I recently saw that Vaultwarden is supporting Passkeys now so i thought why not give it a try.
I use Bitwarden on docker on a VPS with caddy as a reverse Proxy.
My Docker Compose File:
services:
vaultwarden:
container_name: vaultwarden
volumes:
- /var/lib/ApplicationData/Vaultwarden/vw-data/:/data/
restart: unless-stopped
ports:
- 4269:80
image: vaultwarden/server:latest
networks:
- vaultwarden # or a custom network like 'bridge' or 'mailnet'
watchtower:
image: containrrr/watchtower:latest
container_name: watchtower
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock # Needed for Docker to interact with the daemon
environment:
- WATCHTOWER_INTERVAL=3600 # Optional: time in seconds between checks for updates
command: --cleanup
networks:
vaultwarden:
driver: bridge
Here is my caddy Config Snippet
bw.domain.me {
reverse_proxy http://localhost:4269
}
And when i click on Log In with Passkey I get a long Error Message:
<!DOCTYPE html> <html lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /> <meta name="robots" content="noindex,nofollow" /> <link rel="icon" type="image/png" href="/vw_static/vaultwarden-favicon.png"> <title>Page not found!</title> <link rel="stylesheet" href="/vw_static/bootstrap.css" /> <link rel="stylesheet" href="/vw_static/404.css" /> </head> <body class="bg-light"> <nav class="navbar navbar-expand-md navbar-dark bg-dark mb-4 shadow fixed-top"> <div class="container"> <a class="navbar-brand" href="/"><img class="vaultwarden-icon" src="/vw_static/vaultwarden-icon.png" alt="V">aultwarden</a> <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarCollapse" aria-controls="navbarCollapse" aria-expanded="false" aria-label="Toggle navigation"> <span class="navbar-toggler-icon"></span> </button> <div class="collapse navbar-collapse" id="navbarCollapse"> <ul class="navbar-nav me-auto"> </div> </div> </nav> <main class="container inner content text-center"> <h2>Page not found!</h2> <p class="lead">Sorry, but the page you were looking for could not be found.</p> <p class="display-6"> <a href="/"><img class="vw-404" src="/vw_static/404.png" alt="Return to the web vault?"></a></p> <p>You can <a href="/">return to the web-vault</a>, or <a href="https://github.com/dani-garcia/vaultwarden">contact us</a>.</p> </main> <div class="container footer text-muted content">Vaultwarden (unofficial Bitwarden® server)</div> </body> </html>
If i open the Firefox DevTools you can see that it tries to send a GET request to /identity/accounts/webauthn/assertion-options
GET /identity/accounts/webauthn/assertion-options HTTP/2
Host: bw.domain.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 Firefox/140.0
Accept: application/json
Accept-Language: en-US,en;q=0.7,de;q=0.3
Accept-Encoding: gzip, deflate, br, zstd
Referer: https://bw.domain.me/
device-type: 10
is-prerelease: 1
Cache-Control: no-store
Pragma: no-cache
Bitwarden-Client-Name: web
Bitwarden-Client-Version: 2025.5.0
DNT: 1
Sec-GPC: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=4
TE: trailers
HTTP/2 404
alt-svc: h3=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0
content-security-policy: default-src 'none'; font-src 'self'; manifest-src 'self'; base-uri 'self'; form-action 'self'; object-src 'self' blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; img-src 'self' data: https://haveibeenpwned.com ; connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplelogin.io/api/ https://app.addy.io/api/ https://api.fastmail.com/ https://api.forwardemail.net ;
content-type: text/html; charset=utf-8
cross-origin-resource-policy: same-origin
date: Fri, 04 Jul 2025 11:58:26 GMT
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
referrer-policy: same-origin
server: Caddy
server: Rocket
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-robots-tag: noindex, nofollow
x-xss-protection: 0
content-length: 1834
X-Firefox-Spdy: h2
If i run docker logs vaultwarden
[2025-07-04 12:02:08.694][request][INFO] GET /identity/accounts/webauthn/assertion-options
[2025-07-04 12:02:08.694][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found
Your environment (Generated via diagnostics page)
- Vaultwarden version: v1.34.1
- Web-vault version: v2025.5.0
- OS/Arch: linux/x86_64
- Running within a container: true (Base: Debian)
- Database type: SQLite
- Database version: 3.49.1
- Uses config.json: false
- Uses a reverse proxy: true
- IP Header check: true (X-Forwarded-For)
- Internet access: true
- Internet access via a proxy: false
- DNS Check: true
- Browser/Server Time Check: true
- Server/NTP Time Check: true
- Domain Configuration Check: false
- HTTPS Check: false
- Websocket Check: true
- HTTP Response Checks: true
Config & Details (Generated via diagnostics page)
Show Config & Details
Config:
{
"_duo_akey": null,
"_enable_duo": true,
"_enable_email_2fa": false,
"_enable_smtp": true,
"_enable_yubico": true,
"_icon_service_csp": "",
"_icon_service_url": "",
"_ip_header_enabled": true,
"_max_note_size": 10000,
"_smtp_img_src": "***:",
"admin_ratelimit_max_burst": 3,
"admin_ratelimit_seconds": 300,
"admin_session_lifetime": 20,
"admin_token": "***",
"allowed_connect_src": "",
"allowed_iframe_ancestors": "",
"attachments_folder": "data/attachments",
"auth_request_purge_schedule": "30 * * * * *",
"authenticator_disable_time_drift": false,
"data_folder": "data",
"database_conn_init": "",
"database_max_conns": 10,
"database_timeout": 30,
"database_url": "***************",
"db_connection_retries": 15,
"disable_2fa_remember": false,
"disable_admin_token": false,
"disable_icon_download": false,
"domain": "****://***********",
"domain_origin": "****://***********",
"domain_path": "",
"domain_set": true,
"duo_context_purge_schedule": "30 * * * * *",
"duo_host": null,
"duo_ikey": null,
"duo_skey": null,
"duo_use_iframe": false,
"email_2fa_auto_fallback": false,
"email_2fa_enforce_on_verified_invite": false,
"email_attempts_limit": 3,
"email_change_allowed": true,
"email_expiration_time": 600,
"email_token_size": 6,
"emergency_access_allowed": true,
"emergency_notification_reminder_schedule": "0 3 * * * *",
"emergency_request_timeout_schedule": "0 7 * * * *",
"enable_db_wal": true,
"enable_websocket": true,
"enforce_single_org_with_reset_pw_policy": false,
"event_cleanup_schedule": "0 10 0 * * *",
"events_days_retain": null,
"experimental_client_feature_flags": "",
"extended_logging": true,
"helo_name": null,
"hibp_api_key": null,
"http_request_block_non_global_ips": true,
"http_request_block_regex": null,
"icon_blacklist_non_global_ips": true,
"icon_blacklist_regex": null,
"icon_cache_folder": "data/icon_cache",
"icon_cache_negttl": 259200,
"icon_cache_ttl": 2592000,
"icon_download_timeout": 10,
"icon_redirect_code": 302,
"icon_service": "internal",
"incomplete_2fa_schedule": "30 * * * * *",
"incomplete_2fa_time_limit": 3,
"increase_note_size_limit": false,
"invitation_expiration_hours": 120,
"invitation_org_name": "Vaultwarden Elias",
"invitations_allowed": true,
"ip_header": "X-Forwarded-For",
"job_poll_interval_ms": 30000,
"log_file": null,
"log_level": "info",
"log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
"login_ratelimit_max_burst": 10,
"login_ratelimit_seconds": 60,
"org_attachment_limit": null,
"org_creation_users": "",
"org_events_enabled": false,
"org_groups_enabled": false,
"password_hints_allowed": true,
"password_iterations": 900000,
"push_enabled": false,
"push_identity_uri": "https://identity.bitwarden.com",
"push_installation_id": "***",
"push_installation_key": "***",
"push_relay_uri": "https://push.bitwarden.com",
"reload_templates": false,
"require_device_email": false,
"rsa_key_filename": "data/rsa_key",
"send_purge_schedule": "0 5 * * * *",
"sendmail_command": null,
"sends_allowed": true,
"sends_folder": "data/sends",
"show_password_hint": false,
"signups_allowed": true,
"signups_domains_whitelist": "",
"signups_verify": false,
"signups_verify_resend_limit": 6,
"signups_verify_resend_time": 3600,
"smtp_accept_invalid_certs": true,
"smtp_accept_invalid_hostnames": true,
"smtp_auth_mechanism": "LOGIN",
"smtp_debug": false,
"smtp_embed_images": true,
"smtp_explicit_tls": null,
"smtp_from": "***********************",
"smtp_from_name": "Bitwarden Elias",
"smtp_host": "***************************",
"smtp_password": "***",
"smtp_port": 587,
"smtp_security": "starttls",
"smtp_ssl": null,
"smtp_timeout": 15,
"smtp_username": "***********************",
"templates_folder": "data/templates",
"tmp_folder": "data/tmp",
"trash_auto_delete_days": null,
"trash_purge_schedule": "0 5 0 * * *",
"use_sendmail": false,
"use_syslog": false,
"user_attachment_limit": null,
"user_send_limit": null,
"web_vault_enabled": true,
"web_vault_folder": "web-vault/",
"yubico_client_id": null,
"yubico_secret_key": null,
"yubico_server": null
}