Hello,
I just installed vaultwarden with a nginx reverse proxy and wanted to use the login with device feature but it doesnt work. I dont get a notification and when I accept the request under pending requests nothing happens. Im aware of the other discussion about this topic and read it but I im to dum to solve it I understand that it has to do with websockets but I dont know how to fix it.
Vaultwarden Logs:
[2024-01-04 16:22:43.670][vaultwarden::api::icons][INFO] Downloaded icon from https://banano.nault.cc/assets/favicon/favicon-32x32.png
[2024-01-04 16:22:43.671][response][INFO] (icon_internal) GET /icons/<domain>/icon.png => 200 OK
[2024-01-04 16:22:43.680][request][INFO] GET /api/accounts/profile
[2024-01-04 16:22:43.682][response][INFO] (profile) GET /api/accounts/profile => 200 OK
[2024-01-04 16:22:44.850][request][INFO] GET /api/accounts/profile
[2024-01-04 16:22:44.853][response][INFO] (profile) GET /api/accounts/profile => 200 OK
[2024-01-04 16:22:44.856][request][INFO] GET /api/two-factor
[2024-01-04 16:22:44.858][response][INFO] (get_twofactor) GET /api/two-factor => 200 OK
[2024-01-04 16:22:47.421][request][INFO] GET /api/accounts/profile
[2024-01-04 16:22:47.425][response][INFO] (profile) GET /api/accounts/profile => 200 OK
[2024-01-04 16:22:51.368][request][INFO] GET /api/settings/domains
[2024-01-04 16:22:51.371][response][INFO] (get_eq_domains) GET /api/settings/domains => 200 OK
[2024-01-04 16:22:51.862][request][INFO] GET /api/emergency-access/trusted
[2024-01-04 16:22:51.871][response][INFO] (get_contacts) GET /api/emergency-access/trusted => 200 OK
[2024-01-04 16:22:51.880][request][INFO] GET /api/emergency-access/granted
[2024-01-04 16:22:51.882][response][INFO] (get_grantees) GET /api/emergency-access/granted => 200 OK
[2024-01-04 16:22:54.834][request][INFO] GET /api/accounts/profile
[2024-01-04 16:22:54.837][response][INFO] (profile) GET /api/accounts/profile => 200 OK
[2024-01-04 16:22:55.449][request][INFO] GET /api/two-factor
[2024-01-04 16:22:55.455][response][INFO] (get_twofactor) GET /api/two-factor => 200 OK
[2024-01-04 16:22:57.870][request][INFO] GET /api/accounts/profile
[2024-01-04 16:22:57.872][response][INFO] (profile) GET /api/accounts/profile => 200 OK
[2024-01-04 16:22:58.642][request][INFO] GET /api/accounts/profile
[2024-01-04 16:22:58.646][response][INFO] (profile) GET /api/accounts/profile => 200 OK
[2024-01-04 16:22:58.646][request][INFO] GET /api/two-factor
[2024-01-04 16:22:58.649][response][INFO] (get_twofactor) GET /api/two-factor => 200 OK
[2024-01-04 16:23:01.618][request][INFO] GET /api/settings/domains
[2024-01-04 16:23:01.623][response][INFO] (get_eq_domains) GET /api/settings/domains => 200 OK
[2024-01-04 16:23:02.757][request][INFO] GET /api/emergency-access/trusted
[2024-01-04 16:23:02.760][response][INFO] (get_contacts) GET /api/emergency-access/trusted => 200 OK
[2024-01-04 16:23:02.772][request][INFO] GET /api/emergency-access/granted
[2024-01-04 16:23:02.774][response][INFO] (get_grantees) GET /api/emergency-access/granted => 200 OK
my nginx config:
server {
listen 80;
listen [::]:80;
server_name _; #Change this to your domain name
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name _; #Change this to your domain name
ssl_certificate /home/pi/certificate.crt; #Swap these out with Lets Encrypt Path if using signed cert
ssl_certificate_key /home/pi/private.key; #Swap these out with Lets Encrypt Path if using signed cert
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Allow large attachments
client_max_body_size 128M;
location / {
proxy_pass http://0.0.0.0:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /notifications/hub {
proxy_pass http://0.0.0.0:3012;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /notifications/hub/negotiate {
proxy_pass http://0.0.0.0:8080;
}
}
In my dev tools network tab I can see the websocket but it just says finished.
Request-Url: wss://192.168.188.32/notifications/anonymous-hub?Token=58c13934-a171-4e39-b641-6c93ed6061fd
other Info:
Accept-Encoding:
gzip, deflate, br
Accept-Language:
de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7
Cache-Control:
no-cache
Connection:
Upgrade
Cookie:
PHPSESSID=klnv11j375toe7afd4q5t5do61; _pk_id.1.da8b=7ba6fde5db9e74da.1704310213.
Host:
192.168.188.32
Origin:
https://192.168.188.32
Pragma:
no-cache
Sec-Websocket-Extensions:
permessage-deflate; client_max_window_bits
Sec-Websocket-Key:
0Qlluzp650MQ/De5v9gdug==
Sec-Websocket-Version:
13
Upgrade:
websocket
User-Agent:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
Thx for any help.