Unable to resolve domain name via Portainer

Help
1

Hello together,

I don’t know why but my vaulwarden container got no dns.

Here is my log

Your environment (Generated via diagnostics page)

  • Vaultwarden version: v1.29.2
  • Web-vault version: v2023.7.1
  • OS/Arch: linux/arm
  • Running within Docker: true (Base: Debian)
  • Environment settings overridden: false
  • Uses a reverse proxy: false
  • Internet access: false
  • Internet access via a proxy: false
  • DNS Check: false
  • Browser/Server Time Check: true
  • Server/NTP Time Check: n/a
  • Domain Configuration Check: false
  • HTTPS Check: false
  • Database type: SQLite
  • Database version: 3.41.2
  • Clients used:
  • Reverse proxy and version:
  • Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden:

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_smtp_img_src": "cid:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "****://*********",
  "domain_origin": "****://*********",
  "domain_path": "",
  "domain_set": false,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "push_enabled": false,
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": true,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": null,
  "smtp_password": null,
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": null,
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": false,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Under network I set the primary dns to 127.0.0.1 as same as my pihole.
I don’t understand why there is now the problem.

Thanks in advance.

2

Someone a idea? I don’t use a reserve proxy as info.

3

This would be the loopback local-host address. You’ll likely want to use the IP address of your local DNS such as your pi-hole or upstream router gateway.

4

Thanks, I fixed it. Can you tell me how can I easy activate https?

Or is there no other solution without reverse proxy? (I only want to use it via local network and vpn)

5

I believe there is a method to do this with rocket but IIRC it is not well supported or recommended, and can be pretty complex for a beginner.

IMHO you are probably better off using some type of reverse proxy setup as this is needed for the Bitwarden client apps to properly work and speak to the Vaultwarden backend, even the official Bitwarden backend. A lot of the crypto calls and security checks for a valid or trusted certificate.

You can use something simply like Caddy, and if you already own a ~$10 USD/Year domain name you can get a free certificate validated with DNS only so you don’t need to open any ports on your firewall.
Can fairly simply be set up how you’d like so the service has a valid cert as it needs, but is only accessible via your local LAN and VPN.

6

Do you have a install guide? I don’t know how to configure that with nginx proxy manager in the local network. I only find manuals with port forwarding…

I think there is also a env missing?

image
image2190×549 43.9 KB

Because domain / https is not enabled

image

At the moment, https is enable, DNS Record is set intern, when I access via ngnx manager I get 403 forbidden

7

Not super familiar with nginx config specifically but there have been others who are.
I recommend to check in the wiki for proxy examples and also review if there are any other things that may stick out regarding your setup and portainer.

8

I searched for some solutions but I didn’t find some…

9

Nginx Proxy Manager should work well. I used it before switching to Traefik. Are you using stacks in portainer? you can set it up pretty quick with this first docker-compose example using a stack

and as for port forwarding, they need port 80 port forwarded to your docker host through your router. you will also need a public dns entry pointing to your public IP to verify the cert when using letsencrypt. But if you want to get around that like I did, you could use the dns challenge instead. Here is a guide to do that if your domain registrar is cloudflare.

https://blog.jverkamp.com/2023/03/27/wildcard-lets-encrypt-certificates-with-nginx-proxy-manager-and-cloudflare/

If you’re not using cloudflare, search google for “nginx proxy manager dns challenge [your domain registrar]” and you might find some results.

10

Thats the problem I don’t want to use Portforwarding. I don’t need a domain.

It should be able to use it only in the local network.