of putting anything important in the vault area.  I had put some stuff in there a couple weeks ago and now when I try to download an attachment on the vault it says unknown error.  I'll have to dig around in the logs to see what's going on I'll post back.

 

Edited by kilobit
Shit auto correct
Link to post
2 hours ago, milfer322 said:

 

Is there any way to activate https easily? :(

http doest works with chrome.

If your just doing a local install then map a different port on your docker container and accept the certificate error.  I don't believe this will run unencrypted.

Link to post

I setup bitwarden yesterday and it's working fine. Today I'm trying to get back in to the admin to change the url since I just setup a reverse proxy but I keep getting invalid admin token. So I changed the token and clicked apply but I'm still getting invalid admin token.

 

I did notice the container auto updated last night also. Not sure how to proceed.

Link to post
14 minutes ago, lviperz said:

I setup bitwarden yesterday and it's working fine. Today I'm trying to get back in to the admin to change the url since I just setup a reverse proxy but I keep getting invalid admin token. So I changed the token and clicked apply but I'm still getting invalid admin token.

 

I did notice the container auto updated last night also. Not sure how to proceed.

I got it. Was looking on github issues and noticed that my config.json still had the old token. I'm in now.

Link to post

Orphaned image only means that the image is not currently is used. Did you get an error after adding that parameter?

Regardless, go to the docker page on unraid, scroll down to "Add container", in the dropdown choose bitwarden, and edit the template to its previously working state.

Link to post
On 2/17/2020 at 11:21 PM, Roxedus said:

easily? reverse proxy

Dont work for me. Letsencrypt can't find a way to my bitwarden duckdns despite my fritzbox has open ports into it. I don't unterstand why and have wastet of time to fix it. It's annoying 😶 . I think the easier way would be if HTTPS is active from the beginning and you only have to replace the certificate with a correct one. 

Link to post
7 hours ago, Wetterchen said:

I think the easier way would be if HTTPS is active from the beginning

Its really not. Bitwarden_rs doesn't have a way to generate a self-signed certificate, hence why it cant be delivered with one. 
The project has its own wiki page on enabling SLL, and another page on how to use self-signed certs with it. What you are asking is extending the containers functionality. 

 

7 hours ago, Wetterchen said:

Letsencrypt can't find a way to my bitwarden duckdns despite my fritzbox has open ports into it

I can help with that, if you hop on over to the discord linked in my signature.

Link to post
19 hours ago, Roxedus said:

Orphaned image only means that the image is not currently is used. Did you get an error after adding that parameter?

Regardless, go to the docker page on unraid, scroll down to "Add container", in the dropdown choose bitwarden, and edit the template to its previously working state.

Thank you for the response. I ended up reinstalling the container. Fortunately I didn't loose my database information. What I am really trying to do is hide the admin panel. If you go to https://www.bitwarden.com/admin you can see there is no admin panel. At the very least I would like to make my admin panel more secure than just an "authentication key". Hopefully a username and password. Or at least hide the admin page. Can any of that be done?

Link to post
5 minutes ago, BrunoVic said:

you can do that on the reverse proxy. in your bitwarden.subdomain.conf you can add the following location just before the last curly bracket
 

	location /admin {
		return 404;
	}

Ideally one should be able to remove the token variable all together, but it gets synced back. 
( If one could select what variables CA syncs, that would be great winks at @Squid)

  • Like 1
  • Thanks 1
Link to post
2 minutes ago, Roxedus said:

it comes back when a user deletes a variable.

Ah.  Feature of unRaid itself.  Any update to the container will also bring in any missing ports / variables etc under the assumption that the update brings new features that might require that.

 

I'd recommend that the container is set up to ignore variables that aren't actually filled out.  

 

Alternatively, you can disable that feature completely by editing the template within /config/plugins/dockerMan/templates-user and removing the <TemplateURL> entry.  (Although at that point FCP will complain, but that can be ignored)

 

Over the years, the updating of the template has proved to be useful as the apps themselves evolve, (ie: webUI entry changes), but it's never going to be a perfect system.

 

Because of the maintainers who did fill out that entry in the first place did it wrong (fully 50% of them), CA's appfeed now handles it and there is no more access to that entry in the webUI anymore.

Link to post
3 minutes ago, Squid said:

Feature of unRaid itself. 

Interesting. Would be nice to be able to specify if a variable would be synced like that. 
 

 

4 minutes ago, Squid said:

I'd recommend that the container is set up to ignore variables that aren't actually filled out.

I agree, and this one doesn't. I have made a request for allowing it to be empty, but i don't see it going into fruition. 

Link to post

 

17 minutes ago, Roxedus said:

Interesting. Would be nice to be able to specify if a variable would be synced like that. 
 

 

I agree, and this one doesn't. I have made a request for allowing it to be empty, but i don't see it going into fruition. 

So you think it would be useful to have something like a "noUpdate" attribute on the applicable <Config> entry so that the system when it updates will ignore that element and not add it in again... @binhex?

 

 

Link to post
2 minutes ago, Squid said:

So you think it would be useful to have something like a "noUpdate" attribute on the applicable <Config> entry so that the system when it updates will ignore that element and not add it in again

Exactly. There is multiple scenarios i can see where it would be handy. Like linuxservers mariadb which only uses some variables at first run. 

Link to post

OK.  So how would this scenario work:

 

  • User installs template X
  • Sets it up and deletes the applicable config
  • Updates happen and that entry never gets repopulated into the user template
  • Buddy decides for whatever reason to start over again from scratch with their appdata.
  • Deletes the applicable appdata folder, uninstalls the app, then reinstalls from previous apps.

Now that particular variable is missing from the template, and the container won't install properly

 

 

It's basically nothing (1 line of code) to have docker updates ignore a config update if an attribute is present.  But I can foresee situations like the above happening.  I think what I'll do instead is allow on the template instead a flag to have the appFeed skip populating the TemplateURL which will also fix the problem (but has other caveats), but is probably easier to deal with in the long term.

Link to post
  • Roxedus changed the title to [support] Vaultwarden (formerly Bitwarden_rs)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.