Vaultwarden client connexion loops

Help
1

Hi

image
image646×305 10.2 KB

I can access the admin panel.
But when i try to connect to my vault container its stuck in a infinite loop. I can’t access the login screen

2

I have the same problem but not always. Sometimes access works and sometimes it doesn’t. Unfortunately, it doesn’t work very often at the moment. While I can’t access the website, the client sync doesn’t work either.
The admin page can be accessed without any problems.
On the admin page I see an error with the HTTP response validation
I have been running two Vaultwarden instances for several years, but I have (presumably) only recently started experiencing these problems.

3

You need HTTPS! Else it will not work.

4

I’m using HTTS via Caddy reverse proxy and cloudflare as dns provider. I have other services running behind Caddy - without problems. I’ve also tried nginx proxy manager. Both reverse proxies are having “connection refused”.

caddy log:

{“level”:“error”,“ts”:1743957679.5360246,“logger”:“http.log.error.log0”,“msg”:“dial tcp 127.0.0.1:1080: connect: connection refused”,“request”:{“remote_ip”:“162.158.63.23”,“remote_port”:“12354”,“client_ip”:“162.158.63.23”,“proto”:“HTTP/2.0”,“method”:“GET”,“host”:“pwd.mydomain.de”,“uri”:“/favicon.ico”,“headers”:{“Cf-Visitor”:[“{"scheme":"https"}”],“X-Forwarded-Proto”:[“https”],“User-Agent”:[“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0”],“Sec-Ch-Ua-Mobile”:[“?0”],“Cf-Connecting-Ip”:[“80.139.174.123”],“Accept-Encoding”:[“gzip, br”],“X-Forwarded-For”:[“80.139.174.123”],“Priority”:[“u=1, i”],“Referer”:[“https://pwd.mydomain.de/"],“Cache-Control”:[“no-cache”],“Sec-Fetch-Dest”:[“image”],“Cf-Ray”:[“92c2bb6aad15b4c6-EWR”],“Accept”:[“image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8”],“Sec-Fetch-Mode”:[“no-cors”],“Cdn-Loop”:["cloudflare; loops=1”],“Cf-Ipcountry”:[“DE”],“Accept-Language”:[“de,de-DE;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6”],“Sec-Ch-Ua”:[“"Microsoft Edge";v="135", "Not-A.Brand";v="8", "Chromium";v="135"”],“Sec-Fetch-Site”:[“same-origin”],“Pragma”:[“no-cache”],“Sec-Ch-Ua-Platform”:[“"Windows"”]},“tls”:{“resumed”:false,“version”:772,“cipher_suite”:4865,“proto”:“h2”,“server_name”:“pwd.mydomain.de”}},“duration”:0.000154171,“status”:502,“err_id”:“5qqaj94h7”,“err_trace”:“reverseproxy.statusError (reverseproxy.go:1373)”}

nginx prox manager log:

2025/04/06 12:20:59 [error] 280#280: *46 connect() failed (111: Connection refused) while connecting to upstream, client: 162.158.63.24, server: pwd.mydomain.de, request: “GET /favicon.ico HTTP/1.1”, upstream: “http://192.168.242.1:1080/favicon.ico”, host: “pwd.mydomain.de”, referrer: “https://pwd.mydomain.de/
2025/04/06 12:21:06 [error] 281#281: *48 connect() failed (111: Connection refused) while connecting to upstream, client: 172.71.190.108, server: pwd.mydomain.de, request: “GET / HTTP/1.1”, upstream: “http://192.168.242.1:1080/”, host: “pwd.mydomain.de
2025/04/06 12:21:09 [error] 282#282: *50 connect() failed (111: Connection refused) while connecting to upstream, client: 172.71.154.187, server: pwd.mydomain.de, request: “GET / HTTP/1.1”, upstream: “http://192.168.242.1:1080/”, host: “pwd.mydomain.de
2025/04/06 12:21:18 [error] 283#283: *54 connect() failed (111: Connection refused) while connecting to upstream, client: 172.68.245.110, server: pwd.mydomain.de, request: “GET / HTTP/1.1”, upstream: “http://192.168.242.1:1080/”, host: “pwd.mydomain.de

Support string:

Your environment (Generated via diagnostics page)

  • Vaultwarden version: v1.33.2
  • Web-vault version: v2025.1.1
  • OS/Arch: linux/x86_64
  • Running within a container: true (Base: Alpine)
  • Database type: SQLite
  • Database version: 3.48.0
  • Environment settings overridden!: false
  • Uses a reverse proxy: false
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • Browser/Server Time Check: true
  • Server/NTP Time Check: true
  • Domain Configuration Check: false
  • HTTPS Check: true
  • Websocket Check: true
  • HTTP Response Checks: true

Config & Details (Generated via diagnostics page)

Show Config & Details

Config:

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_max_note_size": 10000,
  "_smtp_img_src": "***:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_connect_src": "",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://**************",
  "domain_origin": "*****://**************",
  "domain_path": "",
  "domain_set": true,
  "duo_context_purge_schedule": "30 * * * * *",
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "duo_use_iframe": false,
  "email_2fa_auto_fallback": false,
  "email_2fa_enforce_on_verified_invite": false,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": false,
  "enable_websocket": true,
  "enforce_single_org_with_reset_pw_policy": false,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "experimental_client_feature_flags": "autofill-v2",
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": "***",
  "http_request_block_non_global_ips": false,
  "http_request_block_regex": null,
  "icon_blacklist_non_global_ips": false,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "increase_note_size_limit": false,
  "invitation_expiration_hours": 72,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": "/data/vaultwarden.log",
  "log_level": "debug",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": true,
  "org_groups_enabled": true,
  "password_hints_allowed": false,
  "password_iterations": 600000,
  "push_enabled": false,
  "push_identity_uri": "https://identity.bitwarden.com",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "***************",
  "smtp_from_name": "\"Bitwarden | mydomain.de\"",
  "smtp_host": "*************",
  "smtp_password": null,
  "smtp_port": 25,
  "smtp_security": "off",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": null,
  "templates_folder": "/data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": 30,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": true,
  "user_attachment_limit": null,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "yubico_client_id": "***",
  "yubico_secret_key": "***",
  "yubico_server": null
}

pwd.mydomain.de {
	log {
		level INFO
		output file /data/pwd.log {
			format json {
				time_format rfc3339
			}
			roll_size 10MB
			roll_keep 10
		}
	}

	tls home@mydomain.de {
		protocols tls1.2 tls1.3
		ciphers TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
		dns cloudflare {env.CLOUDFLARE_API_TOKEN}
		resolvers 1.1.1.1
	}
	encode gzip

	reverse_proxy /notifications/hub 192.168.242.1:3012 {
		header_up X-Real-IP {remote_host}

		header_down X-XSS-Protection "1; mode=block"
		header_down X-Content-Type-Options "nosniff"
		header_down X-Robots-Tag "noindex, nofollow"
		header_down -Server
	}

	reverse_proxy 192.168.242.1:1080 {
		header_up X-Real-IP {remote_host}

		header_down X-XSS-Protection "1; mode=block"
		header_down X-Content-Type-Options "nosniff"
		header_down X-Robots-Tag "noindex, nofollow"
		header_down -Server
	}
}

In the past, without http, there was a login field. I’ve got an error, when I wanted to login.
No the page ist loading infinitely.