I have followed the instructions from this web site to create a Vaultwarden instance that would be accessible from local Lan only: Running a private vaultwarden instance with Let’s Encrypt certs · dani-garcia/vaultwarden Wiki - https://github.com/ .
My compose file is identical to the one from the website except for DOMAIN which is xxx.duckdns.org and my email address. I am doing this in an Ubuntu 22.04 machine.
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
099ce8736d2b caddy:2 "caddy run --config …" 33 hours ago Up 33 hours 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp, 443/udp, 2019/tcp caddy
3b6d049aa07d vaultwarden/server:latest "/start.sh" 33 hours ago Up 33 hours (healthy) 80/tcp, 3012/tcp vaultwarden
and the Caddy log ...
{"level":"info","ts":1673973734.8876078,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"vfor25.duckdns.org","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1673973738.12357,"logger":"http.acme_client","msg":"authorization finalized","identifier":"vfor25.duckdns.org","authz_status":"valid"}
{"level":"info","ts":1673973738.12361,"logger":"http.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme-v02.api.letsencrypt.org/acme/order/906613677/159377011367"}
{"level":"info","ts":1673973738.6005054,"logger":"http.acme_client","msg":"successfully downloaded available certificate chains","count":2,"first_url":"https://acme-v02.api.letsencrypt.org/acme/cert/03f3883c5e892ca24e2a5f0db181f3eb68f6"}
{"level":"info","ts":1673973738.601345,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"vfor25.duckdns.org"}
{"level":"info","ts":1673973738.6014197,"logger":"tls.obtain","msg":"releasing lock","identifier":"vfor25.duckdns.org"}
{"level":"info","ts":1673974209.636354,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"192.168.0.88","remote_port":"44472","proto":"HTTP/1.1","method":"GET","host":"192.168.0.88","uri":"/","headers":{"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate"],"Connection":["keep-alive"]}},"user_id":"","duration":0.000104576,"size":0,"status":308,"resp_headers":{"Connection":["close"],"Location":["https://192.168.0.88/"],"Content-Type":[],"Server":["Caddy"]}}
{"level":"info","ts":1673974232.5893369,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"172.19.0.1","remote_port":"51534","proto":"HTTP/1.1","method":"GET","host":"172.19.0.3","uri":"/","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate"],"Connection":["keep-alive"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0"]}},"user_id":"","duration":0.000089215,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://172.19.0.3/"],"Content-Type":[]}}
{"level":"info","ts":1673974282.8313718,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"172.19.0.1","remote_port":"42110","proto":"HTTP/1.1","method":"GET","host":"172.17.0.1","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate"],"Connection":["keep-alive"],"Upgrade-Insecure-Requests":["1"]}},"user_id":"","duration":0.00007982,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://172.17.0.1/"],"Content-Type":[]}}
They appeared to start up OK… However I am not sure how I can get to vaultwarden instance using local IP (192.168.0.88) or localhost or 127.0.0.1. They all failed with this message …
Secure Connection Failed
An error occurred during a connection to 127.0.0.1. Peer reports it experienced an internal error.
Error code: SSL_ERROR_INTERNAL_ERROR_ALERT
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Using the Vaultwarden docker network like 172.19.0.2 I got this …
Unable to connect
An error occurred during a connection to 172.19.0.2.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer’s network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the web.
However curl appeared to reach the vaultwarden instance.
zung@ubuntu22:~$ curl -v 172.19.0.2
* Trying 172.19.0.2:80...
* Connected to 172.19.0.2 (172.19.0.2) port 80 (#0)
> GET / HTTP/1.1
> Host: 172.19.0.2
> User-Agent: curl/7.86.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< content-type: text/html; charset=utf-8
< cache-control: public, max-age=600
< expires: Thu, 19 Jan 2023 02:09:47 GMT
< server: Rocket
< x-frame-options: SAMEORIGIN
< permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
< x-content-type-options: nosniff
< referrer-policy: same-origin
< x-xss-protection: 0
< content-security-policy: default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'self' blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; img-src 'self' data: https://haveibeenpwned.com https://www.gravatar.com ; connect-src 'self' https://api.pwnedpasswords.com https://2fa.directory https://app.simplelogin.io/api/ https://app.anonaddy.com/api/ https://api.fastmail.com/ ;
< content-length: 1240
< date: Thu, 19 Jan 2023 02:01:11 GMT
<
<!doctype html><html class="theme_light"><head><meta charset="utf-8"/><meta name="viewport" content="width=1010"/><meta name="theme-color" content="#175DDC"/><title page-title>Vaultwarden Web Vault</title><link rel="apple-touch-icon" sizes="180x180" href="images/apple-touch-icon.png"/><link rel="icon" type="image/png" sizes="32x32" href="images/favicon-32x32.png"/><link rel="icon" type="image/png" sizes="16x16" href="images/favicon-16x16.png"/><link rel="mask-icon" href="images/safari-pinned-tab.svg" color="#175DDC"/><link rel="manifest" href="ca8f66ed7fccfcd0809f.json"/><script defer="defer" src="theme_head.5f24ba8d7aa944e6f52b.js"></script><link href="app/main.82096a4e78d5d3f7b01b.css" rel="stylesheet"></head><body class="layout_frontend"><app-root><div class="mt-5 d-flex justify-content-center"><div><img class="mb-4 logo logo-themed" alt="Bitwarden"/><p class="text-center"><i class="bwi bwi-spinner bwi-spin bwi-2x text-muted" title="Loading" aria-hidden="true"></i></p></div></div></app-root><script defer="* Connection #0 to host 172.19.0.2 left intact
defer" src="app/polyfills.428c25638840333a09ee.js"></script><script defer="defer" src="app/vendor.7c30c6e2b5ba56506ea9.js"></script><script defer="defer" src="app/main.5f8690f5c03a207c390a.js"></script></body></html>
Can someone know the reasons for this issue and help me out. Thanks