BitWarden - self hosted password manager using vaultwarden/server image

Docker BitWarden - self hosted password manager using vaultwarden/server image

Currently reading
Docker BitWarden - self hosted password manager using vaultwarden/server image

You will not get a push notification it will just sync the changes. Are you saying that the changes are not passing at all? Like adding new items, new folder etc.

Again, no push notification will arrive. The github feature name is wrong imho :D
 
You will not get a push notification it will just sync the changes. Are you saying that the changes are not passing at all? Like adding new items, new folder etc.

Again, no push notification will arrive. The github feature name is wrong imho :D
yes, sure. I am talking about live syncing (not a push notification). I opened the same item in the Vautwarden web UI and my mobile app, added some notes to it in web UI, saved, but nothing changed in my mobile app
 
yes, sure. I am talking about live syncing (not a push notification). I opened the same item in the Vautwarden web UI and my mobile app, added some notes to it in web UI, saved, but nothing changed in my mobile app
Check the log of the VW and see if its registering the new push feature as active
 
1689082779971.png

do you think it's OK? right now I just created a NEW FOLDER (which again is not synced into the mobile app, unless I refresh/sync it manually by pulling the screen down)
btw. what is the access_token? is it safe to post it here? :)
 
yes, I am running into the same troubles.

I did add the variables into my config.json (residing in Synology/docker/vaultwarden/)
JSON:
"PUSH_ENABLED" : true,
"PUSH_INSTALLATION_ID" : "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
"PUSH_INSTALLATION_KEY" : "ABC…ABC",


I also removed my old "Evironment Variables" I once set directly in the container "Advanced Settings"
Code:
WEBSOCKET_PORT:        3012
WEBSOCKET_ENABLED:    true

When opening the web-vault, I get
Code:
Error: WebSocket failed to connect. The connection could not be found on the server, either the endpoint may not be a SignalR endpoint, the connection ID is not present on the server, or there is a proxy blocking WebSockets. If you have multiple servers check that sticky sessions are enabled.
in the Developer Console.

Also Push to my iOS App doesnt work.

I'm using Synologys built-in reverse proxy (Login-Portal) and also tried to add the "Custom Header" defaults for WebSocket for my "bitwarden.domain.com:443 > localhost:8280" rule :
Code:
Upgrade : $http_upgrade
Connection : $connection_upgrade
The container ports are unchanged (8280>80, 8212>3012)
But that didn't change anything.

What are we missing?
How may we debug?

Big thanks as always!
paradeiser
 
@paradeiser and @maravac seem that you need to uninstall the client on your phone and install it back, and then it will start working.
For my client (iOS) after uninstalling the bw app client and then logging in, I got a prompt about enabling push notifications, after it started to work.
 
I was having the same problem with my iOS devices and the suggestion from @ilbarone87 worked for me! Although the sync problem was only with the iPad (iPadOS version 16.4.1) and not on my iPhone (iOS version 14.4.2)....very strange!
 
Thanks @Rusty for the push update info. Works great without the 312 port.

A follow-up question. When I launched the update docker-compose.yml, I noticed warnings in the logs:
VhcPXoW.png

Should I simply remove those environmental variables from the compose file? If they are going to be overridden by the admin panel, I don't see their purpose.
 
Thanks @Rusty for the push update info. Works great without the 312 port.

A follow-up question. When I launched the update docker-compose.yml, I noticed warnings in the logs:
VhcPXoW.png

Should I simply remove those environmental variables from the compose file? If they are going to be overridden by the admin panel, I don't see their purpose.
You can remove the signup safely, but keep admin_token that is to access the admin page.
 
Thanks @Rusty for the push update info. Works great without the 312 port.

A follow-up question. When I launched the update docker-compose.yml, I noticed warnings in the logs:
VhcPXoW.png

Should I simply remove those environmental variables from the compose file? If they are going to be overridden by the admin panel, I don't see their purpose.
Well I still use both variables as I have not paid that much attention to the log. Also the admin token has been updated to the new “version” explained by the previous additions to this article. While this is the way vaultwarden does things I would leave it. In terms of signups, again, I haven’t checked if the settings is accessible via the admin page. If so, then I guess it can be removed as @ilbarone87 said.
 
Last edited:
I still use both variables as I have not paid that much attention to the log.
Using your write-up I added argon2 security (also changed my admin password in the process to get the new token). When I recreate the container, I cannot log into the admin panel, and the log still tells me

[NOTICE] You are using a plain text [ICODE]ADMIN_TOKEN which is insecure.[/ICODE]

So... the argon2 password fails, but the token is accepted as the "password" for the admin panel.

What am I missing?

UPDATE1: It's those danged single quote marks. Remove them! and all is good.

Not this:
ADMIN_TOKEN='$$argon2id$$v=19$$m=65540,t=2,p=4$$H5Xns1Juvmy4BR2rB0fRg4yn6O7CdIFRV4mw/J/y4iM$$pejf9RXHz2jYorvspelm5cnD/9Jf/BD6cnikiUASz0U'

But this:
ADMIN_TOKEN=$$argon2id$$v=19$$m=65540,t=2,p=4$$H5Xns1Juvmy4BR2rB0fRg4yn6O7CdIFRV4mw/J/y4iM$$pejf9RXHz2jYorvspelm5cnD/9Jf/BD6cnikiUASz0U
 
Using your write-up I added argon2 security (also changed my admin password in the process to get the new token). When I recreate the container, I cannot log into the admin panel, and the log still tells me

[NOTICE] You are using a plain text [ICODE]ADMIN_TOKEN which is insecure.[/ICODE]

So... the argon2 password fails, but the token is accepted as the "password" for the admin panel.

What am I missing?

UPDATE1: It's those danged single quote marks. Remove them! and all is good.

Not this:
ADMIN_TOKEN='$$argon2id$$v=19$$m=65540,t=2,p=4$$H5Xns1Juvmy4BR2rB0fRg4yn6O7CdIFRV4mw/J/y4iM$$pejf9RXHz2jYorvspelm5cnD/9Jf/BD6cnikiUASz0U'

But this:
ADMIN_TOKEN=$$argon2id$$v=19$$m=65540,t=2,p=4$$H5Xns1Juvmy4BR2rB0fRg4yn6O7CdIFRV4mw/J/y4iM$$pejf9RXHz2jYorvspelm5cnD/9Jf/BD6cnikiUASz0U
Hmm not sure why my steps were with those, considering I use them as well, without them. Tnx for pointing it out. Altered.
 
And today there is the according vaultwarden version online :)

I just wonder if I have to change my manual reverse-proxy .conf now, since "redirect WS traffic to port 3012" is depreciated now?
What would the correct …ReverseProxy.conf look like now?

Thanks!
 
Bitwarden just released the new version that introduces support for passkeys 🎉🎉
And log in with device in previous version as well (that I totally missed).

What would the correct …ReverseProxy.conf look like now?
Depends on your revers proxy platform. Here are the lists of configurations coming in the upcoming 1.31 version where this will be a "breaking change".

Proxy example (updated): Proxy examples

Breaking changes discussion: ⚠️[NOTE] BREAKING CHANGE in upcoming v1.31.0 stable version · dani-garcia/vaultwarden · Discussion #4023
 
And log in with device in previous version as well (that I totally missed).


Depends on your revers proxy platform. Here are the lists of configurations coming in the upcoming 1.31 version where this will be a "breaking change".

Proxy example (updated): Proxy examples

Breaking changes discussion: ⚠️[NOTE] BREAKING CHANGE in upcoming v1.31.0 stable version · dani-garcia/vaultwarden · Discussion #4023
I was referring to your Update about "Bitwarden WebSocket LiveSync" (which is kinda obsolete now).
What would your example there look like now?
Or delete the manual .conf file and just use Synology Reverse Proxy in the DSM? (How configured?)
 
Or delete the manual .conf file and just use Synology Reverse Proxy in the DSM? (How configured?)
From all that is presented in the past few days, yes. Delete any custom configuration and just activate a default websocket support for that particular reverse proxy host record.

I will update this resource with the latest update later today or tomorrow to reflect the 1.30 changes.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top