Not having an option to disable the websocket notification #1733

New Issue

Closed

opened 2026-02-05 01:36:11 +03:00 by OVERLORD · 5 comments

OVERLORD commented 2026-02-05 01:36:11 +03:00

Owner

Copy Link

Originally created by @lyc8503 on GitHub (Oct 14, 2023).

Subject of the issue

After updating to v1.29.0, websockets are enabled by default on the HTTP port. But I'd like to disable that.

Steps to reproduce

Just run vaultwarden, and by default it enables Rocket WS which I don't find an option disable.
setting WEBSOCKET_ENABLED to false doesn't work as it stated in https://github.com/dani-garcia/vaultwarden/wiki/Enabling-WebSocket-notifications

Expected behaviour

Having a new option to forcibly disable the websocket feature.

Your environment (Generated via diagnostics page)

• Vaultwarden version: v1.29.2
• Web-vault version: v2023.7.1
• OS/Arch: linux/x86_64
• Running within Docker: true (Base: Alpine)
• Environment settings overridden: false
• Uses a reverse proxy: true
• IP Header check: true (X-Forwarded-For)
• Internet access: false
• Internet access via a proxy: false
• DNS Check: true
• Browser/Server Time Check: true
• Server/NTP Time Check: n/a
• Domain Configuration Check: true
• HTTPS Check: true
• Database type: SQLite
• Database version: 3.41.2
• Clients used:
• Reverse proxy and version:
• Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden:

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_smtp_img_src": "cid:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "/mnt/data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "/mnt/data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "********************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://********************************************",
  "domain_origin": "*****://*******************",
  "domain_path": "*************************",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": false,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "/mnt/data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": false,
  "ip_header": "X-Forwarded-For",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "push_enabled": false,
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "/mnt/data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "/mnt/data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "******************",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "******************",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "******************",
  "templates_folder": "/mnt/data/templates",
  "tmp_folder": "/mnt/data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": false,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Originally created by @lyc8503 on GitHub (Oct 14, 2023). ### Subject of the issue After updating to v1.29.0, websockets are enabled by default on the HTTP port. But I'd like to disable that. ### Steps to reproduce Just run vaultwarden, and by default it enables Rocket WS which I don't find an option disable. setting `WEBSOCKET_ENABLED` to false doesn't work as it stated in https://github.com/dani-garcia/vaultwarden/wiki/Enabling-WebSocket-notifications ### Expected behaviour Having a new option to forcibly disable the websocket feature. ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.29.2 * Web-vault version: v2023.7.1 * OS/Arch: linux/x86_64 * Running within Docker: true (Base: Alpine) * Environment settings overridden: false * Uses a reverse proxy: true * IP Header check: true (X-Forwarded-For) * Internet access: false * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: true * Server/NTP Time Check: n/a * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Database version: 3.41.2 * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** ```json { "_duo_akey": null, "_enable_duo": true, "_enable_email_2fa": false, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_smtp_img_src": "cid:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "/mnt/data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "/mnt/data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "********************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://********************************************", "domain_origin": "*****://*******************", "domain_path": "*************************", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": false, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "/mnt/data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": false, "ip_header": "X-Forwarded-For", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "org_events_enabled": false, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 600000, "push_enabled": false, "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "/mnt/data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "/mnt/data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "******************", "smtp_from_name": "Vaultwarden", "smtp_host": "******************", "smtp_password": "***", "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "******************", "templates_folder": "/mnt/data/templates", "tmp_folder": "/mnt/data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": false, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details>

OVERLORD closed this issue 2026-02-05 01:36:14 +03:00

OVERLORD commented 2026-02-05 01:36:18 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Oct 14, 2023):

That has no use. The clients will still try to connect. So why disable it at all?

If you want to do that, just block it in the reverse proxy.
It's not going to be a good idea do block this globally in my opinion.

@BlackDex commented on GitHub (Oct 14, 2023): That has no use. The clients will still try to connect. So why disable it at all? If you want to do that, just block it in the reverse proxy. It's not going to be a good idea do block this globally in my opinion.

OVERLORD commented 2026-02-05 01:36:21 +03:00

Author

Owner

Copy Link

@lyc8503 commented on GitHub (Oct 14, 2023):

Isn't there a way to tell the client there's no websocket support?

I have already tried to block the request in the reverse proxy and it worked, but I think maybe an option could be better.

I am deploying vaultwarden to a serverless platform, and it works well until the v1.29.0 update.
Websocket connections keeps the instance from sleeping and can cost a lot.

@lyc8503 commented on GitHub (Oct 14, 2023): Isn't there a way to tell the client there's no websocket support? I have already tried to block the request in the reverse proxy and it worked, but I think maybe an option could be better. I am deploying vaultwarden to a serverless platform, and it works well until the v1.29.0 update. Websocket connections keeps the instance from sleeping and can cost a lot.

OVERLORD commented 2026-02-05 01:36:26 +03:00

Author

Owner

Copy Link

@NorthShad0w commented on GitHub (Oct 18, 2023):

@lyc8503 how did you block the /notifications/hub requests? I alse deployed the vaultwarden to the aliyun. Didn't find a way. Now I just set the timeout to 1 second to reduce the cost.

@NorthShad0w commented on GitHub (Oct 18, 2023): @lyc8503 how did you block the `/notifications/hub` requests? I alse deployed the vaultwarden to the aliyun. Didn't find a way. Now I just set the timeout to `1` second to reduce the cost.

OVERLORD commented 2026-02-05 01:36:29 +03:00

Author

Owner

Copy Link

@lyc8503 commented on GitHub (Oct 18, 2023):

@lyc8503 how did you block the /notifications/hub requests? I alse deployed the vaultwarden to the aliyun. Didn't find a way. Now I just set the timeout to 0.1 second to reduce the cost.

It seems that deploying to serverless platforms like aliyun is not officially supported. So I use a little hack: I just bound the /notifications/hub path to another function which doesn't support websocket, then requests to that endpoint will be rejected by aliyun and costs nothing.

@lyc8503 commented on GitHub (Oct 18, 2023): > @lyc8503 how did you block the `/notifications/hub` requests? I alse deployed the vaultwarden to the aliyun. Didn't find a way. Now I just set the timeout to 0.1 second to reduce the cost. It seems that deploying to serverless platforms like aliyun is not officially supported. So I use a little hack: I just bound the `/notifications/hub` path to another function which doesn't support websocket, then requests to that endpoint will be rejected by aliyun and costs nothing. 

OVERLORD commented 2026-02-05 01:36:35 +03:00

Author

Owner

Copy Link

@lyc8503 commented on GitHub (Oct 18, 2023):

As maintainers are not interested in this feature, closing this issue for now.

Workaround: block requests to /notifications/hub via reverse proxy or some platform-specific config

@lyc8503 commented on GitHub (Oct 18, 2023): As maintainers are not interested in this feature, closing this issue for now. Workaround: block requests to `/notifications/hub` via reverse proxy or some platform-specific config

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

cached-config-operations

test_dylint

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#1733