Excessive websocket "spam" in log on new 1.30.5 install on Unraid behind Traefik

Hi

I’m setting up a new Vaultwarden install on a new Unraid server.

I’ve used Unraid’s App “store” to setup a vaultwarden docker container. Using vaultwarden/server:latest. (which I believe is 1.30.5?)

Taking notes of the requirements that a websocket port is not needed any longer, I used the information on the wiki to setup Traefik’s labels for the new guidelines.

On starting the docker, everything seems fine: I can access the web vault, the Firefox extension works, Android app works, and the Windows app works – to a point.

In the Windows app, I was noticing “flickering” - the list of passwords in the centre column was constantly reload every 2 seconds or so.

So I checked the logs and I was getting the following repeatedly, every two seconds.

[2024-04-11 16:39:14.047][request][INFO] GET /notifications/hub?access_token=**REDACTED**
[2024-04-11 16:39:14.048][vaultwarden::api::notifications][INFO] Accepting Rocket WS connection from 172.18.0.1
[2024-04-11 16:39:14.048][response][INFO] (websockets_hub) GET /notifications/hub?<data..> => 200 OK
[2024-04-11 16:39:14.099][request][INFO] GET /api/accounts/revision-date

I’ve been figuratively pulling my hair out trying to get this to stop.

The Unraid template for vaultwarden I’m using generates the run command as follows:

docker run
  -d
  --name='vaultwarden'
  --net='varosnet'
  -e TZ="Australia/Sydney"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="VAROS"
  -e HOST_CONTAINERNAME="vaultwarden"
  -e 'ADMIN_TOKEN'='((ADMIN_TOKEN))'
  -e 'SIGNUPS_ALLOWED'='true'
  -e 'INVITATIONS_ALLOWED'='true'
  -e 'PUSH_ENABLED'='true'
  -e 'PUSH_INSTALLATION_ID'='((INSTALLATION_ID))'
  -e 'PUSH_INSTALLATION_KEY'='((INSTALLATION_KEY))'
  -e 'LOG_FILE'='/data/vaultwarden.log'
  -e 'LOG_LEVEL'='debug'
  -e 'EXTENDED_LOGGING'='true'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.webui='http://[IP]:[PORT:80]/admin'
  -l net.unraid.docker.icon='https://raw.githubusercontent.com/selfhosters/unRAID-CA-templates/master/templates/img/vaultwarden.png'
  -l 'traefik.enable'='true'
  -l 'traefik.http.routers.vaultwarden.entryPoints'='http'
  -l 'traefik.http.services.vaultwarden.loadbalancer.server.port'='80'
  -l 'traefik.http.routers.vaultwarden.rule'='Host(`my.domain.here`)'
  -l 'traefik.http.routers.vaultwarden.service'='vaultwarden'
  -p '4743:80/tcp'
  -v '/mnt/user/appdata/vaultwarden':'/data':'rw' 'vaultwarden/server:latest'

Is that constant log “spam” normal, or have I misconfigured something?

I still have my old vaultwarden setup on my old server - it’s working fine, but still has the old websocket port setup. I wanted to “future-proof” my new server setup.

I’m perfectly willing to provide other information if it helps.

Thanks in advance for your time and help!

~jondar

Log out of any client that uses websocket connections.
That would be, browser, extensions, desktop client.

Could be one of those is caught in a loop. Not really something we can solve on the server side.

Logged out of all clients. “Spam” log entries stopped. OK so far…

Tried a test of just logging in to web vault again. “Spam” log entries started up again.

Even tried deleting vaultwarden container entirely and restarting fresh. Problem still persists.

Decided to try a different approach:

I’m using a Cloudflare Zero Trust tunnel. Mainly to point it to Traefik so it can reverse proxy.

I set up a direct connection in Cloudflare to the ip and port of vaultwarden. Then I try logging into the web vault. No log “spam”

I’ve come to the conclusion that it’s probably Traefik’s “fault” → I’ve misconfigured something.

Going to sleep on it, and think of my next move.

Thanks for letting me “vent”, LOL.

~jondar

Maybe the reverse proxy dus something to close the connection.
Not sure.

OK. Came back to it and had a rethink.

As I mentioned earlier, I’m building a new server. My old server was still running, and I installed latest vaultwarden on that server. Tested, and no log “spam”.

Old server was running an older version of Traefik (2.6 vs 2.11).

So, I downgraded Traefik on the new server to 2.6, and tested. No log “spam”.

I’ve since stepped through the versions of Traefik (2.6 to 2.7, then 2.8, 2.9. 2.10 to 2.11) and tested each time. All is working as I expect - no log “spam”.

Since I now have it all working, I’m going to consider the matter closed, but I’ll still keep an eye on it for future versions of both traefik and vaultwarden.

Thanks again

~jondar