From one Docker Vaultwarden Update to another -> Domain configuration "No Match"

Help
1

Hi, I have been running Vaultwarden since 2023 in a Docker / Portainer Environment without any issues. Unfortunately, after one Vaultwarden update, i cant access my HTTPS Vaultwarden Vault anymore. Again, i havent changed anything to the configuration since 2023 and i am able to open the Admin Console, no issue. But i have seen, that under Admin Console / Diagnostics / Domain Configuration something has made my configuration switched to “No match”. The domain URL hasnt been changed and is showing the DNS address in HTTPS format.

I have Nginx running and another HTTPS instance incl. a Linkwarden docker container is working absolutely fine.

Does anybody know, what could be the case?

2

Well variables do not change by them self. Nor do container image updates.

So, either something or someone changed it.

Regarding the question of it not working, if you can access the admin, accessing the web-vault should work too then.

Maybe providing the support string and some logs during the period you try to login or whatever goes wrong might help.

1 Like
3

Hi BlackDex, thanks for answering that quick. You might trust me or not, but i have been running this setup since 2023 without touching anything on neither the docker / portainer config nor the nginx setup.

### Your environment (Generated via diagnostics page)

* Vaultwarden version: v1.34.2
* Web-vault version: v2025.7.0
* OS/Arch: linux/x86_64
* Running within a container: true (Base: Debian)
* Database type: SQLite
* Database version: 3.50.2
* Uses config.json: true
* Uses a reverse proxy: false
* Internet access: true
* Internet access via a proxy: false
* DNS Check: true
* Browser/Server Time Check: true
* Server/NTP Time Check: true
* Domain Configuration Check: false
* HTTPS Check: true
* Websocket Check: true
* HTTP Response Checks: true

### Config & Details (Generated via diagnostics page)

<details><summary>Show Config & Details</summary>

**Environment settings which are overridden:** ADMIN_TOKEN

**Config:**

```json
{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_max_note_size": 10000,
  "_smtp_img_src": "***:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_connect_src": "",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://***************",
  "domain_origin": "*****://***************",
  "domain_path": "",
  "domain_set": true,
  "duo_context_purge_schedule": "30 * * * * *",
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "duo_use_iframe": false,
  "email_2fa_auto_fallback": false,
  "email_2fa_enforce_on_verified_invite": false,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "enable_websocket": true,
  "enforce_single_org_with_reset_pw_policy": false,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "experimental_client_feature_flags": "",
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "http_request_block_non_global_ips": true,
  "http_request_block_regex": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "increase_note_size_limit": false,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": false,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "push_enabled": false,
  "push_identity_uri": "https://identity.bitwarden.com",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": null,
  "smtp_password": null,
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": null,
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}
```

</details>

these are the logs, which I could gather from portainer

[2025-07-28 17:53:44.758][vaultwarden::api::admin][ERROR] Testing error 400 response
[2025-07-28 17:53:44.758][response][INFO] (get_diagnostics_http) GET /admin/diagnostics/http?<code> => 400 Bad Request
[2025-07-28 17:53:44.758][request][INFO] GET /admin/does-not-exist
[2025-07-28 17:53:44.759][request][INFO] GET /admin/diagnostics/http?code=404
[2025-07-28 17:53:44.759][vaultwarden::api::admin][ERROR] Testing error 404 response
[2025-07-28 17:53:44.759][response][INFO] (get_diagnostics_http) GET /admin/diagnostics/http?<code> => 404 Not Found
[2025-07-28 17:53:44.759][request][INFO] GET /admin/diagnostics/http?code=403
[2025-07-28 17:53:44.759][vaultwarden::api::admin][ERROR] Testing error 403 response
[2025-07-28 17:53:44.759][response][INFO] (get_diagnostics_http) GET /admin/diagnostics/http?<code> => 403 Forbidden
[2025-07-28 17:53:44.760][request][INFO] GET /admin/diagnostics/http?code=401
[2025-07-28 17:53:44.760][vaultwarden::api::admin][ERROR] Testing error 401 response
[2025-07-28 17:53:44.760][response][INFO] (get_diagnostics_http) GET /admin/diagnostics/http?<code> => 401 Unauthorized
[2025-07-28 17:53:44.761][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found
[2025-07-28 17:53:44.761][request][INFO] GET /notifications/anonymous-hub?token=admin-diagnostics
[2025-07-28 17:53:44.761][vaultwarden::api::notifications][INFO] Accepting Anonymous Rocket WS connection from 192.168.1.135
[2025-07-28 17:53:44.761][response][INFO] (anonymous_websockets_hub) GET /notifications/anonymous-hub?<token..> => 200 OK
[2025-07-28 17:53:44.774][vaultwarden::api::notifications][INFO] Closing WS connection from 192.168.1.135
[2025-07-28 17:53:46.020][request][INFO] GET /admin
[2025-07-28 17:53:46.029][response][INFO] (admin_page) GET /admin/ => 200 OK
[2025-07-28 17:53:47.163][request][INFO] GET /admin/diagnostics
[2025-07-28 17:53:47.202][response][INFO] (diagnostics) GET /admin/diagnostics => 200 OK
[2025-07-28 17:53:47.271][request][INFO] GET /api/config
[2025-07-28 17:53:47.272][response][INFO] (config) GET /api/config => 200 OK
[2025-07-28 17:53:47.273][request][INFO] GET /admin/diagnostics/http?code=403
[2025-07-28 17:53:47.273][vaultwarden::api::admin][ERROR] Testing error 403 response
[2025-07-28 17:53:47.273][response][INFO] (get_diagnostics_http) GET /admin/diagnostics/http?<code> => 403 Forbidden
[2025-07-28 17:53:47.274][request][INFO] GET /admin/does-not-exist
[2025-07-28 17:53:47.274][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found
[2025-07-28 17:53:47.274][request][INFO] GET /admin/diagnostics/http?code=404
[2025-07-28 17:53:47.275][vaultwarden::api::admin][ERROR] Testing error 404 response
[2025-07-28 17:53:47.275][response][INFO] (get_diagnostics_http) GET /admin/diagnostics/http?<code> => 404 Not Found
[2025-07-28 17:53:47.275][request][INFO] GET /admin/diagnostics/http?code=400
[2025-07-28 17:53:47.275][vaultwarden::api::admin][ERROR] Testing error 400 response
[2025-07-28 17:53:47.275][response][INFO] (get_diagnostics_http) GET /admin/diagnostics/http?<code> => 400 Bad Request
[2025-07-28 17:53:47.275][request][INFO] GET /admin/diagnostics/http?code=401
[2025-07-28 17:53:47.275][vaultwarden::api::admin][ERROR] Testing error 401 response
[2025-07-28 17:53:47.275][response][INFO] (get_diagnostics_http) GET /admin/diagnostics/http?<code> => 401 Unauthorized
[2025-07-28 17:53:47.275][request][INFO] GET /notifications/anonymous-hub?token=admin-diagnostics
[2025-07-28 17:53:47.275][vaultwarden::api::notifications][INFO] Accepting Anonymous Rocket WS connection from 192.168.1.135
[2025-07-28 17:53:47.275][response][INFO] (anonymous_websockets_hub) GET /notifications/anonymous-hub?<token..> => 200 OK
[2025-07-28 17:53:47.286][vaultwarden::api::notifications][INFO] Closing WS connection from 192.168.1.135
[2025-07-28 17:53:48.652][request][INFO] GET /admin
[2025-07-28 17:53:48.659][response][INFO] (admin_page) GET /admin/ => 200 OK
[2025-07-28 17:53:49.726][request][INFO] POST /admin/config
[2025-07-28 17:53:49.728][response][INFO] (post_config) POST /admin/config application/json => 200 OK
[2025-07-28 17:53:50.973][request][INFO] GET /admin
[2025-07-28 17:53:50.980][response][INFO] (admin_page) GET /admin/ => 200 OK
[2025-07-28 17:53:53.733][request][INFO] GET /admin/diagnostics
[2025-07-28 17:53:53.768][response][INFO] (diagnostics) GET /admin/diagnostics => 200 OK
[2025-07-28 17:53:53.838][request][INFO] GET /api/config
[2025-07-28 17:53:53.838][response][INFO] (config) GET /api/config => 200 OK
[2025-07-28 17:53:53.839][request][INFO] GET /notifications/anonymous-hub?token=admin-diagnostics
[2025-07-28 17:53:53.839][vaultwarden::api::notifications][INFO] Accepting Anonymous Rocket WS connection from 192.168.1.135
[2025-07-28 17:53:53.839][response][INFO] (anonymous_websockets_hub) GET /notifications/anonymous-hub?<token..> => 200 OK
[2025-07-28 17:53:53.840][request][INFO] GET /admin/diagnostics/http?code=403
[2025-07-28 17:53:53.840][vaultwarden::api::admin][ERROR] Testing error 403 response
[2025-07-28 17:53:53.840][response][INFO] (get_diagnostics_http) GET /admin/diagnostics/http?<code> => 403 Forbidden
[2025-07-28 17:53:53.840][request][INFO] GET /admin/does-not-exist
[2025-07-28 17:53:53.840][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found
[2025-07-28 17:53:53.840][request][INFO] GET /admin/diagnostics/http?code=404
[2025-07-28 17:53:53.841][vaultwarden::api::admin][ERROR] Testing error 404 response
[2025-07-28 17:53:53.841][response][INFO] (get_diagnostics_http) GET /admin/diagnostics/http?<code> => 404 Not Found
[2025-07-28 17:53:53.841][request][INFO] GET /admin/diagnostics/http?code=400
[2025-07-28 17:53:53.841][vaultwarden::api::admin][ERROR] Testing error 400 response
[2025-07-28 17:53:53.841][response][INFO] (get_diagnostics_http) GET /admin/diagnostics/http?<code> => 400 Bad Request
[2025-07-28 17:53:53.842][request][INFO] GET /admin/diagnostics/http?code=401
[2025-07-28 17:53:53.842][vaultwarden::api::admin][ERROR] Testing error 401 response
[2025-07-28 17:53:53.842][response][INFO] (get_diagnostics_http) GET /admin/diagnostics/http?<code> => 401 Unauthorized
[2025-07-28 17:53:53.851][vaultwarden::api::notifications][INFO] Closing WS connection from 192.168.1.135
[2025-07-28 18:35:15.411][request][INFO] GET /admin/diagnostics/config
[2025-07-28 18:35:15.411][vaultwarden::api::admin][ERROR] Authorization failed.
[2025-07-28 18:35:15.411][response][INFO] (get_diagnostics_config) GET /admin/diagnostics/config application/json => 401 Unauthorized
[2025-07-28 18:35:19.455][request][INFO] GET /admin/diagnostics
[2025-07-28 18:35:19.455][response][INFO] (diagnostics) GET /admin/diagnostics => 401 Unauthorized
[2025-07-28 18:35:23.765][request][INFO] POST /admin
[2025-07-28 18:35:24.024][response][INFO] (post_admin_login) POST /admin/ application/x-www-form-urlencoded => 303 See Other
[2025-07-28 18:35:24.032][request][INFO] GET /admin/diagnostics
[2025-07-28 18:35:25.204][response][INFO] (diagnostics) GET /admin/diagnostics => 200 OK
[2025-07-28 18:35:25.283][request][INFO] GET /api/config
[2025-07-28 18:35:25.283][response][INFO] (config) GET /api/config => 200 OK
[2025-07-28 18:35:25.284][request][INFO] GET /admin/diagnostics/http?code=404
[2025-07-28 18:35:25.284][vaultwarden::api::admin][ERROR] Testing error 404 response
[2025-07-28 18:35:25.284][response][INFO] (get_diagnostics_http) GET /admin/diagnostics/http?<code> => 404 Not Found
[2025-07-28 18:35:25.284][request][INFO] GET /admin/does-not-exist
[2025-07-28 18:35:25.285][request][INFO] GET /admin/diagnostics/http?code=401
[2025-07-28 18:35:25.286][vaultwarden::api::admin][ERROR] Testing error 401 response
[2025-07-28 18:35:25.286][response][INFO] (get_diagnostics_http) GET /admin/diagnostics/http?<code> => 401 Unauthorized
[2025-07-28 18:35:25.286][request][INFO] GET /admin/diagnostics/http?code=400
[2025-07-28 18:35:25.287][vaultwarden::api::admin][ERROR] Testing error 400 response
[2025-07-28 18:35:25.287][response][INFO] (get_diagnostics_http) GET /admin/diagnostics/http?<code> => 400 Bad Request
[2025-07-28 18:35:25.287][response][INFO] (web_files) GET /<p..> [10] => 404 Not Found
[2025-07-28 18:35:25.288][request][INFO] GET /admin/diagnostics/http?code=403
[2025-07-28 18:35:25.288][vaultwarden::api::admin][ERROR] Testing error 403 response
[2025-07-28 18:35:25.288][response][INFO] (get_diagnostics_http) GET /admin/diagnostics/http?<code> => 403 Forbidden
[2025-07-28 18:35:25.288][request][INFO] GET /notifications/anonymous-hub?token=admin-diagnostics
[2025-07-28 18:35:25.288][vaultwarden::api::notifications][INFO] Accepting Anonymous Rocket WS connection from 192.168.1.135
[2025-07-28 18:35:25.288][response][INFO] (anonymous_websockets_hub) GET /notifications/anonymous-hub?<token..> => 200 OK
[2025-07-28 18:35:25.300][vaultwarden::api::notifications][INFO] Closing WS connection from 192.168.1.135
[2025-07-28 18:35:27.707][request][INFO] GET /admin/diagnostics/config
[2025-07-28 18:35:27.708][response][INFO] (get_diagnostics_config) GET /admin/diagnostics/config application/json => 200 OK
4

I’m not seeing errors in the logs at least.

But i see you have a config.json which overrules every environment variabel. Not sure if config.json contains something different then your env’s.

That file is created when you modify settings in the admin interface.

Either remove that file or adjust the setting via the ui.

5

okay, if i remove the config.json file, where in portainer should i setup the domain url?

or, if i use the config.json, which docker / portainer “settings” should be deleted?

I dont understand, what has changed, but i havent touched anything in the past and therefore i am bit shocked…

6

Well, I’m 100% positive it isn’t done by the container it self.

I haven’t used portainer for a long time, so I’m not sure where to look exactly.

But the config.json should be on the storage, and can be deleted via the admin ui too. At the bottom right there is a delete config button. That should make the environment variabel’s to be used again. But since it only looks like you have configured an admin token via env, i would suggest to just edit the config via the ui, save and it should work again.

We can’t help really how that file or setting is changed though. It is your system, and the container doesn’t adjust it by it self.

7

okay, you mean the “reset defaults” button at the bottom right to delete the *.json?

8

okay, i deleted the config via the Admin UI. But no changes. I still get the message “Domain configuration” → No Match (The domain variable doesnt match the browser location & The domain variable does not seem to be configurated correctly)

9

deleted all .env variables which are not necessary and made adjustments in the Admin UI…no changes, the diagnostics page tells me, that i am not using config.json, which is in the /data folder. I am completely at a loss

Update: When i entered the ADMIN_TOKEN in the Docker .env, then the diagnostics page do use the config.json file by saying YES and a yellow banner is now set around the ADMIN token variable?! Do I maybe missinterpret the difference between .env variables and config.json? Because, this behaviour doesnt make any sense?

Update2: As i am using a Nginx Proxy, why the Diagnostics page shows NO proxy usage?

Again, this all worked for me fine for over 2 years now. But all over sudden, everything stopped aorund ~1 months ago, but only the vaultwarden instance. Linkwarden on same docker env + nginx work just fine.

10

Well, if it’s reporting no reverse proxy, then it must be your nginx which isn’t sending all the correct headers to Vaultwarden. The reverse proxy check is done by checking specific headers.

You can see here which

But none of those are sent to Vaultwarden.

I would also suggest to checkout the proxy examples, which you can find here Proxy examples · dani-garcia/vaultwarden Wiki · GitHub

1 Like
11

I will give it a try And report back.

Thanks Sir

12

Cant get it to work. I have reinstalled NginxPM, one instance (Linkwarden via DNS) works like always but Vaultwarden since one month or so, not.

With the proxy config file examples, I have played around but I am always getting strange “boot” messages from nginx saying that certain options in config are not right etc. etc.

And still the diagnostics page of vaultwarden is showing “no reverse proxy”. I am exhausted as i am trying since yesterday every single option in can find in the internet to make it somehow work.

13

After i recreated the whole damn thang in another docker container on my server, i had the same issues another time. My linkwarden instance (incl. cert generation) worked fine instantly again and the vaultwarden not!

I dont know, by when i changed something on my DNS config at my DNS provide, but after redeploying the old/new DNS name, i instantly got access to a new cert and to my vaultwarden web vault.

What a mess, i produced here. Unbelieveable. Thanks to @BlackDex for your help.

this is solved!