Vaultwarden doesn't work with DSM 7

[Astradti]

Hi,
i'm trying to setup VaultWarden, but it doesn't work. i can only acces over http, not over https. constantly connection time out or connection closed.
i've setup the ports, created reverse proxy, added a separate certificate, can't seem to get it fixed.
can someone help me or point me in the right direction?

thx

 

[fredbert]

You have to use https://vaultwarden.YOURDDNS.synology.me in order for the reverse proxy to identify the request. Also, check that the new certificate has been assigned to this specific reverse proxy hostname (in Control Panel).

If you want to access using the NAS LAN IP then it's only going to work for HTTP to port 8880.

 

[Telos]

The only RP difference with my set-up is that I have HSTS enabled, and I use the NAS IP instead of "localhost" (this latter thing as nearly always caused me difficulty).

 

[one-eyed-king]

The last screenshot is kind of puzzling...

You try to access the publised local port of the vaultwarden container on the nas-ip:local-port via https - which can not work unless you enabled tls inside vaultwarden (which you try to delegate to the reverse proxy instead).

It is how fredbert wrote: you need to use the "Hostname" that you configured in the reverse proxy's source area..

 

[Astradti]

Hi, even with the DDNS name i get a connection Time out

The certificate has been assigned correctly

 

[fredbert]

When you use your YOURDDNS.synology.me or any other SUB.YOURDDNS.synology.me to access the NAS from the LAN does it work? If not then it could be that your Internet router doesn't support NAT loopback.

You do have a port forwarding (NAT) rule in the Internet router to send all TCP 443 requests to the NAS?

 

[Astradti]

that's it: even internal i can't reach it. i now have modified my windows host file to redirect it and now it works. is there a way to counter that with the synology or not?

 

[fredbert]

You can investigate if your router supports NAT loopback (i.e. if the DNS resolution is to the router's Internet/WAN IP then it NAT's it back to the LAN device, as per prot forwarding rules). Otherwise it's a bit more tricky unless you manually edit you host file, and keep a note to remind yourself. I run DNS Server on the NAS and use if for all my LAN devices: it resolves my personal domain to LAN IPs, everything else it will go and get the Internet IP.

 

[Astradti]

You can investigate if your router supports NAT loopback (i.e. if the DNS resolution is to the router's Internet/WAN IP then it NAT's it back to the LAN device, as per prot forwarding rules). Otherwise it's a bit more tricky unless you manually edit you host file, and keep a note to remind yourself. I run DNS Server on the NAS and use if for all my LAN devices: it resolves my personal domain to LAN IPs, everything else it will go and get the Internet IP.

think i'll need to fix it with a DNS server as well, router doesn't support NAT loopback. Now i'm trying to connect on my iPhone app of Bitwarden to connect: get an SSL error: on local network as on 4G. any idea how to fix that?

 

[fredbert]

I'm guessing that you've port forwarded TCP 443 to the NAS, because it's unlikely that the Let's Encrypt certificate creation would've worked if you had've configured the router.

For BitWarden itself, that's not something I use but other here do.

 

[Rusty]

think i'll need to fix it with a DNS server as well, router doesn't support NAT loopback. Now i'm trying to connect on my iPhone app of Bitwarden to connect: get an SSL error: on local network as on 4G. any idea how to fix that?

This would suggest that your BW instance is not working at all (if you can’t get to it locally).

Have you configured the DOMAIN variable with your public domain name? If so and if your 443 port is forwarded then access from the outside should work.

Also make sure that if you are using the official app, to use the gear icon and set the client to your domain. If you don’t, then the client will want to connect to BW official instance.

 

[Astradti]

This would suggest that your BW instance is not working at all (if you can’t get to it locally).

Have you configured the DOMAIN variable with your public domain name? If so and if your 443 port is forwarded then access from the outside should work.

Also make sure that if you are using the official app, to use the gear icon and set the client to your domain. If you don’t, then the client will want to connect to BW official instance.

On the Syno it works now, i can access it. where do i need to change the DOMAIN variable? port 443 is forwarded.

 

[Rusty]

where do i need to change the DOMAIN variable

Depends on how you have set this up. If you have used the Synology DSM Docker UI, then edit the container and go to the Environment tab and add the DOMAIN as a variable and your public URL as its VALUE.