starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-02-05 00:29:40 +03:00
Code Issues 32 Packages Projects Releases 10 Wiki Activity

Websocket connection errors #1418

New Issue
Closed
opened 2026-02-05 00:53:38 +03:00 by OVERLORD · 0 comments
OVERLORD commented 2026-02-05 00:53:38 +03:00
Owner
Copy Link

Originally created by @super-ben on GitHub (Dec 3, 2022).

Subject of the issue

Can't seem to make the reverse proxy serve websocket connections, no matter the seemingly correct parameters.

Deployment environment

Your environment (Generated via diagnostics page)

  • Vaultwarden version: v1.26.0
  • Web-vault version: v2022.10.0
  • Running within Docker: true (Base: Debian)
  • Environment settings overridden: true
  • Uses a reverse proxy: true
  • IP Header check: true (X-Real-IP)
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • Time Check: true
  • Domain Configuration Check: true
  • HTTPS Check: true
  • Database type: SQLite
  • Database version: 3.35.4
  • Clients used:
  • Reverse proxy and version:
  • Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden: DOMAIN, SIGNUPS_ALLOWED, ADMIN_TOKEN, SMTP_HOST, SMTP_SECURITY, SMTP_PORT, SMTP_FROM, SMTP_USERNAME, SMTP_PASSWORD

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "****/**.*******",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://******.***********.**",
  "domain_origin": "*****://******.***********.**",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 5 * * * *",
  "emergency_request_timeout_schedule": "0 5 * * * *",
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "password_hints_allowed": true,
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": true,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_explicit_tls": null,
  "smtp_from": "********@*****.***",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "****.*****.***",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": true,
  "smtp_timeout": 15,
  "smtp_username": "********@*****.***",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

  • Install method: docker-compose

  • Clients used:

  • Reverse proxy and version: nginx/1.18.0

  • MySQL/MariaDB or PostgreSQL version:

  • Other relevant details: the relevant parts of my current reverse proxy configuration (only the certs and log sections are missing)(also, I'm using one of the example from the wiki)

upstream vaultwarden-default {
  zone vaultwarden-default 64k;
  server 127.0.0.1:8084;
  keepalive 2;
}
upstream vaultwarden-ws {
  zone vaultwarden-ws 64k;
  server 127.0.0.1:3012;
  keepalive 2;
}

server {
    listen 80;
    listen [::]:80;
    server_name warden.domain.tld;
    return 301 https://$host$request_uri;
}

server {
    listen [::]:443 ssl http2; # managed by Certbot
    listen 443 ssl http2;
    server_name warden.domain.tld;

    proxy_read_timeout 720s;
    proxy_connect_timeout 720s;
    proxy_send_timeout 720s;

    client_max_body_size 128m;

    location / {
      proxy_http_version 1.1;
      proxy_set_header "Connection" "";

      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_pass http://vaultwarden-default;
    }

    location /notifications/hub/negotiate {
      proxy_http_version 1.1;
      proxy_set_header "Connection" "";

      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_pass http://vaultwarden-default;
    }

    location /notifications/hub {
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";

      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Forwarded $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_pass http://vaultwarden-ws;
    }
	
}

My docker-compose.yml:

version: '3.9'
services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    volumes:
      - ./vw-data/:/data/
    env_file: ./.env
    environment:
      - ADMIN_TOKEN=${ADMIN_TOKEN}
      - WEBSOCKET_ENABLED=${WEBSOCKET_ENABLED}
      - SIGNUPS_ALLOWED=${SIGNUPS_ALLOWED}
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_FROM=${SMTP_FROM}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_SSL=${SMTP_SSL}
      - SMTP_USERNAME=${SMTP_USERNAME}
      - SMTP_PASSWORD=${SMTP_PASSWORD}
      - DOMAIN=${DOMAIN}
    ports:
      - 8084:80
    restart: always

My .env file:

ADMIN_TOKEN=MyAdminToken
WEBSOCKET_ENABLED=true
SIGNUPS_ALLOWED=false
SMTP_HOST=smtp.gmail.com 
SMTP_FROM=xxxx@gmail.com
SMTP_PORT=587
SMTP_SSL=true
SMTP_SECURITY=starttls
SMTP_USERNAME=xxxx@gmail.com
SMTP_PASSWORD=apppassword
DOMAIN=https://warden.domain.tld

Steps to reproduce

I simply started using Vaultwarden today and noticed the errors in the logs (will provide examples later)

Expected behaviour

Working websocket connections. :)

Actual behaviour

I see 502 errors in every logs, for example, the nginx error log:

2022/12/02 21:56:50 [error] 863114#863114: *59307 connect() failed (111: Unknown error) while connecting to upstream, client: myip, server: warden.domain.tld, request: "GET /notifications/hub?access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJuYmYiOjE2NzAwMTMxNTUsImV4cCI6MTY3MDAyMDM1NSwiaXNzIjoiaHR0cHM6Ly93YXJkZW4ubXVoZWx5c3pvYmEuaHV8bG9naW4iLCJzdWIiOiI2Y2I3MDAwOC01MzYwLTQ0OGYtYjA2NC0xMTczZjFjODg0MjEiLCJwcmVtaXVtIjp0cnVlLCJuYW1lIjoiQmVuY2UgQmFnaSIsImVtYWlsIjoiYmVuY2VAbXVoZWx5c3pvYmEuaHUiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwib3Jnb3duZXIiOltdLCJvcmdhZG1pbiI6W10sIm9yZ3VzZXIiOltdLCJvcmdtYW5hZ2VyIjpbXSwic3N0YW1wIjoiODI0NTcwMmMtOWFlYS00MWIwLWEyMjItMTlkOWU0Yzc2MzM0IiwiZGV2aWNlIjoiN2QxYzk5NmItNWJmMi00NzA4LWJiYmUtMTZkOWY3YTQ4YmQ3Iiwic2NvcGUiOlsiYXBpIiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbIkFwcGxpY2F0aW9uIl19.fvtjqFcn2VQy5-iojep0tOFYEYV7iT8vx7c0z8hRC-cUTbgJTv9KESg0FeydfYxiClOHL961jOWLF5fOdbHcEnRPEI9HewSOd_5Nh8-uN4q5TOIP8T-3j46RBPe076IBQ2FSa55XtFy6CXW-FLlN4hgqs7cohzSSIXCsmMFndCnEp7iAVCj1EcGMUEjQqaPcZSxwvUgYuyZNOCaXCIMJimmM0Q7LGUXIpswj9CdgHZjn8f7fjpoUrcjc-aGJRJImv1BTDbCNRlpOThQyVECHkKLPleS1plxhdgJviSEODbsDzRc3TqF_WYrOHx1fjycdrtvi3DWis2Fm33D0YDs6Dg HTTP/1.1", upstream: "http://127.0.0.1:3012/notifications/hub?access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJuYmYiOjE2NzAwMTMxNTUsImV4cCI6MTY3MDAyMDM1NSwiaXNzIjoiaHR0cHM6Ly93YXJkZW4ubXVoZWx5c3pvYmEuaHV8bG9naW4iLCJzdWIiOiI2Y2I3MDAwOC01MzYwLTQ0OGYtYjA2NC0xMTczZjFjODg0MjEiLCJwcmVtaXVtIjp0cnVlLCJuYW1lIjoiQmVuY2UgQmFnaSIsImVtYWlsIjoiYmVuY2VAbXVoZWx5c3pvYmEuaHUiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwib3Jnb3duZXIiOltdLCJvcmdhZG1pbiI6W10sIm9yZ3VzZXIiOltdLCJvcmdtYW5hZ2VyIjpbXSwic3N0YW1wIjoiODI0NTcwMmMtOWFlYS00MWIwLWEyMjItMTlkOWU0Yzc2MzM0IiwiZGV2aWNlIjoiN2QxYzk5NmItNWJmMi00NzA4LWJiYmUtMTZkOWY3YTQ4YmQ3Iiwic2NvcGUiOlsiYXBpIiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbIkFwcGxpY2F0aW9uIl19.fvtjqFcn2VQy5-iojep0tOFYEYV7iT8vx7c0z8hRC-cUTbgJTv9KESg0FeydfYxiClOHL961jOWLF5fOdbHcEnRPEI9HewSOd_5Nh8-uN4q5TOIP8T-3j46RBPe076IBQ2FSa55XtFy6CXW-FLlN4hgqs7cohzSSIXCsmMFndCnEp7iAVCj1EcGMUEjQqaPcZSxwvUgYuyZNOCaXCIMJimmM

In the access log:

myip - - [02/Dec/2022:21:56:42 +0100] "GET /notifications/hub HTTP/2.0" 502 166 "-" "Mozilla/5.0 (Windows NT 10.0; rv:107.0) Gecko/20100101 Firefox/107.0"
myip - - [02/Dec/2022:21:56:50 +0100] "GET /notifications/hub?access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJuYmYiOjE2NzAwMTMxNTUsImV4cCI6MTY3MDAyMDM1NSwiaXNzIjoiaHR0cHM6Ly93YXJkZW4ubXVoZWx5c3pvYmEuaHV8bG9naW4iLCJzdWIiOiI2Y2I3MDAwOC01MzYwLTQ0OGYtYjA2NC0xMTczZjFjODg0MjEiLCJwcmVtaXVtIjp0cnVlLCJuYW1lIjoiQmVuY2UgQmFnaSIsImVtYWlsIjoiYmVuY2VAbXVoZWx5c3pvYmEuaHUiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwib3Jnb3duZXIiOltdLCJvcmdhZG1pbiI6W10sIm9yZ3VzZXIiOltdLCJvcmdtYW5hZ2VyIjpbXSwic3N0YW1wIjoiODI0NTcwMmMtOWFlYS00MWIwLWEyMjItMTlkOWU0Yzc2MzM0IiwiZGV2aWNlIjoiN2QxYzk5NmItNWJmMi00NzA4LWJiYmUtMTZkOWY3YTQ4YmQ3Iiwic2NvcGUiOlsiYXBpIiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbIkFwcGxpY2F0aW9uIl19.fvtjqFcn2VQy5-iojep0tOFYEYV7iT8vx7c0z8hRC-cUTbgJTv9KESg0FeydfYxiClOHL961jOWLF5fOdbHcEnRPEI9HewSOd_5Nh8-uN4q5TOIP8T-3j46RBPe076IBQ2FSa55XtFy6CXW-FLlN4hgqs7cohzSSIXCsmMFndCnEp7iAVCj1EcGMUEjQqaPcZSxwvUgYuyZNOCaXCIMJimmM0Q7LGUXIpswj9CdgHZjn8f7fjpoUrcjc-aGJRJImv1BTDbCNRlpOThQyVECHkKLPleS1plxhdgJviSEODbsDzRc3TqF_WYrOHx1fjycdrtvi3DWis2Fm33D0YDs6Dg HTTP/1.1" 502 166 "-" "Mozilla/5.0 (Windows NT 10.0; rv:107.0) Gecko/20100101 Firefox/107.0"

Docker logs:

[2022-12-02 21:27:13.872][vaultwarden::api::notifications][ERROR] 
    ###########################################################
    '/notifications/hub' should be proxied to the websocket server or notifications won't work.
    Go to the Wiki for more info, or disable WebSockets setting WEBSOCKET_ENABLED=false.
    ###########################################################################################

Also, when I look up https://warden.domain.tld/notifications/hub in my browser, I get a 502 error right away.

If I check inside the container, I get this:

docker exec -it vaultwarden curl 127.0.0.1:3012
curl: (52) Empty reply from server

Troubleshooting data

I tried multiple different websocket configs (from the examples in the wiki, from my previous configs, etc), with no prevail.

I would be grateful for any pointers.

Originally created by @super-ben on GitHub (Dec 3, 2022). ### Subject of the issue Can't seem to make the reverse proxy serve websocket connections, no matter the seemingly correct parameters. ### Deployment environment ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.26.0 * Web-vault version: v2022.10.0 * Running within Docker: true (Base: Debian) * Environment settings overridden: true * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Database version: 3.35.4 * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** DOMAIN, SIGNUPS_ALLOWED, ADMIN_TOKEN, SMTP_HOST, SMTP_SECURITY, SMTP_PORT, SMTP_FROM, SMTP_USERNAME, SMTP_PASSWORD ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "****/**.*******", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://******.***********.**", "domain_origin": "*****://******.***********.**", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 5 * * * *", "emergency_request_timeout_schedule": "0 5 * * * *", "enable_db_wal": true, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "password_hints_allowed": true, "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": true, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_explicit_tls": null, "smtp_from": "********@*****.***", "smtp_from_name": "Vaultwarden", "smtp_host": "****.*****.***", "smtp_password": "***", "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": true, "smtp_timeout": 15, "smtp_username": "********@*****.***", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": true, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> * Install method: docker-compose * Clients used: <!-- web vault, desktop, Android, iOS, etc. (if applicable) --> * Reverse proxy and version: nginx/1.18.0 * MySQL/MariaDB or PostgreSQL version: <!-- if applicable --> * Other relevant details: the relevant parts of my current reverse proxy configuration (only the certs and log sections are missing)(also, I'm using one of the example from the wiki) ```shell upstream vaultwarden-default { zone vaultwarden-default 64k; server 127.0.0.1:8084; keepalive 2; } upstream vaultwarden-ws { zone vaultwarden-ws 64k; server 127.0.0.1:3012; keepalive 2; } server { listen 80; listen [::]:80; server_name warden.domain.tld; return 301 https://$host$request_uri; } server { listen [::]:443 ssl http2; # managed by Certbot listen 443 ssl http2; server_name warden.domain.tld; proxy_read_timeout 720s; proxy_connect_timeout 720s; proxy_send_timeout 720s; client_max_body_size 128m; location / { proxy_http_version 1.1; proxy_set_header "Connection" ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://vaultwarden-default; } location /notifications/hub/negotiate { proxy_http_version 1.1; proxy_set_header "Connection" ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://vaultwarden-default; } location /notifications/hub { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Forwarded $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://vaultwarden-ws; } } ``` My docker-compose.yml: ```yaml version: '3.9' services: vaultwarden: image: vaultwarden/server:latest container_name: vaultwarden volumes: - ./vw-data/:/data/ env_file: ./.env environment: - ADMIN_TOKEN=${ADMIN_TOKEN} - WEBSOCKET_ENABLED=${WEBSOCKET_ENABLED} - SIGNUPS_ALLOWED=${SIGNUPS_ALLOWED} - SMTP_HOST=${SMTP_HOST} - SMTP_FROM=${SMTP_FROM} - SMTP_PORT=${SMTP_PORT} - SMTP_SSL=${SMTP_SSL} - SMTP_USERNAME=${SMTP_USERNAME} - SMTP_PASSWORD=${SMTP_PASSWORD} - DOMAIN=${DOMAIN} ports: - 8084:80 restart: always ``` My .env file: ```shell ADMIN_TOKEN=MyAdminToken WEBSOCKET_ENABLED=true SIGNUPS_ALLOWED=false SMTP_HOST=smtp.gmail.com SMTP_FROM=xxxx@gmail.com SMTP_PORT=587 SMTP_SSL=true SMTP_SECURITY=starttls SMTP_USERNAME=xxxx@gmail.com SMTP_PASSWORD=apppassword DOMAIN=https://warden.domain.tld ``` ### Steps to reproduce I simply started using Vaultwarden today and noticed the errors in the logs (will provide examples later) ### Expected behaviour Working websocket connections. :) ### Actual behaviour I see 502 errors in every logs, for example, the nginx error log: ```shell 2022/12/02 21:56:50 [error] 863114#863114: *59307 connect() failed (111: Unknown error) while connecting to upstream, client: myip, server: warden.domain.tld, request: "GET /notifications/hub?access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJuYmYiOjE2NzAwMTMxNTUsImV4cCI6MTY3MDAyMDM1NSwiaXNzIjoiaHR0cHM6Ly93YXJkZW4ubXVoZWx5c3pvYmEuaHV8bG9naW4iLCJzdWIiOiI2Y2I3MDAwOC01MzYwLTQ0OGYtYjA2NC0xMTczZjFjODg0MjEiLCJwcmVtaXVtIjp0cnVlLCJuYW1lIjoiQmVuY2UgQmFnaSIsImVtYWlsIjoiYmVuY2VAbXVoZWx5c3pvYmEuaHUiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwib3Jnb3duZXIiOltdLCJvcmdhZG1pbiI6W10sIm9yZ3VzZXIiOltdLCJvcmdtYW5hZ2VyIjpbXSwic3N0YW1wIjoiODI0NTcwMmMtOWFlYS00MWIwLWEyMjItMTlkOWU0Yzc2MzM0IiwiZGV2aWNlIjoiN2QxYzk5NmItNWJmMi00NzA4LWJiYmUtMTZkOWY3YTQ4YmQ3Iiwic2NvcGUiOlsiYXBpIiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbIkFwcGxpY2F0aW9uIl19.fvtjqFcn2VQy5-iojep0tOFYEYV7iT8vx7c0z8hRC-cUTbgJTv9KESg0FeydfYxiClOHL961jOWLF5fOdbHcEnRPEI9HewSOd_5Nh8-uN4q5TOIP8T-3j46RBPe076IBQ2FSa55XtFy6CXW-FLlN4hgqs7cohzSSIXCsmMFndCnEp7iAVCj1EcGMUEjQqaPcZSxwvUgYuyZNOCaXCIMJimmM0Q7LGUXIpswj9CdgHZjn8f7fjpoUrcjc-aGJRJImv1BTDbCNRlpOThQyVECHkKLPleS1plxhdgJviSEODbsDzRc3TqF_WYrOHx1fjycdrtvi3DWis2Fm33D0YDs6Dg HTTP/1.1", upstream: "http://127.0.0.1:3012/notifications/hub?access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJuYmYiOjE2NzAwMTMxNTUsImV4cCI6MTY3MDAyMDM1NSwiaXNzIjoiaHR0cHM6Ly93YXJkZW4ubXVoZWx5c3pvYmEuaHV8bG9naW4iLCJzdWIiOiI2Y2I3MDAwOC01MzYwLTQ0OGYtYjA2NC0xMTczZjFjODg0MjEiLCJwcmVtaXVtIjp0cnVlLCJuYW1lIjoiQmVuY2UgQmFnaSIsImVtYWlsIjoiYmVuY2VAbXVoZWx5c3pvYmEuaHUiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwib3Jnb3duZXIiOltdLCJvcmdhZG1pbiI6W10sIm9yZ3VzZXIiOltdLCJvcmdtYW5hZ2VyIjpbXSwic3N0YW1wIjoiODI0NTcwMmMtOWFlYS00MWIwLWEyMjItMTlkOWU0Yzc2MzM0IiwiZGV2aWNlIjoiN2QxYzk5NmItNWJmMi00NzA4LWJiYmUtMTZkOWY3YTQ4YmQ3Iiwic2NvcGUiOlsiYXBpIiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbIkFwcGxpY2F0aW9uIl19.fvtjqFcn2VQy5-iojep0tOFYEYV7iT8vx7c0z8hRC-cUTbgJTv9KESg0FeydfYxiClOHL961jOWLF5fOdbHcEnRPEI9HewSOd_5Nh8-uN4q5TOIP8T-3j46RBPe076IBQ2FSa55XtFy6CXW-FLlN4hgqs7cohzSSIXCsmMFndCnEp7iAVCj1EcGMUEjQqaPcZSxwvUgYuyZNOCaXCIMJimmM ``` In the access log: ```shell myip - - [02/Dec/2022:21:56:42 +0100] "GET /notifications/hub HTTP/2.0" 502 166 "-" "Mozilla/5.0 (Windows NT 10.0; rv:107.0) Gecko/20100101 Firefox/107.0" myip - - [02/Dec/2022:21:56:50 +0100] "GET /notifications/hub?access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJuYmYiOjE2NzAwMTMxNTUsImV4cCI6MTY3MDAyMDM1NSwiaXNzIjoiaHR0cHM6Ly93YXJkZW4ubXVoZWx5c3pvYmEuaHV8bG9naW4iLCJzdWIiOiI2Y2I3MDAwOC01MzYwLTQ0OGYtYjA2NC0xMTczZjFjODg0MjEiLCJwcmVtaXVtIjp0cnVlLCJuYW1lIjoiQmVuY2UgQmFnaSIsImVtYWlsIjoiYmVuY2VAbXVoZWx5c3pvYmEuaHUiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwib3Jnb3duZXIiOltdLCJvcmdhZG1pbiI6W10sIm9yZ3VzZXIiOltdLCJvcmdtYW5hZ2VyIjpbXSwic3N0YW1wIjoiODI0NTcwMmMtOWFlYS00MWIwLWEyMjItMTlkOWU0Yzc2MzM0IiwiZGV2aWNlIjoiN2QxYzk5NmItNWJmMi00NzA4LWJiYmUtMTZkOWY3YTQ4YmQ3Iiwic2NvcGUiOlsiYXBpIiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbIkFwcGxpY2F0aW9uIl19.fvtjqFcn2VQy5-iojep0tOFYEYV7iT8vx7c0z8hRC-cUTbgJTv9KESg0FeydfYxiClOHL961jOWLF5fOdbHcEnRPEI9HewSOd_5Nh8-uN4q5TOIP8T-3j46RBPe076IBQ2FSa55XtFy6CXW-FLlN4hgqs7cohzSSIXCsmMFndCnEp7iAVCj1EcGMUEjQqaPcZSxwvUgYuyZNOCaXCIMJimmM0Q7LGUXIpswj9CdgHZjn8f7fjpoUrcjc-aGJRJImv1BTDbCNRlpOThQyVECHkKLPleS1plxhdgJviSEODbsDzRc3TqF_WYrOHx1fjycdrtvi3DWis2Fm33D0YDs6Dg HTTP/1.1" 502 166 "-" "Mozilla/5.0 (Windows NT 10.0; rv:107.0) Gecko/20100101 Firefox/107.0" ``` Docker logs: ```shell [2022-12-02 21:27:13.872][vaultwarden::api::notifications][ERROR] ########################################################### '/notifications/hub' should be proxied to the websocket server or notifications won't work. Go to the Wiki for more info, or disable WebSockets setting WEBSOCKET_ENABLED=false. ########################################################################################### ``` Also, when I look up https://warden.domain.tld/notifications/hub in my browser, I get a 502 error right away. If I check inside the container, I get this: ```shell docker exec -it vaultwarden curl 127.0.0.1:3012 curl: (52) Empty reply from server ``` ### Troubleshooting data I tried multiple different websocket configs (from the examples in the wiki, from my previous configs, etc), with no prevail. I would be grateful for any pointers.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
troubleshooting
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#1418
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?