Websocket fails to connect #1239

New Issue

Closed

opened 2026-02-05 00:21:20 +03:00 by OVERLORD · 0 comments

OVERLORD commented 2026-02-05 00:21:20 +03:00

Owner

Copy Link

Originally created by @Sneakometer on GitHub (Mar 21, 2022).

Subject of the issue

Logging into the vaultwarden frontend causes the following exception to be printed to the web browsers console:

WebSocketTransport.js:99 WebSocket connection to 'wss://vaultwarden.mydomain.com/notifications/hub?access_token=eyJ0eXAiOiJK...
[2022-03-21T16:57:16.647Z] Error: Failed to start the connection: Error: There was an error with the transport.
consoleLog.service.ts:51 Error: There was an error with the transport.
    at WebSocket.a.onerror [as __zone_symbol__ON_PROPERTYerror] (WebSocketTransport.js:118:45)
    at WebSocket.M (zone.js:803:43)
    at t.invokeTask (zone.js:434:35)
    at Object.onInvokeTask (core.js:28578:33)
    at t.invokeTask (zone.js:433:64)
    at e.runTask (zone.js:205:51)
    at e.invokeTask [as invoke] (zone.js:516:38)
    at m (zone.js:1656:18)
    at WebSocket.b (zone.js:1682:21)

(Tried with chrome and firefox)

Deployment environment

Your environment (Generated via diagnostics page)

• Vaultwarden version: v1.24.0
• Web-vault version: v2.25.1
• Running within Docker: true (Base: Debian)
• Environment settings overridden: true
• Uses a reverse proxy: true
• IP Header check: true (X-Real-IP)
• Internet access: false
• Internet access via a proxy: false
• DNS Check: false
• Time Check: true
• Domain Configuration Check: true
• HTTPS Check: true
• Database type: SQLite
• Database version: 3.35.4
• Clients used:
• Reverse proxy and version:
• Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden: ADMIN_TOKEN

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": false,
  "_enable_smtp": false,
  "_enable_yubico": true,
  "_ip_header_enabled": true,
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_max_conns": 10,
  "database_url": "****/**.*******",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://*****.******.**",
  "domain_origin": "*****://*****.******.**",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 5 * * * *",
  "emergency_request_timeout_schedule": "0 5 * * * *",
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_explicit_tls": false,
  "smtp_from": "*****@******.**",
  "smtp_from_name": "Bitwarden",
  "smtp_host": "****.********.***",
  "smtp_password": "***",
  "smtp_port": 465,
  "smtp_ssl": true,
  "smtp_timeout": 15,
  "smtp_username": "******",
  "templates_folder": "data/templates",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": false,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

• vaultwarden version: 2.25.1

• Install method: Docker, proxied through nginx and cloudflare

• Clients used: web vault

• Reverse proxy and version: nginx/1.14.2

• MySQL/MariaDB or PostgreSQL version:

• Other relevant details: Running on an ipv6 only server (might be the reason?).

Steps to reproduce

Default vaulwarden installation using docker image provided from https://hub.docker.com/r/vaultwarden/server

Expected behaviour

Websockets to work and not throw exceptions

Actual behaviour

Websockets not working and throwing exceptions

Troubleshooting data

Already tried without cloudflare, changing up the websocket ports and setting proxy buffering to off.

Docker ps:

CONTAINER ID   IMAGE                                                COMMAND                  CREATED       STATUS                 PORTS                                                                              NAMES
9396ee37d55f   registry.ipv6.docker.com/vaultwarden/server:latest   "/usr/bin/dumb-init …"   2 days ago   Up 2 days (healthy)   0.0.0.0:3012->3012/tcp, :::3012->3012/tcp, 0.0.0.0:3001->80/tcp, :::3001->80/tcp   vaultwarden

Nginx configuration:

server {
  listen [::]:80;
  server_name vault.mydomain.com;
  return 301 https://$host$request_uri;
}

server {
  listen [::]:443 ssl http2;
  server_name vault.mydomain.com;

  location / {
    proxy_pass http://[::1]:3001;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }

  location /notifications/hub {
    proxy_pass http://[::1]:3012;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }

  location /notifications/hub/negotiate {
    proxy_pass http://[::1]:3001;
  }
  ssl_certificate /etc/letsencrypt/live/vault.mydomain.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/vault.mydomain.com/privkey.pem;
}

Originally created by @Sneakometer on GitHub (Mar 21, 2022). ### Subject of the issue <!-- Describe your issue here. --> Logging into the vaultwarden frontend causes the following exception to be printed to the web browsers console: ``` WebSocketTransport.js:99 WebSocket connection to 'wss://vaultwarden.mydomain.com/notifications/hub?access_token=eyJ0eXAiOiJK... [2022-03-21T16:57:16.647Z] Error: Failed to start the connection: Error: There was an error with the transport. consoleLog.service.ts:51 Error: There was an error with the transport. at WebSocket.a.onerror [as __zone_symbol__ON_PROPERTYerror] (WebSocketTransport.js:118:45) at WebSocket.M (zone.js:803:43) at t.invokeTask (zone.js:434:35) at Object.onInvokeTask (core.js:28578:33) at t.invokeTask (zone.js:433:64) at e.runTask (zone.js:205:51) at e.invokeTask [as invoke] (zone.js:516:38) at m (zone.js:1656:18) at WebSocket.b (zone.js:1682:21) ``` (Tried with chrome and firefox) ### Deployment environment ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.24.0 * Web-vault version: v2.25.1 * Running within Docker: true (Base: Debian) * Environment settings overridden: true * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: false * Internet access via a proxy: false * DNS Check: false * Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Database version: 3.35.4 * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** ADMIN_TOKEN ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": false, "_enable_smtp": false, "_enable_yubico": true, "_ip_header_enabled": true, "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_max_conns": 10, "database_url": "****/**.*******", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://*****.******.**", "domain_origin": "*****://*****.******.**", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 5 * * * *", "emergency_request_timeout_schedule": "0 5 * * * *", "enable_db_wal": true, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_explicit_tls": false, "smtp_from": "*****@******.**", "smtp_from_name": "Bitwarden", "smtp_host": "****.********.***", "smtp_password": "***", "smtp_port": 465, "smtp_ssl": true, "smtp_timeout": 15, "smtp_username": "******", "templates_folder": "data/templates", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": false, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> * vaultwarden version: 2.25.1 * Install method: Docker, proxied through nginx and cloudflare * Clients used: web vault * Reverse proxy and version: nginx/1.14.2 * MySQL/MariaDB or PostgreSQL version: <!-- if applicable --> * Other relevant details: Running on an ipv6 only server (might be the reason?). ### Steps to reproduce Default vaulwarden installation using docker image provided from https://hub.docker.com/r/vaultwarden/server ### Expected behaviour Websockets to work and not throw exceptions ### Actual behaviour Websockets not working and throwing exceptions ### Troubleshooting data Already tried without cloudflare, changing up the websocket ports and setting proxy buffering to off. Docker ps: ``` CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 9396ee37d55f registry.ipv6.docker.com/vaultwarden/server:latest "/usr/bin/dumb-init …" 2 days ago Up 2 days (healthy) 0.0.0.0:3012->3012/tcp, :::3012->3012/tcp, 0.0.0.0:3001->80/tcp, :::3001->80/tcp vaultwarden ``` Nginx configuration: ``` server { listen [::]:80; server_name vault.mydomain.com; return 301 https://$host$request_uri; } server { listen [::]:443 ssl http2; server_name vault.mydomain.com; location / { proxy_pass http://[::1]:3001; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /notifications/hub { proxy_pass http://[::1]:3012; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /notifications/hub/negotiate { proxy_pass http://[::1]:3001; } ssl_certificate /etc/letsencrypt/live/vault.mydomain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/vault.mydomain.com/privkey.pem; } ```

OVERLORD closed this issue 2026-02-05 00:21:21 +03:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

cached-config-operations

test_dylint

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#1239