Server url on umbrel

Hi, I am trying to set up Vaultwarden on Umbrel and ran into an issue with the server url in the browser extension:
I used the Tor browser to open vaultwarden via the .onion url of my umbrel, created an account and added some passwords.
When I try to connect the browser extension to vaultwarden, however, I get the error “failed to fetch” when filling in either the .onion url of my umbrel or the one from the vaultwarden window (with and without port 8080) as the Server URL.
Also, I get the error “username or password is incorrect” when trying to put the .onion url of my umbrel or the one from the vaultwarden window (with and without port 8080) as the Web Vault Server URL. Of course, I checked the mail/pw several times and I can log into Vaultwarden via Tor browser with these credentials, but not the browser extension.

Can someone tell me where I can find the correct server url to connect my browser & phone?


Hi, how did you even create an account?

When I connect over Tor (from Brave browser), the account create page says that I need https, but the site doesn’t respond to https, only http (which is secure if over Tor).

I simply opened the app from the umbrel menu in the tor browser and then clicked on “create account”.

So, since no one seems to have any tips, I tried setting up an account from within the browser add on and alas: I get a confirmation mail when doing it this way and I can even log in to the account via the browser add-on with the web vault url being the .onion-url of my umbrel
Now I am not able to reach the account via the TOR-Browser and the umbrel menu (as I was before). So it seems to be mutually exclusive: Create account via umbrel-app: Log in via TOR-browser OR create account via bitwarden addon and only log in via the addon. This is unfortunate and since no one is able to help me out at this point I pass on vaultwarden on umbrel.

i came to the support channel for the same issue, been trying to run this off of my umbrel for a little while now cause if it works itd be a gamechanger for me. Only thing I know of as far as what you’;re suggesting is that the brave browser for some reason doesn’t inclue https by default (or anyway for that matter as far as I can find) so log in has to be used with the official tor browser. in regards to the app, I had not even been able to log in using just the brave extension, which i’m unclear on but seems to be what you were referring to as “addon”. But yes, I came to this forum to see if i could find help on this exact issue but it seems as though it is not just me. I may pass for now as well on using vaultwarden until support may be able to address this or provide documentation to stremaline the config. best to you mbncsa

I don’t know what Umbrel is but that shouldn’t matter.

Bitwarden or Vaultwarden and the extensions only work over https.
It doesn’t matter if it goes over tor or not. The JavaScript api calls just do not work over http unless it is localhost/

Also, if i understand tor correctly, you can’t use a non tor browser to access your tor hidden server via the extension. Either the extension needs to have support for it some how, which it doesn’t as far as i know.

Also, saying that http is safe because using tor, then i think you do not grasp how it works. All tor exit nodes can just sniff your traffic and without https you are insecure.

Hi, danialrami & BlackDex,

@danialrami : thanks and best to you, too. I hope we can run vaultwarden with proper documentation, soon.
@BlackDex : umbrel is a platform for Raspberry Pis for running a bitcoin node. It recently introduced a vaultwarden integration.
Tor comes into play here because all traffic in umbrel is routed via tor and the vaultwarden app in particular can only be accessed from the .onion-address of umbrel. Therefore, all information I have regarding the server url is tor-related (i.e. .onion-addresses). I therefore assumed that the browser integration would be able to access the personal vault via tor.

How can you assume that if Umbrel integrate this into there platform that you can access an .onion address via a normal browser? You can’t access those addresses via any browser unless they have support for it.

Also, it’s not something the extensions or clients will ever support natively, since that’s not where they are designed for.

Okay, I dont know why you are that confrontational.
I know what tor is and how I access .onion addresses. I think it is entirely reasonable to assume that an extension comes with tor-support. I furthermore dont know how vaultwarden, integrated into umbrel, could be accessed from outside my network, when all traffic of umbrel is routed over tor (an option you cannot change in umbrel) and the vaultwarden umbrel-app only allows access via the tor-browser even from within the LAN.

Vaultwarden has no relationship with Umbrel whatsoever. If Umbrel wants to “integrate” Vaultwarden, they’re free to do that, but responsibility for support would fall to Umbrel and/or its community.

Also, Tor is a fairly niche product. It’s not at all reasonable to assume an arbitrary extension would come with Tor support. Certainly the Bitwarden clients were not designed with Tor support in mind.

1 Like

@jjlin no.

  1. The umbrel install page cites this site for support.
  2. Tor is not niche and that assumption is entirely reasonable for sensitive info like PWs.
  1. The Umbrel install page can say whatever it wants, but that doesn’t make it true.
  2. You’re free to define niche in your own way, but I think most people would agree with me. Name a single major password manager that provides access via a hidden service?

Tell me why exactly I should have this conversation with you when you have nothing to say about the original post?

There is nothing to say regarding the original post except for that we do not support these third-party tools.

We can help with reverse proxies and setup and config of docker in most cases. But these kind of setups are not general.

We are giving you what is needed for Vaultwarden to work.

  1. Access to the server from the client.
  2. HTTPS (either via reverse proxy or native)

If one of those items is not working there is no access.
So, if you can’t reach your domain, which in your case is a .onion address, you need to fix that.

If you can’t login because you do not have HTTPS, you need to fix that.

If those conditions are met it should work.
More then these pointers we can’t provide since we do not know or support the platform you use.

@BlackDex my last post wasn’t aimed at you obviously.
Anyway, what I do not get is how I would ever be able to obtain https-access to a device that is only accessible via tor from outside my LAN.

I Know, but its a in-general thing.

Well again, i do not exactly know how this Umbrel works. But i know that HTTPS works fine via Tor.
I would say, just use https://vault.domain.onion.

You probably need to create a self-signed certificate for this.

Okay, last post:
https://vault.domain.onion doesn’t work since the extension does not pack tor-support. Now way to set up vaultwarden on umbrel with access from outside the LAN right now. If anyone finds out how to set this up, please drop me a line.

Have to use TOR Browser. Will not work with BRAVE browser