You are not logged in.

#1 2022-09-16 04:35:13

Inxsible
Forum Fellow
From: Chicago
Registered: 2008-06-09
Posts: 9,183

[SOLVED] vaultwarden-web not working since update to 2022.9.2-1

I updated vaultwarden-web to the latest and since then all I get is 503 Service is Unavailable in the browser.

My /etc/vaultwarden.env has the following enabled:

DATA_FOLDER=/var/lib/vaultwarden

 WEB_VAULT_FOLDER=/usr/share/webapps/vaultwarden-web
WEB_VAULT_ENABLED=true

LOG_FILE=/var/log/vaultwarden.log

LOG_LEVEL=Info

I did set the log level to debug, but it didn't show anything useful in the logs (vaultwarden.log or journalctl) to help me pinpoint the issue
systemctl status vaultwarden shows:

 vaultwarden.service - Vaultwarden Server
     Loaded: loaded (/usr/lib/systemd/system/vaultwarden.service; enabled; preset: disabled)
     Active: active (running) since Fri 2022-09-16 04:01:19 UTC; 29min ago
       Docs: https://github.com/dani-garcia/vaultwarden
   Main PID: 996 (vaultwarden)
      Tasks: 8 (limit: 38403)
     Memory: 7.3M
        CPU: 86ms
     CGroup: /system.slice/vaultwarden.service
             └─996 /usr/bin/vaultwarden

Sep 16 04:01:19 vaultwarden vaultwarden[996]: |                           Version 1.25.2                           |
Sep 16 04:01:19 vaultwarden vaultwarden[996]: |--------------------------------------------------------------------|
Sep 16 04:01:19 vaultwarden vaultwarden[996]: | This is an *unofficial* Bitwarden implementation, DO NOT use the   |
Sep 16 04:01:19 vaultwarden vaultwarden[996]: | official channels to report bugs/features, regardless of client.   |
Sep 16 04:01:19 vaultwarden vaultwarden[996]: | Send usage/configuration questions or feature requests to:         |
Sep 16 04:01:19 vaultwarden vaultwarden[996]: |   https://vaultwarden.discourse.group/                             |
Sep 16 04:01:19 vaultwarden vaultwarden[996]: | Report suspected bugs/issues in the software itself at:            |
Sep 16 04:01:19 vaultwarden vaultwarden[996]: |   https://github.com/dani-garcia/vaultwarden/issues/new            |
Sep 16 04:01:19 vaultwarden vaultwarden[996]: \--------------------------------------------------------------------/
Sep 16 04:01:19 vaultwarden vaultwarden[996]: [2022-09-16 04:01:19.123][start][INFO] Rocket has launched from http://127.0.0.1:8000

I do have HAProxy on Opnsense as a reverse proxy which also handles SSL offloading, but nothing has changed in it's setup since many months. I just upgraded vaultwarden-web and then rebooted the LXC container where vaultwarden is installed.

Can someone help me out. I have been at it since the entire day and finally have just exhausted all the things that I could think of....

Thanks in advance.

Last edited by Inxsible (2022-09-18 21:17:26)


Forum Rules

There's no such thing as a stupid question, but there sure are a lot of inquisitive idiots !

Offline

#2 2022-09-16 20:27:59

Inxsible
Forum Fellow
From: Chicago
Registered: 2008-06-09
Posts: 9,183

Re: [SOLVED] vaultwarden-web not working since update to 2022.9.2-1

As a test I installed vaultwarden on my Arch desktop and I am able to get to the web-vault just fine using http://localhost:8000. I cannot login of course since there’s no SSL, but atleast the web-vault works.

However, even when I create a new Arch container and install vaultwarden fresh in the LXC, I still cannot get to the web-vault login screen.

If I use http://IP:8000, all I get is ERR_CONNECTION_REFUSED but if I change the IP address of the vaultwarden config in HAProxy to point to this new container and then try https://bitwarden.mydomain.com, I get 503 Service Unavailable

mad

Is there a setting somewhere that enables the access from a machine other than localhost in the new web-vault version that I might have missed?Again this was working just fine until I upgraded and then rebooted which is why I am clueless as to what happened.


Forum Rules

There's no such thing as a stupid question, but there sure are a lot of inquisitive idiots !

Offline

#3 2022-09-17 15:44:58

Inxsible
Forum Fellow
From: Chicago
Registered: 2008-06-09
Posts: 9,183

Re: [SOLVED] vaultwarden-web not working since update to 2022.9.2-1

In case this is an issue with the proxy rather than vaultwarden, here's my HAProxy config as well. I have a single frontend handling all the services on my network

# Frontend: https (HAProxy  Public Service for all LAN services)
frontend https
    http-response set-header Strict-Transport-Security "max-age=15768000"
    bind 192.168.1.1:443 name 192.168.1.1:443 ssl prefer-client-ciphers ssl-min-ver TLSv1.2 ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256 ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 crt-list /tmp/haproxy/ssl/605e453acf0e75.09310296.certlist 
    mode http
    option http-keep-alive
    option forwardfor
    # tuning options
    timeout client 30s


# ACL: vaultwarden
    acl acl_6262b203e87748.93053062 hdr_reg(host) ^[^\.]+warden\.mydomain\.com$


# ACTION: vaultwarden
    use_backend vaultwarden if acl_6262b203e87748.93053062

# Backend: vaultwarden ()
backend vaultwarden
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m  
    stick on src
    # tuning options
    timeout connect 30s
    timeout server 30s
    http-reuse safe
    server vaultwarden 192.168.1.25:8000 

As you can see the proxy setup is pretty basic and it used to work just fine for the past 3+ years.

Last edited by Inxsible (2022-09-17 16:04:02)


Forum Rules

There's no such thing as a stupid question, but there sure are a lot of inquisitive idiots !

Offline

#4 2022-09-18 21:17:07

Inxsible
Forum Fellow
From: Chicago
Registered: 2008-06-09
Posts: 9,183

Re: [SOLVED] vaultwarden-web not working since update to 2022.9.2-1

Seems the fix was to add the IP address of the container to the ROCKET_ADDRESS in the env file. If the ROCKET_ADDRESS is using 0.0.0.0 or 127.0.0.1, then you can only access it using localhost:8000 or 127.0.0.1:8000.

Once I put in the IP address of the LXC container as ROCKET_ADDRESS, I was able to access the web-vault from a different machine. Seems this was a change in between versions 2022-6-2 and 2022-9-2 as until 2022-6-2, I had never changed the default value of ROCKET_ADDRESS


Forum Rules

There's no such thing as a stupid question, but there sure are a lot of inquisitive idiots !

Offline

Board footer

Powered by FluxBB