Need EASY step-by-steps to enable HTTPS

What is the easiest, step-by-step, method to get Bitwarden to work with Vaultwarden, when there’s an error message saying:

This browser requires HTTPS to use the web vault. Check the Vaultwarden wiki for details on how to enable it.

image

I don’t have a domain name or permanent DNS. I’m just a home user running a home server to self host Bitwarden Server via the Vaultwarden Docker. If someone can provide me the simplest steps, I’m sure I can get this to work for me (at least over my home LAN).

Thank you.

I think the message refers to this tutorial:

Actually, if you do not want any domain or something then i suggest to read both

And

I’ve managed to configure using nginx & zeroSSL (check instructions on their site) you will need to NAT forward any custom ports.

I always wonder why anybody who is not capable of deploying a reverse proxy in front of a service in docker container seeks help on password manager forum. If you seek such basic help and even if I provide you right setup straight away - Trust me you better stick with a KeePass XC or KeePass 2 instead of such setup. Too many things can go wrong in the future for you and you can expose yourself to threats you do not understand. HTTPS is standard now and you just need to learn how to pass traffic trough a reverse proxy correctly to ANY service.

Before I give you straight step-by-step super easy help that will solve your problem immediately on your current setup - have you already solved the problem?

You know that the BEST way of returning the favor for any help with questions like yours is to just say simple “thanks” or tell us you have already managed to solve the problem and PROVIDE the description how you did it exactly.

@CyberWarden Some people are just here to learn and don’t have the experience that you may have. I would suggest trying to be more civil and constructive. I happened upon your reply by circumstance, but remember, you were once where they are now and without the knowledge of others, you would not be where you are. We all stand on the shoulders of giants.

Well said and my thoughts exactly.

To be fair to OP , I’ve been running containers for a few years and have been in IT for 20+ and vaultwarden is probably the least helpful containerised app I’ve come across so far.
I simply don’t understand why they can’t just implement HTTPS in the platform itself (at least enabled)… if the https aspect of the webserver is problematic, then replace iit with a different one.
Also documentation seems to be a bit lacking and unhelpful people like this don’t help the situation .

In general keep in mind that there are mainly 2 people working on Vaultwarden in there spare time and that probably is the same for other contributor’s who chime in now and then.

Regarding HTTPS, if you only want TLS1.2 or higher, you can do without a reverse proxy since v1.29.0 and still have websocket support. Before we were not able to have both websockets and normal http traffic on the same port.

Also, HTTPS was supported from the beginning, so not sure why you are complaining about that, though, no websocket support though before v1.29.0.

Also, the reason for not having it enabled by default is, you need certificates, that tends to be troublesome for a lot of people. Also, i have not seen a lot of containers which have that enabled by default. Most run on HTTP, and if you want HTTPS, you need to either configure a cert your self or let a reverse proxy handle it, since most of the time people run more then just one service via there HTTPS port and use subdomains or sub-paths to redirect to these different services.

And, regarding documentation, would be really cool if you know how everything works, you share it with the rest of us by updating our wiki on GitHub. Everyone can update it and help improve. So instead of complaining about it, help would be appreciated.

That way the maintainers can keep Vaultwarden up-to-date and fix bugs in there spare time.

1 Like

I wonder that it is a requirement to use https even for a local connection between nginx and vaultwarden on localhost, just to create the first user. For me this is not a problem but it does cause difficulties for less experienced users. For local operation as a single user on a localhost 127.0.0.1 I think https is overkill. I would also not make vaultwarden accessible from the internet but only use it locally via a vpn. Maybe you can think about this restriction again for localhost or private network only.

Translated with DeepL

Hi guys,

I actually appreciate the forced HTTPS setting also in a private Environment. I strive to have my network as close to zero trust as it can get and with some easy reverse-proxies in place you can quickly delute the security level particularly with Services Spread across multiple physical server all behind a single proxy.

I used the ROCKeT_TLS method with certificates that are retrieved by lego and that all my services access through a docker volume. They are distributed to other hosts by a script (getting different certs for different hosts would be more clean but I also use the cert for my Fritzbox router which cannot retrieve a lets encrypt cert on its own).

Only downside so far: i always Need to restart vaultwarden After the cert gets too old despite the new cert is already available in the volume. Is that by design or am I doing sth wrong?

Thanks!

Edit: Found the upstream issue in Rocket causing this. Seems like it was not me :joy:

Any chance the vaultwarden team can support solving this?

Reading through this thread I can’t seem to find an answer to the original question

“What is the easiest, step-by-step, method to get Bitwarden to work with Vaultwarden, when there’s an error message saying:
This browser requires HTTPS to use the web vault. Check the Vaultwarden wiki for details on how to enable it.”

Can someone provide this information? I’m not able to start Vaultwarden because I get that error. I also don’t have a domain name or permanent DNS, I’m just running a home server to self-host a Bitwarden Server via the Vaultwarden Docker. Any help would be appreciated.

I believe Vaultwarden requires HTTPS.
You’ll need to readup on reverse proxies. Also look into duckdns.org as an option.

Hi! Easy solutions for when you have it running locally and quickly want to setup a user account:

  1. when it runs on your machine on localhost => local-ssl-proxy (npm package)
  2. when it runs in your network => ngrok.com, e.g. I just run $ ngrok http 192.168.1.132:7277 and grok provides you with a temporary URL e.g. https:// 8f94-45-86-132-108. ngrok-free.app