Cant connect to ipv6 address database using vaultwarden

I am self hosting bitwarden instance and connecting to postgres database using ec2. My question is i upgraded my ec2 instance to IPV6 address instead of using a IPV4 address. And then when i update the postgres url vaultwarden is not working here are logs

On the other hand i am using a sql client where it is connecting successfully on same IPV6 address. Does it mean we dont support it yet?

Have you tried using [dead:beaf::cafe]:5432

You mean to say wrapping the ipv6 address using [] then yes otherwise the connection string was not working. This error message is same

And you can’t configure any hostname for it? And try to use that?

i mapped that to hostname using cloudflare but still no luck also tried to change the ipv6 address as it is auto assigned but still same message. Can we change the code to support it?

Why is it port 5601 and not the default 5432 of postgres? And is this all running locally on the same EC2 instance or are you trying to run vaultwarden itself on EC2 and connect to some external postgres (ie. hosted Amazon db, etc.)

Little more info on how you have this configured should help.

  1. I am running postgres database using docker(on a EC2 instance) so i can customize the ports
  2. And vaultwarden is also running on a different instance.

i have a existing IPV4 address which works perfectly for vaultwarden. I recently changed the ip address to IPV6 as aws now charges $3.6 per month if you are using a IPV4 address. And changing to IPV6 is free so thus i shifted

I’m not sure why you are running them on separate instances. Nevertheless, even if that were the case aren’t VPC IPs (v4 or v6 regardless) free since they are private subnets?

You should only need one loadbalancer and that is the ingress for vaultwarden.

Na man i am using public ipv4 address which are charged if i upgrade to ipv6 thats free

lets say i have more services running apart from database which i use on a daily basis and hence needed a public facing address

I understand wanting to avoid the ipv4 charge for the public. So let me put it this way so I understand the architecture as this is what I think should be happening-

IPv6 Load Balancer
IPv4 VPC (free)
|            |                |  
| VW         |  DB            |
| |     |
|            |                |

So basically, any of your services (be they on EC2 or whatever else) should be reachable ONLY via their IPv4 addresses which are free because VPCs (ie. a private subnet up in amazon’s cloud just for your stuff like what exists behind your router at home.) This diagram should help - How Amazon VPC works - Amazon Virtual Private Cloud.

So essentially, your vaultwarden is on docker on an EC2 instance labeled VW. That exposes its port or whatever for the public IPv6 Load Balancer. So the ALB goes straight to port 80 (or whatever you have configured) to reach VW from outside. VW itself only reaches out itself to your exposed port on the DB EC2 instance with postgres on port 5432 (or 5601 or whatever.) DB only exposes port 5432 and does not need nor want the IPv6 load balancer to allow ingress.

Because as I understand it- the issue isn’t that you can’t reach Vaultwarden publically- it’s that you have your Vaultwarden trying to connect to your DB over a publicly available IP right? I’m suggesting you definitely make use of your free VPC (which has both IPv4 and IPv6 actually). Use that to connect services. Then use your IPv6 load balancer to only reach the frontend of Vaultwarden.

Let me know if I’m not understanding the issue properly though. Because even if you gave your EC2 a public IPv6 IP it should still have a private IPv4 on it (as far as I remember using AWS.)

Ya thanks man at end i am going to do exact same thing and use that i was confirming whether vaultwarden supports IPV6 or not because if they are not users using services like EC2 they might migrate their IP addresses and will face similar problems as well again thanks for help

I run VaultWarden on an IPv6 only EC2 instance. I have CloudFlare in front of the instance, exposing an IPv4 address for the subdomain, CloudFlare connects to the instance using IPv6. It works fine on my Android phone, web browser plugin, and web browser.

Applications usually don’t have any visibility of the protocol used to get data from the client to the server - it could be IPv4, IPv6, or something completely different. Have a look at the TCP/IP Model / Internet Protocol Suite. IP is at the internet layer (layer 2), applications work at layer 4. Applications don’t have any visibility of the internet protocol used.