hi guys, I am new to Vaultwarden and docker in general and i just installed it, however i noticed that the admin page is exposed to the internet, and id like to secure it or disable it. I don’t know why this doesn’t have 2fa as it’s crucial for security reasons. Anyways, if someone can please tell me the steps to either:
1-Disable the page for accessing, on which i have tried to delete the admin token but it doesnt work cuz its on the config.json file which i don’t know how to manipulate or not sure if this refers to the actual admin page.
2- using nginx rules, in which i have no clue how to work it as i mentioned, i am new to docker.
Please help me set this up as i like the product, however having this admin page exposed is NOT GOOD.
if you don’t want the /admin page, why did you enable it in the first place?
make sure you don’t set ADMIN_TOKEN in your environment, and it won’t be enabled.
(in my case, /admin returns “The admin panel is disabled, please configure the ‘ADMIN_TOKEN’ variable to enable it”).
because using the .env i was not able to get the smtp working. so I needed the admin page to get it working, now I need to disable but taking off the ADMIN_TOKEN in the .env is not working, page is still accessible.
Back up your data and rebuild a new docker with smtp related env variables. This how I deal with this problem.
However, with 2fa to access admin panel would be better.
Do you run the vault behind any kind of reverse proxy? If so, simply block the use of the admin page from anyone outside of the local network. I use caddy so for example this is the caddy config to do so:
(vaultwarden-admin) {
@admin {
path /admin*
not remote_ip 192.168.0.0/16
}
redir @admin / permanent
}
This takes any path starting with /admin and redirects them to / if they are not within 192.168.0.0/16 and this can be done with any reverse proxy.
where is this config file located? cant find it. I have used this GUIDE to install Vaultwarden
You may find some good detail as well as user contributions for guides on the Vaultwarden Wiki
Though going off the guide you referenced it appears this is stored in a docker volume for the caddy configuration so you should just be able to access that and make the needed config edits or simply add them in the docker-compose.yaml
I have added the code suggested above on the docker-compose.yaml but doesn’t work, and since the caddy config file is on a volume of the docker how can I access it? I am a noob to docker. thanks for the help
If you make a config change you will likely need to run docker-compose up -d
or docker-compose restart
to have that apply. As with anything I would always caution and recommend to have a recent backup of your vault data.
I haven’t messed with docker and volumes in a while but this is what I could find that might help locate this on your system.
Well, if you’ve set ADMIN_TOKEN as an environment variable, remove it or comment it out.
If it’s in config.json, you’ll need to access the file inside your Docker container and remove the admin_token line. You can use a command like docker exec -it [container_name] nano /config/config.json to edit the file.
Restart your Vaultwarden container for the changes to take effect.
I hope this helps. Also, you can check out for some tips here at Vaultwarden Docker — Framework Repositories 1.0 documentation