You are not logged in.
I updated vaultwarden-web to the latest and since then all I get is 503 Service is Unavailable in the browser.
My /etc/vaultwarden.env has the following enabled:
DATA_FOLDER=/var/lib/vaultwarden
WEB_VAULT_FOLDER=/usr/share/webapps/vaultwarden-web
WEB_VAULT_ENABLED=true
LOG_FILE=/var/log/vaultwarden.log
LOG_LEVEL=InfoI did set the log level to debug, but it didn't show anything useful in the logs (vaultwarden.log or journalctl) to help me pinpoint the issue
systemctl status vaultwarden shows:
vaultwarden.service - Vaultwarden Server
Loaded: loaded (/usr/lib/systemd/system/vaultwarden.service; enabled; preset: disabled)
Active: active (running) since Fri 2022-09-16 04:01:19 UTC; 29min ago
Docs: https://github.com/dani-garcia/vaultwarden
Main PID: 996 (vaultwarden)
Tasks: 8 (limit: 38403)
Memory: 7.3M
CPU: 86ms
CGroup: /system.slice/vaultwarden.service
└─996 /usr/bin/vaultwarden
Sep 16 04:01:19 vaultwarden vaultwarden[996]: | Version 1.25.2 |
Sep 16 04:01:19 vaultwarden vaultwarden[996]: |--------------------------------------------------------------------|
Sep 16 04:01:19 vaultwarden vaultwarden[996]: | This is an *unofficial* Bitwarden implementation, DO NOT use the |
Sep 16 04:01:19 vaultwarden vaultwarden[996]: | official channels to report bugs/features, regardless of client. |
Sep 16 04:01:19 vaultwarden vaultwarden[996]: | Send usage/configuration questions or feature requests to: |
Sep 16 04:01:19 vaultwarden vaultwarden[996]: | https://vaultwarden.discourse.group/ |
Sep 16 04:01:19 vaultwarden vaultwarden[996]: | Report suspected bugs/issues in the software itself at: |
Sep 16 04:01:19 vaultwarden vaultwarden[996]: | https://github.com/dani-garcia/vaultwarden/issues/new |
Sep 16 04:01:19 vaultwarden vaultwarden[996]: \--------------------------------------------------------------------/
Sep 16 04:01:19 vaultwarden vaultwarden[996]: [2022-09-16 04:01:19.123][start][INFO] Rocket has launched from http://127.0.0.1:8000I do have HAProxy on Opnsense as a reverse proxy which also handles SSL offloading, but nothing has changed in it's setup since many months. I just upgraded vaultwarden-web and then rebooted the LXC container where vaultwarden is installed.
Can someone help me out. I have been at it since the entire day and finally have just exhausted all the things that I could think of....
Thanks in advance.
Last edited by Inxsible (2022-09-18 21:17:26)
There's no such thing as a stupid question, but there sure are a lot of inquisitive idiots !
Offline
As a test I installed vaultwarden on my Arch desktop and I am able to get to the web-vault just fine using http://localhost:8000. I cannot login of course since there’s no SSL, but atleast the web-vault works.
However, even when I create a new Arch container and install vaultwarden fresh in the LXC, I still cannot get to the web-vault login screen.
If I use http://IP:8000, all I get is ERR_CONNECTION_REFUSED but if I change the IP address of the vaultwarden config in HAProxy to point to this new container and then try https://bitwarden.mydomain.com, I get 503 Service Unavailable
![]()
Is there a setting somewhere that enables the access from a machine other than localhost in the new web-vault version that I might have missed?Again this was working just fine until I upgraded and then rebooted which is why I am clueless as to what happened.
There's no such thing as a stupid question, but there sure are a lot of inquisitive idiots !
Offline
In case this is an issue with the proxy rather than vaultwarden, here's my HAProxy config as well. I have a single frontend handling all the services on my network
# Frontend: https (HAProxy Public Service for all LAN services)
frontend https
http-response set-header Strict-Transport-Security "max-age=15768000"
bind 192.168.1.1:443 name 192.168.1.1:443 ssl prefer-client-ciphers ssl-min-ver TLSv1.2 ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256 ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 crt-list /tmp/haproxy/ssl/605e453acf0e75.09310296.certlist
mode http
option http-keep-alive
option forwardfor
# tuning options
timeout client 30s
# ACL: vaultwarden
acl acl_6262b203e87748.93053062 hdr_reg(host) ^[^\.]+warden\.mydomain\.com$
# ACTION: vaultwarden
use_backend vaultwarden if acl_6262b203e87748.93053062
# Backend: vaultwarden ()
backend vaultwarden
# health checking is DISABLED
mode http
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
# tuning options
timeout connect 30s
timeout server 30s
http-reuse safe
server vaultwarden 192.168.1.25:8000 As you can see the proxy setup is pretty basic and it used to work just fine for the past 3+ years.
Last edited by Inxsible (2022-09-17 16:04:02)
There's no such thing as a stupid question, but there sure are a lot of inquisitive idiots !
Offline
Seems the fix was to add the IP address of the container to the ROCKET_ADDRESS in the env file. If the ROCKET_ADDRESS is using 0.0.0.0 or 127.0.0.1, then you can only access it using localhost:8000 or 127.0.0.1:8000.
Once I put in the IP address of the LXC container as ROCKET_ADDRESS, I was able to access the web-vault from a different machine. Seems this was a change in between versions 2022-6-2 and 2022-9-2 as until 2022-6-2, I had never changed the default value of ROCKET_ADDRESS
There's no such thing as a stupid question, but there sure are a lot of inquisitive idiots !
Offline