This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Domain URL configuration results in 404 #1694
Comments
|
It kinda looks like you manually changed the If you want to change the domain i suggest to use the |
|
Hi, thx a lot for your Support! I have deleted the config and set env Variables but it's still the same behavior. When I set the domain env variable it comes up with the same error message. I have set -e LOG_LEVEL debug but it does not show up in the admin panel. Do you have some more tipps where to search? |
|
Does the changed setting not appear in the support string? All the logs are going to a file in the data folder by default. The file is called vaultwarden.log Also check the logs of the reverse proxy you use. |
|
I have set all parameters as docker env variables and everything shows up in the support string ... except log_file "log_file": null, |
|
The try to use |
|
Thx a lot. Any hint how to debug further? Thx a lot |
BlackDex
added
the
troubleshooting
|
I faced a similiar Problem when deploying vaultwarden (still bitwarden_rs back then) behind an reverse proxy using an apache und CentOS. As far as i understand your configuration correctly you still let vaultwarden handle the ssl encryption, right? Client <-> Proxy = SSL Encrypted This should still be fine from a security perspective as far as i know and this is also referrd to in the wiki: "Note that when you put vaultwarden behind a reverse proxy, the connections between the reverse proxy and vaultwarden are typically assumed to be going through a secure private network, and thus do not need to be encrypted. The examples below assume you are running in this configuration, in which case you should not enable the HTTPS functionality built into vaultwarden (i.e., you should not set the ROCKET_TLS environment variable). If you do, connections will fail since the reverse proxy is using HTTP to connect to vaultwarden, but you're configuring vaultwarden to expect HTTPS." |
|
Hi Bokkabonga, However, I will try to disable ROCKET_TLS and check if the problem is caused by this setting. Thx a lot |
|
I have removed the ROCLKET_TLS Settings and the problem remain: if the domain setting is present, the server responds 404 |
|
Can you show us your Port mapping for the Docker Container? Or did i miss it in your original post? |
|
I have mapped: |
|
How excactly did you map this in your Docker-Compose? I remember someone facing a similiar problem in the forum who fixed it by changing his port mapping from: Ports:
To: Ports:
I´m not sure however if this is a possible solution for you, but might me worth a shot. |
|
hi, thx |
|
Ah Sorry if this was misleading. I was rather reffering to adding 127.0.0.1 to the mapping, not changing the Port! |
|
So this is my docker port mapping, which one do you propose to bind to localhost? "port_bindings" : [ |
|
If i understand this correctly i would suggest the following: "port_bindings" : [ |
|
thx for the tip ... but it doesnt wortk how can i troubleshoot this, the debug log doesn't help. what can i do within the container? |
|
You might want to set the Log_Level env to "debug" or even "trace" to get more detailed logfiles. |
|
I'm seeing the same issue, when I configure my url to be https://example.com/bitwarden/ rocket seems to generate bitwarden/api/xxx routes however the normal routes should still be in place because I have bitwarden running on http://0.0.0.:8000 and have it behind an nginx proxy that makes it available at https://example.com/bitwarden/ setting the url in the config to https://example.com/ makes bitwarden work, however the admin interface then does not work. So at the moment I have the workaround but this makes the admin interface not work, which I actually need to work... is there a way to set domain_origin in the config file? |
You can't mix/match different entry-points. We need the full actual URL for all items to work. We need to full URL because of e-mails which are sent which need that. |
|
@BlackDex Sure, I understand, that is exactly what I am trying to do, however, it doesn't work. If I put it shoudn't put the So that configuration gives a 404 Are you saying I should then configure the reverse proxy to handle request to I don't have a mail server installed, so the urls in the mails are not important to me at the moment. If I put |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
FIRST OF ALL THX A LOT FOR YOUR GREAT PROJECT!!!
Subject of the issue
I can start valutwarden successfully with the default "http://localhost" domain URL setting .
When it is running I can configure the domain url in the admin portal to use my proxy's real name https://foo.bar/bitwarden.
Valutwarden is then working perfect, 2FA mails contain the right urls, all clients connect successfully.
When I restart the docker container, I get the following error and the docker instance does not work:
"404: Not Found
The requested resource could not be found.
Rocket"
bitwarden.log
[2021-05-12 19:41:51.859][start][INFO] Rocket has launched from https://0.0.0.0:80
[2021-05-12 19:41:54.274][request][INFO] GET /admin/
[2021-05-12 19:41:54.274][response][INFO] 404 Not Found
When I disable the domain setting in config.json I can restart and set the url again through the admin panel. Everything works again. So everything is perfect, except I cannot reboot without getting stuck.
Is there some startup routine that checks the ssl cert or domain url?
I have tried to configure log_level=debug & EXTENDED_LOGGING=true but cannot generate any debug logging on the issue.
Thx a lot and looking foreward for your help!
Deployment environment
Webserver in the internet, running with apache as proxy for domain https://foo.bar/bitwarden, default ssl port 443. Letsencrypt SSL certs.
Port forwarding from the webserver to my local (ISP) synology with docker (443 to 5555)
Vaultwarden running as docker image, port mapping 80 -> 5555. Rocket_TLS certs copy of the webserver installed
Install method: Docker image on synology
Clients used: mobile, firefox
Reverse proxy and version:
Server version: Apache/2.4.6 (CentOS)
Server built: Nov 16 2020 16:18:20
Other relevant details:
Your environment (Generated via diagnostics page)
Config (Generated via diagnostics page)
{ "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_ip_header_enabled": true, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_max_conns": 10, "database_url": "****/**.*******", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "https://foo.bar/bitwarden/", "domain_origin": https://foo.bar/, "domain_path": "/bitwarden", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "enable_db_wal": true, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "invitation_org_name": "*****", "invitations_allowed": false, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "org_attachment_limit": null, "org_creation_users": "****@*******.**", "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sends_folder": "data/sends", "show_password_hint": true, "signups_allowed": true, "signups_domains_whitelist": "", "signups_verify": true, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_explicit_tls": true, "smtp_from": "****@*******.**", "smtp_from_name": "Bitwarden", "smtp_host": "****.****.***", "smtp_password": "***", "smtp_port": 465, "smtp_ssl": true, "smtp_timeout": 15, "smtp_username": "****@*******.**", "templates_folder": "data/templates", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": false, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null }docker env variables:
"ROCKET_TLS" = "{certs="/ssl/live/foo.bar/fullchain.pem",key="/ssl/live/foo.bar/privkey.pem"}"
"ROCKET_LIMITS", "{json=104857600}"
Docker volumes
/ssl -> points to a copy of the webservers certs
/data
The text was updated successfully, but these errors were encountered: