I´am running Vaultwarden in a Docker Container on my Synology NAS (DSM 7) since months now and everything works fine ! But there is one minor issue I have…
This issue is, that after I login into the Admin Panel, the Tabs "Settings-Users-Organizations and Vault are working properly. Only the Tab “Diagnostics” does not work. In Safari I can see that the Diagnostic Website starts to load but then always stopped.
After some time I receive an error Message from my Synology NAS: We are sorry, the website you are looking for is not available.
Anybody out there with an idea to solve this issue ?
Thank you and kind regards
Is there anything in the log files?
If not try to set the log_level to debug or even trace and see what happens.
Thank you BlackDex. I´ve done as advised…
Seems to be a configuration problem in the NAS Firewall. I have reconfigured he Firewall and now it works properly.
Was it outgoing traffic? Or incoming?
If outgoing, what did you block? Because it should timeout and just continue after a while.
I have configured the Synology Firewall in accordance to the advise of this website:
Rule 4 in this advise was the problem. After deleting this Rule everything worked.
I would like to take up this topic once again…
After some testing on my network and some internet research I was able to solve the problem without compromising the security of my NAS.
But from the beginning: Beyond the problem, described at the beginning of this thread (Diagnostic does not work), logging into the Vaultwarden Web Vault with the Yubikey as second factor also stopped working with the firewall configuration below:
Rule 1 => ALL-ALL => xxx.xxx.xxx.xxx (my fixed IP) => Allow.
Rule 2 => ALL-ALL => 192.168.1.1/255.255.255.0 (my network) => Allow
Rule 3 => ALL-ALL => Germany => Allow
Rule 4 => ALL-ALL-ALL => Deny
If rule 4 was disabled everything worked fine. The two problems described above were also eliminated.
However, my internet research revealed that Rule 4 is apparently mandatory to ensure the security of the NAS.
The solution to the problem is to modify rule 4. Unchanged, all services are selected; however, then the HTTPS port 443 and the HTTP port 80 are disabled within this selection list and then looks like this:
Rule 4 => ALL-ALL-(ALL except 443 and 80) => Deny
Then save and that was it.
Maybe it helps one or the other who has the same problem.