I am getting locked out of my account and am unable to authenticate with my master password after rebuilding the bitwarden_rs container.
I am running bitwarden_rs via docker-compose with traefik as a reverse proxy, mariadb as my database, and a docker volume is mounted to /data/ in the container. After the initial docker-compose up -d
I am able to create an account and everything seems to work. If I then make any changes to the container via docker-compose.yml then recreate the container with another docker-compose up -d
, I am no longer able to authenticate with my master password. I am trying to disable registration with the environment variable "SIGNUPS_ALLOWED=false"
in my docker-compose.yml, which is what prompts the container to be rebuilt. I believe I can get around this by using the admin panel, but unless I am misunderstanding the service should keep working after destroying and rebuilding the container. I was having the same issue before I switched to using mariadb as my database.
Below is my docker-compose.yml config for bitwarden:
##bitwarden setup
bitwarden_mariadb:
image: "mariadb"
container_name: "bitwarden_mariadb"
hostname: "bitwarden_mariadb"
restart: always
env_file:
- ".env"
volumes:
- "bitwarden_mariadb_vol:/var/lib/mysql"
- "/etc/localtime:/etc/localtime:ro"
environment:
- "MYSQL_ROOT_PASSWORD=${DB_PASS}"
- "MYSQL_PASSWORD=${DB_PASS}"
- "MYSQL_DATABASE=bitwarden-database"
- "MYSQL_USER=bitwarden-user"
networks:
- "bitwarden_net"
bitwarden:
image: "bitwardenrs/server:latest"
container_name: "bitwarden"
hostname: "bitwarden"
restart: always
env_file:
- ".env"
environment:
## set to true if you need to setup a new account
- "SIGNUPS_ALLOWED=false"
- "DATABASE_URL='mysql://bitwarden-user:${DB_PASS}@bitwarden_mariadb'"
- "ADMIN_TOKEN=${BITWARDEN_ADMIN}"
labels:
- "traefik.enable=true"
- "traefik.docker.network=${PRJCT_PREFIX}_traefik_net"
- "traefik.http.services.bitwarden.loadbalancer.server.port=80"
- "traefik.http.routers.bitwarden.rule=Host(`bitwarden.${MY_DOMAIN}`)"
- "traefik.http.routers.bitwarden.entrypoints=websecure"
- "traefik.http.routers.bitwarden.tls.certresolver=letsencrypt"
- "traefik.http.routers.bitwarden.service=bitwarden"
networks:
- "traefik_net"
- "bitwarden_net"
volumes:
- "bitwarden_vol:/data/"
Here is the output of docker logs bitwarden
after trying to login with my master password.
/--------------------------------------------------------------------\
| Starting Bitwarden_RS |
| Version 1.17.0 |
|--------------------------------------------------------------------|
| This is an *unofficial* Bitwarden implementation, DO NOT use the |
| official channels to report bugs/features, regardless of client. |
| Send usage/configuration questions or feature requests to: |
| https://vaultwarden.discourse.group/ |
| Report suspected bugs/issues in the software itself at: |
| https://github.com/dani-garcia/bitwarden_rs/issues/new |
\--------------------------------------------------------------------/
[WARNING] The following environment variables are being overriden by the config file,
[WARNING] please use the admin panel to make changes to them:
[WARNING] ADMIN_TOKEN
Running migration 20180114171611
Running migration 20180217205753
Running migration 20180427155151
Running migration 20180508161616
Running migration 20180525232323
Running migration 20180601112529
Running migration 20180711181453
Running migration 20180827172114
Running migration 20180910111213
Running migration 20180919144557
Running migration 20181127152651
Running migration 20190526216651
Running migration 20191010083032
Running migration 20191117011009
Running migration 20200313205045
Running migration 20200409235005
Running migration 20200701214531
Running migration 20200802025025
[2020-10-28 20:43:25.837][start][INFO] Rocket has launched from http://0.0.0.0:80
[2020-10-28 20:53:38.765][request][INFO] POST /api/accounts/prelogin
[2020-10-28 20:53:38.793][response][INFO] POST /api/accounts/prelogin (prelogin) => 200 OK
[2020-10-28 20:53:39.079][request][INFO] POST /identity/connect/token
[2020-10-28 20:53:39.081][error][ERROR] Username or password is incorrect. Try again. IP: <MY_IP>. Username: <MY_USER_NAME>.
[2020-10-28 20:53:39.081][response][INFO] POST /identity/connect/token (login) => 400 Bad Request