Need help enabling admin

Help
1

I have tried a few things trying to get the admin interface working on my vaultwarden install. I used the tips from Enabling admin page · dani-garcia/vaultwarden Wiki · GitHub and nginx setup (shauder - Proxy examples · dani-garcia/vaultwarden Wiki · GitHub).

I can’t get the admin interface show up, nginx throws up a 404 not found error. Here’s my command line I used and the nginx config. Finally I also paste the docker log at the bottom which shows that the env file could not be found. I am not familiar with docker or nginx and would appreciate any pointers to enable this!

sudo docker run -d --name vaultwarden -e ADMIN_TOKEN=<MY_ADMIN_TOKEN> -v /vw-data/:/data/ -p 80:80 vaultwarden/server:latest

server {
#       listen 80 default_server;
#       listen [::]:80 default_server;

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;


# From: https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples (shauder)
        server_name pw.*;
        # Allow large attachments
        client_max_body_size 128M;

        ssl_certificate /etc/letsencrypt/live/<domain>/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/<domain>/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/<domain>/fullchain.pem;

        location / {
                proxy_pass http://127.0.0.1:80;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
        }

        location /notifications/hub {
                proxy_pass http://127.0.0.1:3012;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        }

        location /notifications/hub/negotiate {
                proxy_pass http://127.0.0.1:80;
        }

        # Optionally add extra authentication besides the ADMIN_TOKEN
        # If you don't want this, leave this part out
        location /admin {
#       # See: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
                auth_basic "Private";
                auth_basic_user_file /etc/nginx/sites-enabled/default-443-passwd;
#
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
#
                proxy_pass http://127.0.0.1:80;
        }
}

First few lines of docker logs vaultwarden

[INFO] No .env file found.

[2021-06-23 04:05:53.243][start][INFO] Rocket has launched from http://0.0.0.0:80
[2021-06-23 04:37:47.026][request][INFO] POST /api/accounts/prelogin
[2021-06-23 04:37:47.033][response][INFO] POST /api/accounts/prelogin (prelogin) => 200 OK
[2021-06-23 04:37:47.868][request][INFO] POST /identity/connect/token
2

Try to comment out the admin part in the nginx config.
Also, it could be that nginx isn’t used because you have VaultWarden running on port 80 while nginx does that by default too. Try to change there port off VaultWarden to 8080.

3

Hey BlackDex,

Thanks for your pointers - I found that admin was running on port 80. I have now updated my configuration to ensure admin also runs on port 443 (via nginx proxy). In addition to moving vaultwarden to port 8080, I also added 127.0.0.1 to the -p argument so I don’t expose vaultwarden to the network directly.