Vaultwarden login with device not working

Besi · January 4, 2024, 5:01pm

Hello,
I just installed vaultwarden with a nginx reverse proxy and wanted to use the login with device feature but it doesnt work. I dont get a notification and when I accept the request under pending requests nothing happens. Im aware of the other discussion about this topic and read it but I im to dum to solve it I understand that it has to do with websockets but I dont know how to fix it.

Vaultwarden Logs:

[2024-01-04 16:22:43.670][vaultwarden::api::icons][INFO] Downloaded icon from https://banano.nault.cc/assets/favicon/favicon-32x32.png
[2024-01-04 16:22:43.671][response][INFO] (icon_internal) GET /icons/<domain>/icon.png => 200 OK

[2024-01-04 16:22:43.680][request][INFO] GET /api/accounts/profile

[2024-01-04 16:22:43.682][response][INFO] (profile) GET /api/accounts/profile => 200 OK

[2024-01-04 16:22:44.850][request][INFO] GET /api/accounts/profile

[2024-01-04 16:22:44.853][response][INFO] (profile) GET /api/accounts/profile => 200 OK

[2024-01-04 16:22:44.856][request][INFO] GET /api/two-factor

[2024-01-04 16:22:44.858][response][INFO] (get_twofactor) GET /api/two-factor => 200 OK

[2024-01-04 16:22:47.421][request][INFO] GET /api/accounts/profile

[2024-01-04 16:22:47.425][response][INFO] (profile) GET /api/accounts/profile => 200 OK

[2024-01-04 16:22:51.368][request][INFO] GET /api/settings/domains

[2024-01-04 16:22:51.371][response][INFO] (get_eq_domains) GET /api/settings/domains => 200 OK

[2024-01-04 16:22:51.862][request][INFO] GET /api/emergency-access/trusted

[2024-01-04 16:22:51.871][response][INFO] (get_contacts) GET /api/emergency-access/trusted => 200 OK

[2024-01-04 16:22:51.880][request][INFO] GET /api/emergency-access/granted

[2024-01-04 16:22:51.882][response][INFO] (get_grantees) GET /api/emergency-access/granted => 200 OK

[2024-01-04 16:22:54.834][request][INFO] GET /api/accounts/profile

[2024-01-04 16:22:54.837][response][INFO] (profile) GET /api/accounts/profile => 200 OK

[2024-01-04 16:22:55.449][request][INFO] GET /api/two-factor

[2024-01-04 16:22:55.455][response][INFO] (get_twofactor) GET /api/two-factor => 200 OK

[2024-01-04 16:22:57.870][request][INFO] GET /api/accounts/profile

[2024-01-04 16:22:57.872][response][INFO] (profile) GET /api/accounts/profile => 200 OK

[2024-01-04 16:22:58.642][request][INFO] GET /api/accounts/profile

[2024-01-04 16:22:58.646][response][INFO] (profile) GET /api/accounts/profile => 200 OK

[2024-01-04 16:22:58.646][request][INFO] GET /api/two-factor

[2024-01-04 16:22:58.649][response][INFO] (get_twofactor) GET /api/two-factor => 200 OK

[2024-01-04 16:23:01.618][request][INFO] GET /api/settings/domains

[2024-01-04 16:23:01.623][response][INFO] (get_eq_domains) GET /api/settings/domains => 200 OK

[2024-01-04 16:23:02.757][request][INFO] GET /api/emergency-access/trusted

[2024-01-04 16:23:02.760][response][INFO] (get_contacts) GET /api/emergency-access/trusted => 200 OK

[2024-01-04 16:23:02.772][request][INFO] GET /api/emergency-access/granted

[2024-01-04 16:23:02.774][response][INFO] (get_grantees) GET /api/emergency-access/granted => 200 OK

my nginx config:

server {
    listen 80;
    listen [::]:80;
    server_name _; #Change this to your domain name
    return 301 https://$host$request_uri;
}
server {
  listen 443 ssl http2;
  server_name _; #Change this to your domain name

  ssl_certificate      /home/pi/certificate.crt;   #Swap these out with Lets Encrypt Path if using signed cert
  ssl_certificate_key  /home/pi/private.key; #Swap these out with Lets Encrypt Path if using signed cert

  ssl_dhparam /etc/ssl/certs/dhparam.pem;

  # Allow large attachments
  client_max_body_size 128M;

  location / {
    proxy_pass http://0.0.0.0:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }

  location /notifications/hub {
    proxy_pass http://0.0.0.0:3012;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }

  location /notifications/hub/negotiate {
    proxy_pass http://0.0.0.0:8080;
  }
}

In my dev tools network tab I can see the websocket but it just says finished.
Request-Url: wss://192.168.188.32/notifications/anonymous-hub?Token=58c13934-a171-4e39-b641-6c93ed6061fd
other Info:

Accept-Encoding:

gzip, deflate, br

Accept-Language:

de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7

Cache-Control:

no-cache

Connection:

Upgrade

Cookie:

PHPSESSID=klnv11j375toe7afd4q5t5do61; _pk_id.1.da8b=7ba6fde5db9e74da.1704310213.

Host:

192.168.188.32

Origin:

https://192.168.188.32

Pragma:

no-cache

Sec-Websocket-Extensions:

permessage-deflate; client_max_window_bits

Sec-Websocket-Key:

0Qlluzp650MQ/De5v9gdug==

Sec-Websocket-Version:

13

Upgrade:

websocket

User-Agent:

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36

Thx for any help.

stefan0xC · January 4, 2024, 5:10pm

See my answer here

Topic		Replies	Views
SSO with device Help	3	590	November 23, 2023
Websocket Connections Failing Help	0	277	October 26, 2023
⚠️ [NOTE] BREAKING CHANGE in upcoming v1.31.0 stable version	2	2664	November 3, 2023
iOS app connection error - 404 for /api/devices/knowndevice/ Help	3	543	December 10, 2022
My Vaultwarden randmly "died" and doesnt work properly anymore Help	14	1477	June 12, 2023

Vaultwarden login with device not working

Related Topics