This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Healthcheck fails if vaultwarden installed in subfolder with domain_path set #2004
Comments
|
You probably need the fix in #1950. It is in the |
|
@sataris, i see you mentioned that you modified the config.json manually. This is not the recommend way, and this also causes the issue you have. From the output i see that the DOMAIN variable does not have the path configured, which is what you need to do. Those other values for the domain are auto generated and non-editable. Since you did this manually, it breaks the config, and thus the health check. Either use env variables, or change the config via the admin interface. |
At the moment I need the webauthn to function more than I need the healthcheck to pass. I'll wait for the fix in #1950 and then reconfigure bitwarden. Thanks! |
|
Well you need both, and the correct config, and that patch. |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Subject of the issue
Using portainer I can see that the healthcheck is failing.
This may be a configuration issue on my end but it doesn't feel like it.
In my scenario I have bitwarden installed in a subfolder (https://domain.com/bitwarden) with yubikey authentication enabled.
The only way I could get the yubikey authentication to work correctly was to ensure that DOMAIN in the config,json contained only the domain eg. "domain": "https://domain.com/" and not the subfolder as noted in #925 and fixed in #927
I was able to work out the health check fails if vaultwarden is hosted on a subfolder, the "domain_path" key is set, and the "domain" key does not contain the subfolder.
This causes the health check to fail as /healthcheck.sh will return
http://localhost:80/aliveas the healthcheck urlI have gotten around this in my installation by taking the domain_path variable from the config.json so my healthcheck url is
http://localhost:80/${domain_path}/aliveI can do a PR if you wish, but the healthcheck script could become a mess with having to deal with paths in both domain and domain_path keys 😄 (and I'm not sure if i'd break anything else)
Deployment environment
Your environment (Generated via diagnostics page)
Config (Generated via diagnostics page)
Show Running Config
Environment settings which are overridden: SIGNUPS_ALLOWED, INVITATIONS_ALLOWED, ADMIN_TOKEN
{ "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": false, "_enable_smtp": true, "_enable_yubico": true, "_ip_header_enabled": true, "admin_token": "*****", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_max_conns": 10, "database_url": "******/**.*******", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://******.***", "domain_origin": "*****://******.***", "domain_path": "/****", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "enable_db_wal": true, "extended_logging": false, "helo_name": null, "hibp_api_key": "*******", "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "invitation_org_name": "Bitwarden_RS", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "WARN", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "org_attachment_limit": null, "org_creation_users": "", "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": true, "signups_allowed": false, "signups_domains_whitelist": "******.***", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_explicit_tls": false, "smtp_from": "*******@******.***", "smtp_from_name": "*** ***", "smtp_host": "****.******.***", "smtp_password": "******", "smtp_port": 587, "smtp_ssl": true, "smtp_timeout": 15, "smtp_username": "*******@******.***", "templates_folder": "data/templates", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": true, "websocket_port": 3012, "yubico_client_id": "67046", "yubico_secret_key": "*******", "yubico_server": null }Steps to reproduce
Install vaultwarden on a subfolder
enable yubikey on an account
set DOMAIN to a FQDN without a subfolder (http://abc.com/)
set DOMAIN_PATH to the subfolder (/bitwarden)
Healthcheck.sh will return http://localhost:80/alive (and fail) and Yubikey will authenticate
I'm raising this because I don't want to choose between yubikey authentication and the healthcheck
Expected behaviour
Healthcheck.sh should build the correct healthcheck url when domain and domain_path are specified in config.json
Actual behaviour
Healthcheck sh returns 404 not found and completely disregards the setting of domain_path.
Troubleshooting data
The text was updated successfully, but these errors were encountered: