404 on initial account creation without docker

Help
1

I’m trying to set up Vaultwarden without Docker and I’m extremely confused by all the moving pieces. I’m hoping I can get some insight here to point me in the right direction.

I surprisingly found Vaultwarden in DNF, so of course I installed it through there. I set up the config file in /etc/vaultwarden (not config.json), downloaded the compiled web client and pointed Caddy at it on vw.domain.com and set the service to use the same domain. That lead to 404 errors when submitting the sign up form. I tried to add a subpath /api to the service domain and had Caddy reverse proxy those requests to the port running rocket but the issue persists.

While testing with curl, I noticed two different 404 errors on rocket. Well 3 if you count rocket’s own 404 page. Some URIs return a regular 404 page while others return a slightly different one with {{404}}{{error}} formatting at the end, which looks like API stuff. The documentation hasn’t been very helpful.

Is web_vault different from the web client? Do I need the web client when I have web_vault enabled? I have it pointed at the web client’s web root. What about the vaultwarden web dependency that was installed via DNF?

What I installed:

vaultwarden x86_64 1.30.5-1.el9      epel      8.4 M
Installing dependencies:
vaultwarden-web noarch 2024.5.1-1.el9    epel       7.4 M

My config file:

DATA_FOLDER=/var/www/html/vw/data
WEB_VAULT_FOLDER=/var/www/html/vw
WEB_VAULT_ENABLED=true
#default to %DATA_FOLDER%/db.sqlite3
DOMAIN=https://vw.domain.com/
INCOMPLETE_2FA_TIME_LIMIT=3
SIGNUPS_ALLOWED=true
SIGNUP_DOMAINS_WHITELIST=domain.com
EMERGENCY_ACCESS_ALLOWED=true
PASSWORD_HINTS_ALLOWED=true
ADMIN_TOKEN=[redacted]
ROCKET_PORT=1234

Caddy site block:

vw.domain.com {
        tls {
                dns cloudflare [redacted]
                resolvers 1.1.1.1
        } 
        header {
                X-Content-Type-Options "nosniff"
                Referrer-Policy "strict-origin-when-cross-origin"
                Permissions-Policy "interest-cohort=(),gyroscope=(self),fullscreen=(self)"
                Access-Control-Allow-Origin "*"
                Referrer-Policy "no-referrer"
                X-Permitted-Cross-Domain-Policies "none"
                X-XSS-Protection "0"
        }
        import headers
        encode zstd gzip
        root * /var/www/html/vw
        php_fastcgi unix//run/php-fpm/www.sock
        #       php_server
        file_server
        reverse_proxy /api/* localhost:1234 {
                header_up X-Real-IP {http.request.header.Cf-Connecting-Ip}
        }
        log {
                level INFO
                output file /var/www/html/vw/caddy.log {
                        roll_size 10MB
                        roll_keep 10
                }
        }
}

Logs:

Jul 21 18:38:24 vaultwarden[558057]: [INFO] Using environment file /etc/vaultwarden/vaultwarden.cfg for configuration.
Jul 21 18:38:24 vaultwarden[558057]: [2024-07-21 18:38:24.897][start][INFO] Rocket has launched from http://127.0.0.1:1234
Jul 21 18:41:06 vaultwarden[558057]: [2024-07-21 18:41:06.223][request][INFO] GET /api/identity/accounts/register
Jul 21 18:41:06 vaultwarden[558057]: [2024-07-21 18:41:06.226][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found
Jul 21 18:41:56 vaultwarden[558057]: [2024-07-21 18:41:56.651][request][INFO] GET /identity/accounts/register
Jul 21 18:41:56 vaultwarden[558057]: [2024-07-21 18:41:56.654][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found
Jul 21 18:42:11 vaultwarden[558057]: [2024-07-21 18:42:11.140][request][INFO] GET /api/identity/accounts/register
Jul 21 18:42:11 vaultwarden[558057]: [2024-07-21 18:42:11.142][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found
Jul 21 18:42:27 vaultwarden[558057]: [2024-07-21 18:42:27.043][request][INFO] GET /identity/accounts/register
Jul 21 18:42:27 vaultwarden[558057]: [2024-07-21 18:42:27.046][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found
Jul 21 18:42:35 vaultwarden[558057]: [2024-07-21 18:42:35.733][request][INFO] GET /api/identity/accounts/register
Jul 21 18:42:35 vaultwarden[558057]: [2024-07-21 18:42:35.733][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found
Jul 21 18:42:45 vaultwarden[558057]: [2024-07-21 18:42:45.056][request][INFO] GET /identity/accounts/register
Jul 21 18:42:45 vaultwarden[558057]: [2024-07-21 18:42:45.056][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found
Jul 21 18:42:53 vaultwarden[558057]: [2024-07-21 18:42:53.453][request][INFO] GET /identity/accounts
Jul 21 18:42:53 vaultwarden[558057]: [2024-07-21 18:42:53.455][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found
Jul 21 18:42:58 vaultwarden[558057]: [2024-07-21 18:42:58.097][request][INFO] GET /identity
Jul 21 18:42:58 vaultwarden[558057]: [2024-07-21 18:42:58.097][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found
Jul 21 18:43:08 vaultwarden[558057]: [2024-07-21 18:43:08.652][request][INFO] GET /api/identity
Jul 21 18:43:08 vaultwarden[558057]: [2024-07-21 18:43:08.654][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found
Jul 21 18:43:27 vaultwarden[558057]: [2024-07-21 18:43:27.294][request][INFO] GET /api/
Jul 21 18:43:27 vaultwarden[558057]: [2024-07-21 18:43:27.295][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found
Jul 21 18:44:24 vaultwarden[558057]: [2024-07-21 18:44:24.277][request][INFO] GET /api/identity
Jul 21 18:44:24 vaultwarden[558057]: [2024-07-21 18:44:24.278][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found
Jul 21 18:45:09 vaultwarden[558057]: [2024-07-21 18:45:09.988][request][INFO] GET /api
Jul 21 18:45:09 vaultwarden[558057]: [2024-07-21 18:45:09.989][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found
Jul 21 18:45:31 vaultwarden[558057]: [2024-07-21 18:45:31.092][request][INFO] GET /identity
Jul 21 18:45:31 vaultwarden[558057]: [2024-07-21 18:45:31.094][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found
Jul 21 18:46:24 vaultwarden[558057]: [2024-07-21 18:46:24.666][request][INFO] GET /api
Jul 21 18:46:24 vaultwarden[558057]: [2024-07-21 18:46:24.667][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found
Jul 21 18:46:36 vaultwarden[558057]: [2024-07-21 18:46:36.026][request][INFO] GET /identity
Jul 21 18:46:36 vaultwarden[558057]: [2024-07-21 18:46:36.028][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found

Browser console errors when submitting sign up form:

polyfills.2fbe6d3186140d959b38.js:1 
        
        
       POST https://vw.domain.com/identity/accounts/register 404 (Not Found)
(anonymous) @ polyfills.2fbe6d3186140d959b38.js:1
C.a.<computed> @ polyfills.2fbe6d3186140d959b38.js:1
nativeFetch @ main.930ad6391bde0ab2fc73.js:11
(anonymous) @ main.930ad6391bde0ab2fc73.js:11
r @ main.930ad6391bde0ab2fc73.js:11
t.invoke @ polyfills.2fbe6d3186140d959b38.js:1
onInvoke @ vendor.5fbde6cbb10a6f680a29.js:1
t.invoke @ polyfills.2fbe6d3186140d959b38.js:1
r.run @ polyfills.2fbe6d3186140d959b38.js:1
main.930ad6391bde0ab2fc73.js:147 o {response: null, statusCode: 404}

Received API exception: [object Object]

o {response: null, statusCode: 404}
2

Bump. Does nobody have any guesses or input to provide?

3

First of all, you seem to be using a third party package which are hard for us to support because the maintainers make assumptions that deviate from our own. Secondly looking at the files in the package you seem to be using the WEB_VAULT_FOLDER should be /usr/share/vaultwarden-web. Third you are shipping the web-vault files via Caddy and not let the built-in rocket server serve the files which seem to interfere with the functioning of Vaultwarden. I recommend you start with the example from our wiki and go from there:

1 Like
4

That makes sense, thank you. I assumed a DNF package would minimize user error on my part. I didn’t consider user error on the part of the package itself.

The wiki is very confusing but I managed to get it working. Here’s what I pieced together for anyone else who runs into this:

  1. Extracted the latest binary from docker as per the pre-built binaries wiki.
  2. Created the systemd service as per the wiki.
  3. Renamed my config file in /etc/vaultwarden from vaultwarden.cfg to vaultwarden.env to match what the systemd template is looking for.
  4. Moved the extracted binary to /etc/vaultwarden and pointed the systemd service there.
  5. Simplfiied my Caddy site block down to just the following:
https://vw.domain.com {
        import tls
        import headers
        import cors vw.domain.com
        encode zstd gzip
        reverse_proxy localhost:1234 {
                header_up X-Real-IP {http.request.header.Cf-Connecting-Ip}
        }
}
  1. Restarted everything and it just worked.