Hi everyone, I installed VaultWarden last week using Docker, and I have a proxy handling the https part, but everytime I try to connect to a vault, I receive a “Session expired” message. It happened on the web gui, the Bitwarden desktop and android apps.
Here are the logs from Docker each time I try to connect :
[2023-04-06 09:18:55.097][request][INFO] GET /api/devices/knowndevice
[2023-04-06 09:18:55.099][response][INFO] (get_known_device) GET /api/devices/knowndevice => 200 OK
[2023-04-06 09:19:01.299][request][INFO] POST /identity/accounts/prelogin
[2023-04-06 09:19:01.299][response][INFO] (prelogin) POST /identity/accounts/prelogin => 200 OK
[2023-04-06 09:19:01.381][request][INFO] POST /identity/connect/token
[2023-04-06 09:19:01.654][vaultwarden::api::identity][INFO] User ****@***.*** logged in successfully. IP: ***.***.***.***
[2023-04-06 09:19:01.654][response][INFO] (login) POST /identity/connect/token => 200 OK
[2023-04-06 09:19:01.683][request][INFO] POST /identity/connect/token
[2023-04-06 09:19:01.687][response][INFO] (login) POST /identity/connect/token => 200 OK
[2023-04-06 09:19:01.701][request][INFO] GET /api/sync?excludeDomains=true
[2023-04-06 09:19:01.701][auth][ERROR] Unauthorized Error: No access token provided
[2023-04-06 09:19:01.702][vaultwarden::api::core::ciphers::_][WARN] Request guard `Headers` failed: "No access token provided".
[2023-04-06 09:19:01.702][rocket::server::_][WARN] No 401 catcher registered. Using Rocket default.
[2023-04-06 09:19:01.702][response][INFO] (sync) GET /api/sync?<data..> => 401 Unauthorized
And here is my VaultWarden config :
Your environment (Generated via diagnostics page)
- Vaultwarden version: v1.28.1
- Web-vault version: v2023.3.0b
- OS/Arch: linux/x86_64
- Running within Docker: true (Base: Debian)
- Environment settings overridden: true
- Uses a reverse proxy: false
- Internet access: true
- Internet access via a proxy: false
- DNS Check: true
- Browser/Server Time Check: true
- Server/NTP Time Check: true
- Domain Configuration Check: false
- HTTPS Check: true
- Database type: SQLite
- Database version: 3.39.2
- Clients used:
- Reverse proxy and version:
- Other relevant information:
Config (Generated via diagnostics page)
Show Running Config
Environment settings which are overridden: ADMIN_TOKEN
{
"_duo_akey": null,
"_enable_duo": false,
"_enable_email_2fa": false,
"_enable_smtp": true,
"_enable_yubico": false,
"_icon_service_csp": "",
"_icon_service_url": "",
"_ip_header_enabled": true,
"_smtp_img_src": "cid:",
"admin_ratelimit_max_burst": 3,
"admin_ratelimit_seconds": 300,
"admin_session_lifetime": 20,
"admin_token": "***",
"allowed_iframe_ancestors": "",
"attachments_folder": "data/attachments",
"authenticator_disable_time_drift": false,
"data_folder": "data",
"database_conn_init": "",
"database_max_conns": 10,
"database_timeout": 30,
"database_url": "***************",
"db_connection_retries": 15,
"disable_2fa_remember": false,
"disable_admin_token": false,
"disable_icon_download": false,
"domain": "*****://**************",
"domain_origin": "*****://**************",
"domain_path": "",
"domain_set": true,
"duo_host": null,
"duo_ikey": null,
"duo_skey": null,
"email_attempts_limit": 3,
"email_expiration_time": 600,
"email_token_size": 6,
"emergency_access_allowed": true,
"emergency_notification_reminder_schedule": "0 3 * * * *",
"emergency_request_timeout_schedule": "0 7 * * * *",
"enable_db_wal": true,
"event_cleanup_schedule": "0 10 0 * * *",
"events_days_retain": null,
"extended_logging": true,
"helo_name": null,
"hibp_api_key": null,
"icon_blacklist_non_global_ips": true,
"icon_blacklist_regex": null,
"icon_cache_folder": "data/icon_cache",
"icon_cache_negttl": 259200,
"icon_cache_ttl": 2592000,
"icon_download_timeout": 10,
"icon_redirect_code": 302,
"icon_service": "internal",
"incomplete_2fa_schedule": "30 * * * * *",
"incomplete_2fa_time_limit": 3,
"invitation_expiration_hours": 120,
"invitation_org_name": "Vaultwarden",
"invitations_allowed": true,
"ip_header": "X-Real-IP",
"job_poll_interval_ms": 30000,
"log_file": null,
"log_level": "Info",
"log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
"login_ratelimit_max_burst": 10,
"login_ratelimit_seconds": 60,
"org_attachment_limit": null,
"org_creation_users": "",
"org_events_enabled": false,
"org_groups_enabled": false,
"password_hints_allowed": true,
"password_iterations": 600000,
"reload_templates": false,
"require_device_email": false,
"rsa_key_filename": "data/rsa_key",
"send_purge_schedule": "0 5 * * * *",
"sendmail_command": null,
"sends_allowed": true,
"sends_folder": "data/sends",
"show_password_hint": false,
"signups_allowed": true,
"signups_domains_whitelist": "",
"signups_verify": false,
"signups_verify_resend_limit": 6,
"signups_verify_resend_time": 3600,
"smtp_accept_invalid_certs": false,
"smtp_accept_invalid_hostnames": false,
"smtp_auth_mechanism": null,
"smtp_debug": false,
"smtp_embed_images": true,
"smtp_explicit_tls": null,
"smtp_from": "",
"smtp_from_name": "Vaultwarden",
"smtp_host": null,
"smtp_password": null,
"smtp_port": 587,
"smtp_security": "starttls",
"smtp_ssl": null,
"smtp_timeout": 15,
"smtp_username": null,
"templates_folder": "data/templates",
"tmp_folder": "data/tmp",
"trash_auto_delete_days": null,
"trash_purge_schedule": "0 5 0 * * *",
"use_sendmail": false,
"use_syslog": false,
"user_attachment_limit": null,
"web_vault_enabled": true,
"web_vault_folder": "web-vault/",
"websocket_address": "0.0.0.0",
"websocket_enabled": false,
"websocket_port": 3012,
"yubico_client_id": null,
"yubico_secret_key": null,
"yubico_server": null
}
Please let me know if you have an idea.
Best regards