Hello, I’ve been trying for a while now to get VaultWarden in a docker running on my local server, but with no success.
I’ve tried the duckdns challenge, but ran into building issues with caddy. Decided to go the self-signed route, go to a point where I get Rocket has launched from http://0.0.0.0:80 but when I connect to the IP via HTTPS at the specified port on the docker compose file, I get ERR_SSL_PROTOCOL_ERROR.
So I curled that to get more info, and got this piece of info:
curl: (35) OpenSSL/1.1.1s: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
Tried recreating the certificates, made sure they all lined up name wise, nothing. What am I missing here? I would really appreciate your view on the matter.
Thanks and have a great day!
1 Like
Anyone? I really want to get started with VW.
Can you post your configuration and how you start the container? I think you are missing the ROCKET_TLS={certs="data/cert.pem",key="data/key.pem"} because your logs don’t say that Rocket has launched from https://0.0.0.0:80.
I do have that, and I did mention I get Rocket has launched from https://0.0.0.0:80
I got that after adding it in portainer as an env variable.
What else can cause this?
You said:
If you have configured that make sure you recreate the container. Otherwise please post your configuration.
name: vaultwarden
services:
server:
container_name: vaultwarden
image: vaultwarden/server:latest
networks:
default: null
ports:
- mode: ingress
target: 80
published: "88888"
protocol: tcp
- mode: ingress
target: 3012
published: "3012"
protocol: tcp
restart: unless-stopped
volumes:
- type: bind
source: /Path/to/VaultWarden
target: /data
bind:
create_host_path: true
- type: bind
source: /Path/to/VaultWarden/SSL
target: /ssl
bind:
create_host_path: true
networks:
default:
name: vaultwarden_default
and the env var that is set through portainer:
name
ROCKET_TLS:
value
'{certs="/ssl/vaultwarden.crt",key="/ssl/vaultwarden.key"}'
when I tried putting the env inside the docker compose normally I got:
Error: Rocket.
[CAUSE] Io(
Custom {
kind: NotFound,
error: "error reading TLS file `ssl/vaultwarden.crt`: No such file or directory (os error 2)",
},
)
Hope this helps.
So is this issue not solvable? Should I report this as a bug?
You are getting the error message for a reason and you should try to figure out why (i.e. does the file /Path/to/VaultWarden/SSL/vaultwarden.crt exist?).
If you just set the environment variable on a different layer vaultwarden will simply ignore it (as it does not get random environment variables from your host) and you have not actually configured it.
I am trying to figure out why, but I’ve followed all the logical paths I can think of. The file exists in the directory, made sure of that. If the portainer env didn’t work, won’t it show up with the same error as when I try to do it in the compose file?
could this be a permission thing on the crt? Should I chown or chmod or both that directory to a specific user?
First make sure you don’t have a typo in the path. And since the path should exist you should also not need create_host_path: true (I am not sure why you have set this option).
I think a permission issue should prevent either the volume to be mounted in the first place or result in a different error message: Permission denied (os error 13)
If you have a running container (i.e. when you don’t set ROCKET_TLS) you can also run an interactive bash shell (e.g. with docker exec) and inspect the /ssl directory and maybe check if you can cat ssl/vaultwarden.crt…
OK, using ls, I find the source of my problem, thanks for your patience and support!