No website icons

Hi.

When I add a new item, bitwardenrs is unable to get its favicon, and all I get is a generic grey globe. (in both, the web and iOS apps)

example log:

[2021-04-15 19:36:07.251][request][INFO] GET /icons/www.arduino.cc/icon.png
[2021-04-15 19:36:07.251][response][INFO] GET /icons//icon.png (icon) => 404 Not Found

If I manually add the icon eg: /icon-cache/www.arduino.cc.png and delete the www.adruino.cc.miss.png it will work.

Given that the gravatar icon for my profile picture is working, it’s not like the server isn’t able to access the internet.

I’m running bitwardenrs in a docker container on an ubuntu20.04 vps with aaPanel.
It’s being proxied through NginX using one of the configs on the wiki.

Please check the /admin/diagnostics page and post the generator support string please.

Also, enable debug log level and try again. It will give s bit more information during icon downloading.

Hmm. Had to up the nginx timeout, the diagnostics page kept returning a 504 error otherwise, but here’s the support string:

Your environment (Generated via diagnostics page)

• Bitwarden_rs version: v1.20.0
• Web-vault version: v2.19.0
• Running within Docker: true
• Uses a reverse proxy: true
• IP Header check: true (X-Real-IP)
• Internet access: false
• Internet access via a proxy: false
• DNS Check: false
• Time Check: true
• Domain Configuration Check: false
• HTTPS Check: false
• Database type: SQLite
• Database version: 3.33.0
• Clients used:
• Reverse proxy and version:
• Other relevant information:

Config (Generated via diagnostics page)

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_ip_header_enabled": true,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_max_conns": 10,
  "database_url": "****/**.*******",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "****://*********",
  "domain_origin": "****://*********",
  "domain_path": "",
  "domain_set": false,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "invitation_org_name": "Bitwarden_RS",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "log_file": "/data/bitwarden.log",
  "log_level": "debug",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "org_attachment_limit": null,
  "org_creation_users": "",
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "sends_folder": "data/sends",
  "show_password_hint": true,
  "signups_allowed": true,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_explicit_tls": false,
  "smtp_from": "",
  "smtp_from_name": "Bitwarden_RS",
  "smtp_host": null,
  "smtp_password": null,
  "smtp_port": 587,
  "smtp_ssl": true,
  "smtp_timeout": 15,
  "smtp_username": null,
  "templates_folder": "data/templates",
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

hmm. So according to this I don’t have internet access. I wonder why. I took the NginX proxy from the wiki. Here is a paste of my nginx config, maybe that’s where the issue lies?

Semi-related question: I’m new to docker and the way I’m enabling the admin page now is I delete the current container, and create a new one with -e ADMIN_TOKEN=secret.
Is that how you’re supposed to do it, or should you/is it possible to pass this argument to an already running/existing container?

edit1: I checked ufw, and I don’t have any rules pertaining the docker ports that the container uses.

edit2: I checked iptables, and that does have this line:

image1396×84 11.3 KB

edit3: I did this:

which added this to iptables:

image1430×164 23.7 KB

but I still dont have internet access. How do I remove that first drop rule?

To remove a rule you could do the following:

ufw status numbered
ufw delete <rule-number>

Also, nginx is your reverse proxy (host > app), not outgoing proxy (app > internet).
I’m not sure how or why, but maybe the network config of the container could cause some issues.
You could also try to, for a small moment, disable the ufw and see if that helps.

It was my host’s /etc/resolve.conf that was wrong, which resulted in the container’s resolve.conf also being wrong. I followed the steps proposed by lewish95 here and that fixed my issue.

sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
and then I recreated the bitwarden container.

It’s weird because despite the seemingly wrong resolv.conf my host still had internet access, but whatever, I guess that linux works in mysterious ways. In any case, it’s fixed now.