[support] Vaultwarden (formerly Bitwarden_rs)


382 posts in this topic Last Reply

Recommended Posts

Loving this Docker! Thanks for the great efforts.
I am getting an error though. Everything works from outside my network but not the internal. When trying to log in I get "Cannot read property 'importKey' of null". The browser extension just says wrong username or password.
Any idea?

Are you browsing trough a reverse proxy?
Link to post
  • Replies 381
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

New repository is: vaultwarden/server:latest Change it in docker settings: Stop the container Rename repository to vaultwarden/server Hit Apply and start the container

I added the following to my reverse proxy for the admin panel   location /admin { return 404; } I only access the panel locally using the direct ip.

Thanks for the thorough response. Me and the 10479 people that will ask after me VERY MUCH appreciate it :-)

Posted Images

18 minutes ago, Roxedus said:


Are you browsing trough a reverse proxy?

Locally I go through "http://192.168.x.zzz:y/#/" which doesn't work.

Outside my network I use a reverse proxy (LetsEncrypt) which does work.

Does that help answer your question? I appreciate any suggestions!

Link to post

I'm having the same issue... I go to https://dnsname.domain.com to login and it now tries to resolve to:  https://_/  or  https://_/admin (if using admin).  dcpdad is correct in that if you try to resolve outside your network, it resolves fine.  as of last night, it was working fine.  after the latest update, it stopped working.

Link to post

Hi.  I should have tried this before, but I tried with FireFox and it worked fine.. I ended up clearing out all the cookies from Brave and it started to work fine under the original letsencrypt conf file.  I did try the other one as well and both seemed to work fine.  Odd that a cookie issue would also stop the main bitwarden app from working as well... but stranger things have happened I guess.. Thanks for the help and the replies!

Link to post

I have two problems. First I am not able to have a new user created. When I invite the user they get a link in the email. When they click "create account" I get a response saying "you logon session has expired" and it will not allow them to create an account. Second problem is that any changed I make under settings>options they don't stick. They revert back to the way they were before.

Link to post
1 hour ago, zenmak said:

Hi.  I should have tried this before, but I tried with FireFox and it worked fine.. I ended up clearing out all the cookies from Brave and it started to work fine under the original letsencrypt conf file.  I did try the other one as well and both seemed to work fine.  Odd that a cookie issue would also stop the main bitwarden app from working as well... but stranger things have happened I guess.. Thanks for the help and the replies!

Bingo! Same result here. Switched from Chrome to Safari and it worked fine.

Thanks all for the help and responses!

Link to post
53 minutes ago, BrunoVic said:

you logon session has expired

Is the time in the container correct? check with `date` in a console to the container. 

 

56 minutes ago, BrunoVic said:

any changed I make under settings>options they don't stick

First guess is that the database is in read-only mode, checked the container logs?

Link to post
2 hours ago, Roxedus said:

So the issue you guys are having, is that chrome disallows insecure connections and cryptokit. It makes me believe that the reverse proxy isn't fully over https.

no idea.. it's working fine now under Brave since I cleared out my cache and cookies.. browser app is also working now as well under Brave. 

Link to post
9 hours ago, Roxedus said:

Is the time in the container correct? check with `date` in a console to the container. 

 

First guess is that the database is in read-only mode, checked the container logs?

I have the exact same problem as BrunoVic.

The date/time is correct. The Bitwarden dockerlogs tells me this:

[WARNING] The following environment variables are being overriden by the config file,
[WARNING] please use the admin panel to make changes to them:
[WARNING] SIGNUPS_ALLOWED, INVITATIONS_ALLOWED, ADMIN_TOKEN

[2020-03-20 09:00:11][ws][INFO] Listening for new connections on 0.0.0.0:3012.
[2020-03-20 09:00:11][start][INFO] Rocket has launched from http://0.0.0.0:80

I have followed the guide that Spaceinvader One posted on youtube and used a xxx.duckdns.org domain.

Is the letsencrypt config correct?
 

resolver 127.0.0.11 valid=30s;
upstream bitwarden {
    server bitwardenrs:80;
}

server {
    listen 443 ssl;
    server_name xxx.duckdns.org;
    include /config/nginx/ssl.conf;
  client_max_body_size 128M;

  location / {
   proxy_pass http://bitwarden;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
  
  location /notifications/hub {
   proxy_pass http://bitwarden;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }
  
  location /notifications/hub/negotiate {
    proxy_pass http://bitwarden;
  }
}

 

Link to post

So I checked the time and it is correct. The error logs show this [2020-03-19 17:27:37][error][ERROR] Registration not allowed or user already exists. Problem is I created the user in the admin panel and it sends out an email prompting the user to create an account. How can the user create an account that I already created? I cannot create a password for them in the admin panel. The only way around this was to temporarily allow the user to create their own account in the admin panel and then disable that when I know they've created the account. When I first launched this container I didn't have to do that. Second as for the configs not saving the storage was already read and write. So I am not sure why any changes I make don't save.

Edited by BrunoVic
Link to post
On 3/20/2020 at 7:34 PM, BrunoVic said:

So I checked the time and it is correct. The error logs show this [2020-03-19 17:27:37][error][ERROR] Registration not allowed or user already exists. Problem is I created the user in the admin panel and it sends out an email prompting the user to create an account. How can the user create an account that I already created? I cannot create a password for them in the admin panel. The only way around this was to temporarily allow the user to create their own account in the admin panel and then disable that when I know they've created the account. When I first launched this container I didn't have to do that. Second as for the configs not saving the storage was already read and write. So I am not sure why any changes I make don't save.

We seem to have similar problems. I solved my problems with an uninstallation of Bitwarden, also deleted the folder in appdata. And after that I installed it again with the same settings. Now everything works like a charm. :)

Link to post
  • 2 weeks later...

so, i read that this is a known issue.  I was struggling with this today.

 

https://www.reddit.com/r/Bitwarden/comments/9azs1d/unraid_docker_issues/

 

Quote

Tweak3D 3 points·1 year ago

So I did hear back that this is a known issue when using HTTP via chrome and its not expected to be fixed as the issue surrounds security API's that are not available via HTTP. The work around is to either us another browser or implement HTTPS on the docker which will allow it to work as expected.

 

so it works fine under https in brave, chrome safari and firefox.

 

dont know what to think of that. 

Link to post

I am having an issue that recent replies in this topic have stated but I haven't seen a definite fix. I am passing this site external via the same spaceinvaderone let's encrypt config that someone else mentioned. When trying to navigate to my external URL the page gets redirected to "https://_" This happens both internal and external. If I try to navigate to the IP:Port of the container, launching via the weburl shortcut in Unraid, it takes me to the login page. When trying to login I get the following error and it does not proceed. 

 

An error has occurred.

Cannot read property 'importKey' of null

 

Not sure what to do with this.

Link to post
1 minute ago, gRuNdLeKrEiSt said:

URL the page gets redirected to "https://_"

Classical example of a bad configed reverse proxy. You can start with replacing the server_name to your bitwarden domain.
 

 

2 minutes ago, gRuNdLeKrEiSt said:

Cannot read property 'importKey' of null

This is normal when trying to login over http with chrome. 

Link to post
18 hours ago, Roxedus said:

Classical example of a bad configed reverse proxy. You can start with replacing the server_name to your bitwarden domain.

My server_name was "server_name bitwarden.*;" but I just changed it to the full url and it still doesn't work. I just don't understand why this would have worked for the past several months and then all of the sudden it stopped.

Edited by gRuNdLeKrEiSt
changed wording and quote
Link to post
On 4/1/2020 at 3:46 PM, Roxedus said:

Classical example of a bad configed reverse proxy. You can start with replacing the server_name to your bitwarden domain.
 

 

This is normal when trying to login over http with chrome. 

My bitwarden setup started working over the weekend not sure what the problem was. Thanks for the help anyway.

Link to post

Whether I try the config from Spaceinvader or the LSIO config, I cant reach bitwarden over letsencrypt reverse proxy, it just shows the default letsencrypt page "The website is currently being setup under this address." etc. In the LSIO file I exchanged ALL locations to

set $upstream_app bitwardenrc;
set $upstream_port 8086;

of course, also tried with port 80.

 

Both letsencrypt as well as bitwardenrc are running on a custom net `localproxy`, the port passed to bitwardenrc is 8086, I can reach bitwardenrc over [serverip]:8086 just fine, other containers work just fine reverse-proxied by letsencrypt (i.e. gitlab, code-server).

 

The one thing that doesnt work with other containers either is having them either on localproxy or on the macvlan driver (br0) with independent ip and using letsencrypt to forward to them. So this option, which is suggested in the file from spaceinvader, doesnt work either.

Edited by 9smtm6
Link to post
  • Roxedus changed the title to [support] Vaultwarden (formerly Bitwarden_rs)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.