Mobile Push Notification registration returns HTTP 405 for EU data region

[Kaskadee]

Subject of the issue

Following the instructions at https://github.com/dani-garcia/vaultwarden/wiki/Enabling-Mobile-Client-push-notification for using mobile push notifications with the EU data region causes a 405 Method Not Allowed when Vaultwarden attempts to register the device:

PUSH_ENABLED=true
PUSH_INSTALLATION_ID=<Installation ID - EU Data Region>
PUSH_INSTALLATION_KEY=<key>
PUSH_RELAY_URI=https://push.bitwarden.eu
PUSH_IDENTITY_URI=https://identity.bitwarden.eu

[2024-06-03 20:42:54.643][request][INFO] PUT /api/devices/identifier/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/token
[2024-06-03 20:42:55.129][vaultwarden::api::push][ERROR] An error occured while proceeding registration of a device: HTTP status client error (405 Method Not Allowed) for url (https://api.bitwarden.eu/push/register)

Removing PUSH_RELAY_URI + PUSH_IDENTITY_URI and regenerating a new installation ID + key in the US data region works fine:

PUSH_ENABLED=true
PUSH_INSTALLATION_ID=<Installation ID - US Data Region>
PUSH_INSTALLATION_KEY=<new key>

[2024-06-03 20:52:42.720][request][INFO] PUT /api/devices/identifier/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/token
[2024-06-03 20:52:43.291][response][INFO] (put_device_token) PUT /api/devices/identifier/<uuid>/token => 200 OK

Deployment environment

Your environment (Generated via diagnostics page)

• Vaultwarden version: v1.30.5
• Web-vault version: v2024.1.2b
• OS/Arch: linux/x86_64
• Running within a container: true (Base: Alpine)
• Environment settings overridden: false
• Uses a reverse proxy: true
• IP Header check: true (X-Real-IP)
• Internet access: true
• Internet access via a proxy: false
• DNS Check: true
• Browser/Server Time Check: true
• Server/NTP Time Check: true
• Domain Configuration Check: true
• HTTPS Check: true
• Database type: PostgreSQL
• Database version: PostgreSQL 16.3 on x86_64-pc-linux-musl, compiled by gcc (Alpine 13.2.1_git20240309) 13.2.1 20240309, 64-bit
• Clients used: Android 14 / App version: 2024.4.0
• Reverse proxy and version: Traefik v3.01
• Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden:

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_smtp_img_src": "cid:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "**********://*******************************************************************************************************************************************************************************************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://*****************",
  "domain_origin": "*****://*****************",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "experimental_client_feature_flags": "fido2-vault-credentials",
  "extended_logging": true,
  "helo_name": "***********",
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "***********",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": "/data/vaultwarden.log",
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": 100000,
  "org_creation_users": "",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 100000,
  "push_enabled": true,
  "push_identity_uri": "https://identity.bitwarden.eu",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.eu",
  "reload_templates": false,
  "require_device_email": true,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": true,
  "signups_verify_resend_limit": 3,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": "Login",
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "***********************",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "****************",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 30,
  "smtp_username": "*************************",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": 50000,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": false,
  "websocket_port": 3012,
  "yubico_client_id": "65845",
  "yubico_secret_key": "***",
  "yubico_server": "https://api2.yubico.com/"
}

Steps to reproduce

Expected behaviour

Mobile Push Notifications with the EU data region work the same as with the US data region

Actual behaviour

Device registration returns 405 Method Not Allowed

Troubleshooting data

See the log entries above.

[CTXP]

I have the same Issue, I just set this up and was wondering why it isn't working and found the same error message in my logs.

[stefan0xC]

Hm... not sure what's wrong. Here's a LOG_LEVEL=debug log of the registration attempt:

[2024-06-03 21:56:33.834][request][INFO] PUT /api/devices/identifier/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/token
[2024-06-03 21:56:33.837][vaultwarden::api::push][DEBUG] Registering Device xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
[2024-06-03 21:56:33.846][reqwest::connect][DEBUG] starting new connection: https://identity.bitwarden.eu/
[2024-06-03 21:56:33.847][hyper_util::client::legacy::connect::dns][DEBUG] resolving host="identity.bitwarden.eu"
[2024-06-03 21:56:33.877][hyper_util::client::legacy::connect::http][DEBUG] connecting to 199.232.17.91:443
[2024-06-03 21:56:33.892][hyper_util::client::legacy::connect::http][DEBUG] connected to 199.232.17.91:443
[2024-06-03 21:56:33.911][h2::client][DEBUG] binding client connection
[2024-06-03 21:56:33.911][h2::client][DEBUG] client connection bound
[2024-06-03 21:56:33.911][h2::codec::framed_write][DEBUG] send frame=Settings { flags: (0x0), enable_push: 0, initial_window_size: 2097152, max_frame_size: 16384, max_header_list_size: 16384 }
[2024-06-03 21:56:33.911][h2::proto::connection][DEBUG] Connection; peer=Client
[2024-06-03 21:56:33.911][hyper_util::client::legacy::pool][DEBUG] pooling idle connection for ("https", identity.bitwarden.eu)
[2024-06-03 21:56:33.912][h2::codec::framed_write][DEBUG] send frame=WindowUpdate { stream_id: StreamId(0), size_increment: 5177345 }
[2024-06-03 21:56:33.917][h2::codec::framed_write][DEBUG] send frame=Headers { stream_id: StreamId(1), flags: (0x4: END_HEADERS) }
[2024-06-03 21:56:33.918][h2::codec::framed_write][DEBUG] send frame=Data { stream_id: StreamId(1), flags: (0x1: END_STREAM) }
[2024-06-03 21:56:33.923][h2::codec::framed_read][DEBUG] received frame=Settings { flags: (0x0), max_concurrent_streams: 100 }
[2024-06-03 21:56:33.923][h2::codec::framed_write][DEBUG] send frame=Settings { flags: (0x1: ACK) }
[2024-06-03 21:56:33.923][h2::codec::framed_read][DEBUG] received frame=WindowUpdate { stream_id: StreamId(0), size_increment: 16711681 }
[2024-06-03 21:56:33.923][h2::codec::framed_read][DEBUG] received frame=Settings { flags: (0x1: ACK) }
[2024-06-03 21:56:33.924][h2::proto::settings][DEBUG] received settings ACK; applying Settings { flags: (0x0), enable_push: 0, initial_window_size: 2097152, max_frame_size: 16384, max_header_list_size: 16384 }
[2024-06-03 21:56:34.032][h2::codec::framed_read][DEBUG] received frame=Headers { stream_id: StreamId(1), flags: (0x4: END_HEADERS) }
[2024-06-03 21:56:34.032][h2::codec::framed_read][DEBUG] received frame=Data { stream_id: StreamId(1) }
[2024-06-03 21:56:34.032][h2::codec::framed_read][DEBUG] received frame=Data { stream_id: StreamId(1), flags: (0x1: END_STREAM) }
[2024-06-03 21:56:34.033][vaultwarden::api::push][DEBUG] Token still valid for 43199
[2024-06-03 21:56:34.033][reqwest::connect][DEBUG] starting new connection: https://push.bitwarden.eu/
[2024-06-03 21:56:34.033][hyper_util::client::legacy::connect::dns][DEBUG] resolving host="push.bitwarden.eu"
[2024-06-03 21:56:34.058][hyper_util::client::legacy::connect::http][DEBUG] connecting to [2606:4700:3035::6815:195f]:443
[2024-06-03 21:56:34.072][hyper_util::client::legacy::connect::http][DEBUG] connected to [2606:4700:3035::6815:195f]:443
[2024-06-03 21:56:34.095][h2::client][DEBUG] binding client connection
[2024-06-03 21:56:34.096][h2::client][DEBUG] client connection bound
[2024-06-03 21:56:34.096][h2::codec::framed_write][DEBUG] send frame=Settings { flags: (0x0), enable_push: 0, initial_window_size: 2097152, max_frame_size: 16384, max_header_list_size: 16384 }
[2024-06-03 21:56:34.096][h2::proto::connection][DEBUG] Connection; peer=Client
[2024-06-03 21:56:34.096][hyper_util::client::legacy::pool][DEBUG] pooling idle connection for ("https", push.bitwarden.eu)
[2024-06-03 21:56:34.096][h2::codec::framed_write][DEBUG] send frame=WindowUpdate { stream_id: StreamId(0), size_increment: 5177345 }
[2024-06-03 21:56:34.096][h2::codec::framed_write][DEBUG] send frame=Headers { stream_id: StreamId(1), flags: (0x4: END_HEADERS) }
[2024-06-03 21:56:34.097][h2::codec::framed_write][DEBUG] send frame=Data { stream_id: StreamId(1), flags: (0x1: END_STREAM) }
[2024-06-03 21:56:34.107][h2::codec::framed_read][DEBUG] received frame=Settings { flags: (0x0), max_concurrent_streams: 100, initial_window_size: 65536, max_frame_size: 16777215 }
[2024-06-03 21:56:34.107][h2::codec::framed_write][DEBUG] send frame=Settings { flags: (0x1: ACK) }
[2024-06-03 21:56:34.108][h2::codec::framed_read][DEBUG] received frame=WindowUpdate { stream_id: StreamId(0), size_increment: 2147418112 }
[2024-06-03 21:56:34.108][h2::codec::framed_read][DEBUG] received frame=Settings { flags: (0x1: ACK) }
[2024-06-03 21:56:34.108][h2::proto::settings][DEBUG] received settings ACK; applying Settings { flags: (0x0), enable_push: 0, initial_window_size: 2097152, max_frame_size: 16384, max_header_list_size: 16384 }
[2024-06-03 21:56:34.140][h2::codec::framed_read][DEBUG] received frame=Headers { stream_id: StreamId(1), flags: (0x5: END_HEADERS | END_STREAM) }
[2024-06-03 21:56:34.141][reqwest::async_impl::client][DEBUG] redirecting 'https://push.bitwarden.eu/push/register' to 'https://api.bitwarden.eu/push/register'
[2024-06-03 21:56:34.141][reqwest::connect][DEBUG] starting new connection: https://api.bitwarden.eu/
[2024-06-03 21:56:34.142][hyper_util::client::legacy::connect::dns][DEBUG] resolving host="api.bitwarden.eu"
[2024-06-03 21:56:34.159][hyper_util::client::legacy::connect::http][DEBUG] connecting to 199.232.17.91:443
[2024-06-03 21:56:34.172][hyper_util::client::legacy::connect::http][DEBUG] connected to 199.232.17.91:443
[2024-06-03 21:56:34.190][h2::client][DEBUG] binding client connection
[2024-06-03 21:56:34.191][h2::client][DEBUG] client connection bound
[2024-06-03 21:56:34.191][h2::codec::framed_write][DEBUG] send frame=Settings { flags: (0x0), enable_push: 0, initial_window_size: 2097152, max_frame_size: 16384, max_header_list_size: 16384 }
[2024-06-03 21:56:34.191][h2::proto::connection][DEBUG] Connection; peer=Client
[2024-06-03 21:56:34.191][hyper_util::client::legacy::pool][DEBUG] pooling idle connection for ("https", api.bitwarden.eu)
[2024-06-03 21:56:34.191][h2::codec::framed_write][DEBUG] send frame=WindowUpdate { stream_id: StreamId(0), size_increment: 5177345 }
[2024-06-03 21:56:34.192][h2::codec::framed_write][DEBUG] send frame=Headers { stream_id: StreamId(1), flags: (0x5: END_HEADERS | END_STREAM) }
[2024-06-03 21:56:34.202][h2::codec::framed_read][DEBUG] received frame=Settings { flags: (0x0), max_concurrent_streams: 100 }
[2024-06-03 21:56:34.202][h2::codec::framed_write][DEBUG] send frame=Settings { flags: (0x1: ACK) }
[2024-06-03 21:56:34.202][h2::codec::framed_read][DEBUG] received frame=WindowUpdate { stream_id: StreamId(0), size_increment: 16711681 }
[2024-06-03 21:56:34.202][h2::codec::framed_read][DEBUG] received frame=Settings { flags: (0x1: ACK) }
[2024-06-03 21:56:34.202][h2::proto::settings][DEBUG] received settings ACK; applying Settings { flags: (0x0), enable_push: 0, initial_window_size: 2097152, max_frame_size: 16384, max_header_list_size: 16384 }
[2024-06-03 21:56:34.315][h2::codec::framed_read][DEBUG] received frame=Headers { stream_id: StreamId(1), flags: (0x5: END_HEADERS | END_STREAM) }
[2024-06-03 21:56:34.316][vaultwarden::api::push][ERROR] An error occurred while proceeding registration of a device: HTTP status client error (405 Method Not Allowed) for url (https://api.bitwarden.eu/push/register)
[2024-06-03 21:56:34.317][response][INFO] (put_device_token) PUT /api/devices/identifier/<uuid>/token => 400 Bad Request

If I try to register with PUSH_RELAY_URI=https://api.bitwarden.eu it seems to work. So it might be an issue with the redirection or the reqwest crate?

[Opicka879]

Same issue here. Notification stoped working some time ago but i dont know when exactly. I thought it is problem of android app but today i did try to update from latest release to testing, regenerate push relay uri and push identity uri, clear app cache and it is still not working and now i have same line in the log.

[2024-06-03 23:16:50.384][rocket::server][WARN] Received SIGTERM. Requesting shutdown.
[2024-06-03 23:19:47.637][error][ERROR] 2FA token not provided
[2024-06-03 23:20:06.938][vaultwarden::api::push][ERROR] An error occurred while proceeding registration of a device: HTTP status client error (405 Method Not Allowed) for url (https://api.bitwarden.eu/push/register)
[2024-06-03 23:21:43.193][vaultwarden::api::push][ERROR] An error occurred while proceeding registration of a device: HTTP status client error (405 Method Not Allowed) for url (https://api.bitwarden.eu/push/register)
[2024-06-03 23:22:04.334][vaultwarden::api::icons][WARN] Unable to download icon: Empty response or unable find a valid icon. www.bitbeli.cz
[2024-06-03 23:28:27.016][vaultwarden::api::web][ERROR] Static file not found: jquery-3.7.0.slim.js
[2024-06-03 23:28:27.017][vaultwarden::api::web][ERROR] Static file not found: jdenticon.js
[2024-06-03 23:28:27.695][vaultwarden::api::web][ERROR] Static file not found: jquery-3.7.0.slim.js
[2024-06-03 23:28:27.724][vaultwarden::api::web][ERROR] Static file not found: jdenticon.js
[2024-06-03 23:28:40.444][vaultwarden::api::web][ERROR] Static file not found: jquery-3.7.0.slim.js
[2024-06-03 23:28:40.479][vaultwarden::api::web][ERROR] Static file not found: jdenticon.js
[2024-06-03 23:28:57.530][vaultwarden::api::web][ERROR] Static file not found: jquery-3.7.0.slim.js
[2024-06-03 23:28:57.549][vaultwarden::api::web][ERROR] Static file not found: jdenticon.js
[2024-06-03 23:29:08.124][vaultwarden::api::web][ERROR] Static file not found: jquery-3.7.0.slim.js
[2024-06-03 23:29:08.133][vaultwarden::api::web][ERROR] Static file not found: jdenticon.js
[2024-06-03 23:29:30.136][vaultwarden::api::push][ERROR] An error occurred while proceeding registration of a device: HTTP status client error (405 Method Not Allowed) for url (https://api.bitwarden.eu/push/register)
[2024-06-03 23:30:06.831][vaultwarden::api::push][ERROR] An error occurred while proceeding registration of a device: HTTP status client error (405 Method Not Allowed) for url (https://api.bitwarden.eu/push/register)
[2024-06-03 23:30:34.856][vaultwarden::api::push][ERROR] An error occurred while proceeding registration of a device: HTTP status client error (405 Method Not Allowed) for url (https://api.bitwarden.eu/push/register)
[2024-06-03 23:30:50.318][vaultwarden::api::push][ERROR] An error occurred while proceeding registration of a device: HTTP status client error (405 Method Not Allowed) for url (https://api.bitwarden.eu/push/register)
[2024-06-03 23:35:29.371][vaultwarden::api::web][ERROR] Static file not found: jquery-3.7.0.slim.js
[2024-06-03 23:35:29.398][vaultwarden::api::web][ERROR] Static file not found: jdenticon.js
[2024-06-03 23:35:44.880][vaultwarden::api::web][ERROR] Static file not found: jquery-3.7.0.slim.js
[2024-06-03 23:35:44.897][vaultwarden::api::web][ERROR] Static file not found: jdenticon.js

[Kaskadee]

If I try to register with PUSH_RELAY_URI=https://api.bitwarden.eu it seems to work. So it might be an issue with the redirection or the reqwest crate?

Changing to https://api.bitwarden.eu no longer results in an error message, but it seems that push notifications are still not working? When I tried the US data region, I immediately received the update notification when I created or deleted a folder, but no reaction when using the EU data region.

Could be a problem with Bitwarden though.

[Kaskadee]

Could be a problem with Bitwarden though.

I've just tested creating a new item at https://bitwarden.eu and push notifications are working correctly there.

[Opicka879]

After changing the push relay uri to https://api.bitwarden.eu/ instant changes works for me too and there is no error in log. But i still have no pop-up window with login requests if i want to log in via device. It can be android app bug i quess.

[CTXP]

To fix my problem, I had to explicitly enable web socket support in NPM, this made my realize that using the network tab in the browser helps a ton while debugging errors in Vaultwarden it has much clearer error details!

[ivulit]

I've changed PUSH_RELAY_URI to https://api.bitwarden.eu and push service works again for me

[FlakyPi]

I've changed PUSH_RELAY_URI to https://api.bitwarden.eu and push service works again for me

Same here, everything works again.

[Kaskadee]

I have forgotten to set PUSH_ENABLED back to true, that's why it didn't work :)
It works now with PUSH_RELAY_URI set to https://api.bitwarden.eu/

[Kitchigo]

Yeah, thank you It's working again with "https://api.bitwarden.eu/"

[element0xE]

Updating the docker-compose.yml
from
PUSH_RELAY_URI: https://push.bitwarden.eu
to
PUSH_RELAY_URI: https://api.bitwarden.eu
resolved the issue. Thanks!

Updating the docker-compose.yml and restarting the service with docker compose restrart vaultwarder is not enough.
I had to put the service down with docker compose down vaultwarder and up again with docker compose up -d vaultwarder