I notice that these options are marked red in the admin panel.
Accept Invalid Certs (Know the risks!) Default: false
Accept Invalid Hostnames (Know the risks!) Default: false
How do I fix that?
I’m running Vaultwarden in e Docker container starting with smtp settings:
-e SMTP_HOST=mail.server.com
-e SMTP_SECURITY=starttls
-e SMTP_FROM=info@server.com
-e SMTP_USERNAME=info@server.com
-e SMTP_PASSWORD=my-password
which work well.
Apache proxy is configured:
/etc/apache2/sites-enabled/vw.server.com
<IfModule mod_ssl.c>
<VirtualHost ip-address:443 [ipv6-address::4]:443>
Protocols h2 http/1.1
SSLEngine on
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
ServerAdmin webmaster@server.com
ServerName vw.server.com
SSLEngine On
Include /etc/letsencrypt/options-ssl-apache.conf
##logging
ErrorLog /bw-data/bitwarden-error.log
CustomLog /bw-data/bitwarden-access.log combined
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /notifications/hub(.*) ws://localhost:3012/$1 [P,L]
ProxyPass / http://localhost:9011/
ProxyPreserveHost On
ProxyRequests Off
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
</IfModule>
SSLCertificateFile /etc/letsencrypt/live/server.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/server.com/privkey.pem
</VirtualHost>
</IfModule>
What do I miss so that invalid certs are accepted? Or does this not matter, because the cert is managed by apache with the proxy?