Authorization header not being sent #176

New Issue

Closed

opened 2026-02-04 18:14:03 +03:00 by OVERLORD · 16 comments

OVERLORD commented 2026-02-04 18:14:03 +03:00

Owner

Copy Link

Originally created by @Xinayder on GitHub (Jan 7, 2019).

I've just installed the application with Docker and added it to my docker-compose.yml file, correctly mounting the storage volume and configuring some environment variables for it to work with my nginx reverse proxy container.

After I rebooted my server, I realized that all of my passwords are now gone. Doing a quick check in the "persistent" storage path revealed that the previous database is still there, intact, and there are 2 other sqlite databases, named db.sqlite3-shm and db.sqlite3-wal, respectively.

It's weird because all of my passwords are gone and the database seems to be intact. I have no idea what to do because all I did was reboot the server.

Log: https://pastebin.com/raw/j0UfnbLH

EDIT: I forgot to mention that my user and my preferences are still there, but my passwords are gone.

Originally created by @Xinayder on GitHub (Jan 7, 2019). I've just installed the application with Docker and added it to my `docker-compose.yml` file, correctly mounting the storage volume and configuring some environment variables for it to work with my nginx reverse proxy container. After I rebooted my server, I realized that all of my passwords are now gone. Doing a quick check in the "persistent" storage path revealed that the previous database is still there, intact, and there are 2 other sqlite databases, named `db.sqlite3-shm` and `db.sqlite3-wal`, respectively. It's weird because all of my passwords are gone and the database seems to be intact. I have no idea what to do because all I did was reboot the server. Log: https://pastebin.com/raw/j0UfnbLH EDIT: I forgot to mention that my user and my preferences are still there, but my passwords are gone.

OVERLORD closed this issue 2026-02-04 18:14:03 +03:00

OVERLORD commented 2026-02-04 18:14:16 +03:00

Author

Owner

Copy Link

@dani-garcia commented on GitHub (Jan 7, 2019):

My first thought was running with different environment variables or a different mount point but if your user is there, that means at least that was saved correctly, so I'm not sure why the passwords don't appear.

Can you try running sqlite3 path_to_data/db.sqlite3 "select * from ciphers;"? That needs to be run outside the container, and you'll need sqlite installed.

A reboot shouldn't delete your data, unless you rebooted in the middle of a transaction.

@dani-garcia commented on GitHub (Jan 7, 2019): My first thought was running with different environment variables or a different mount point but if your user is there, that means at least that was saved correctly, so I'm not sure why the passwords don't appear. Can you try running `sqlite3 path_to_data/db.sqlite3 "select * from ciphers;"`? That needs to be run outside the container, and you'll need sqlite installed. A reboot shouldn't delete your data, unless you rebooted in the middle of a transaction.

OVERLORD commented 2026-02-04 18:14:21 +03:00

Author

Owner

Copy Link

@Xinayder commented on GitHub (Jan 7, 2019):

Well, it seems like everything is still here, but the web vault isn't showing it. I just tried the bitwarden mobile app and everything is there.

@Xinayder commented on GitHub (Jan 7, 2019): Well, it seems like everything is still here, but the web vault isn't showing it. I just tried the bitwarden mobile app and everything is there.

OVERLORD commented 2026-02-04 18:14:28 +03:00

Author

Owner

Copy Link

@dani-garcia commented on GitHub (Jan 7, 2019):

That's even stranger. Do you get any error message in the web browsers console?

@dani-garcia commented on GitHub (Jan 7, 2019): That's even stranger. Do you get any error message in the web browsers console?

OVERLORD commented 2026-02-04 18:14:32 +03:00

Author

Owner

Copy Link

@Xinayder commented on GitHub (Jan 7, 2019):

EDIT: the url is blurred for privacy reasons

@Xinayder commented on GitHub (Jan 7, 2019):  EDIT: the url is blurred for privacy reasons

OVERLORD commented 2026-02-04 18:14:40 +03:00

Author

Owner

Copy Link

@dani-garcia commented on GitHub (Jan 7, 2019):

And from the network tab, what is the response to that /api/sync call?

@dani-garcia commented on GitHub (Jan 7, 2019): And from the network tab, what is the response to that /api/sync call?

OVERLORD commented 2026-02-04 18:14:45 +03:00

Author

Owner

Copy Link

@Xinayder commented on GitHub (Jan 7, 2019):

401 Unauthorized.

This is weird. I think this is due to my current setup trying to make my DDNS domain work in my local network, using dnsmasq.

@Xinayder commented on GitHub (Jan 7, 2019): 401 Unauthorized. This is weird. I think this is due to my current setup trying to make my DDNS domain work in my local network, using dnsmasq.

OVERLORD commented 2026-02-04 18:14:49 +03:00

Author

Owner

Copy Link

@dani-garcia commented on GitHub (Jan 7, 2019):

Try deleting all your cookies for the domain and logging in again. Or maybe try a different browser. Domain shouldn't affect it really.

@dani-garcia commented on GitHub (Jan 7, 2019): Try deleting all your cookies for the domain and logging in again. Or maybe try a different browser. Domain shouldn't affect it really.

OVERLORD commented 2026-02-04 18:14:51 +03:00

Author

Owner

Copy Link

@Xinayder commented on GitHub (Jan 7, 2019):

I already tried it. It's something with my custom DNS server. However, I can't find any difference in the requests made by different IPs (i.e. internal and external). The response is the same, but the status code for internal IP is 401 whilst the status code for the external IP is 200. Headers are equal.

EDIT: Okay, it's not sending the Authorization header if I access it via my local network, using the DDNS.
EDIT2:

bitwarden      | [2019-01-07 01:11:04][rocket::rocket][INFO] GET /api/sync?excludeDomains=true text/html:
bitwarden      | [2019-01-07 01:11:04][_][INFO] Matched: GET /api/sync?<data..> (sync)
bitwarden      | [2019-01-07 01:11:04][_][INFO] Outcome: Failure
bitwarden      | [2019-01-07 01:11:04][_][WARN] Responding with 401 Unauthorized catcher.
bitwarden      | [2019-01-07 01:11:04][_][INFO] Response succeeded.
bitwarden      | [2019-01-07 01:11:05][rocket::rocket][INFO] GET /service-worker.js text/html:
bitwarden      | [2019-01-07 01:11:05][_][INFO] Matched: GET /<p..> (web_files)
bitwarden      | [2019-01-07 01:11:05][_][ERROR] Response was a non-`Responder` `Err`: Os { code: 2, kind: NotFound, message: "No such file or directory" }.
bitwarden      | [2019-01-07 01:11:05][_][INFO] Outcome: Failure
bitwarden      | [2019-01-07 01:11:05][_][WARN] Responding with 500 Internal Server Error catcher.
bitwarden      | [2019-01-07 01:11:05][_][INFO] Response succeeded.
bitwarden      | [2019-01-07 01:13:04][rocket::rocket][INFO] POST /notifications/hub/negotiate text/plain; charset=UTF-8:
bitwarden      | [2019-01-07 01:13:04][_][INFO] Matched: POST /notifications/hub/negotiate (negotiate)
bitwarden      | [2019-01-07 01:13:04][_][INFO] Outcome: Success
bitwarden      | [2019-01-07 01:13:04][_][INFO] Response succeeded.
bitwarden      | [2019-01-07 01:13:05][rocket::rocket][INFO] GET /service-worker.js text/html:
bitwarden      | [2019-01-07 01:13:05][_][INFO] Matched: GET /<p..> (web_files)
bitwarden      | [2019-01-07 01:13:05][_][ERROR] Response was a non-`Responder` `Err`: Os { code: 2, kind: NotFound, message: "No such file or directory" }.
bitwarden      | [2019-01-07 01:13:05][_][INFO] Outcome: Failure
bitwarden      | [2019-01-07 01:13:05][_][WARN] Responding with 500 Internal Server Error catcher.
bitwarden      | [2019-01-07 01:13:05][_][INFO] Response succeeded.
bitwarden      | [2019-01-07 01:13:09][rocket::rocket][INFO] POST /notifications/hub/negotiate text/plain; charset=UTF-8:
bitwarden      | [2019-01-07 01:13:09][_][INFO] Matched: POST /notifications/hub/negotiate (negotiate)
bitwarden      | [2019-01-07 01:13:09][_][INFO] Outcome: Success
bitwarden      | [2019-01-07 01:13:09][_][INFO] Response succeeded.

@Xinayder commented on GitHub (Jan 7, 2019): I already tried it. It's something with my custom DNS server. However, I can't find any difference in the requests made by different IPs (i.e. internal and external). The response is the same, but the status code for internal IP is 401 whilst the status code for the external IP is 200. Headers are equal. EDIT: Okay, it's not sending the `Authorization` header if I access it via my local network, using the DDNS. EDIT2: ``` bitwarden | [2019-01-07 01:11:04][rocket::rocket][INFO] GET /api/sync?excludeDomains=true text/html: bitwarden | [2019-01-07 01:11:04][_][INFO] Matched: GET /api/sync?<data..> (sync) bitwarden | [2019-01-07 01:11:04][_][INFO] Outcome: Failure bitwarden | [2019-01-07 01:11:04][_][WARN] Responding with 401 Unauthorized catcher. bitwarden | [2019-01-07 01:11:04][_][INFO] Response succeeded. bitwarden | [2019-01-07 01:11:05][rocket::rocket][INFO] GET /service-worker.js text/html: bitwarden | [2019-01-07 01:11:05][_][INFO] Matched: GET /<p..> (web_files) bitwarden | [2019-01-07 01:11:05][_][ERROR] Response was a non-`Responder` `Err`: Os { code: 2, kind: NotFound, message: "No such file or directory" }. bitwarden | [2019-01-07 01:11:05][_][INFO] Outcome: Failure bitwarden | [2019-01-07 01:11:05][_][WARN] Responding with 500 Internal Server Error catcher. bitwarden | [2019-01-07 01:11:05][_][INFO] Response succeeded. bitwarden | [2019-01-07 01:13:04][rocket::rocket][INFO] POST /notifications/hub/negotiate text/plain; charset=UTF-8: bitwarden | [2019-01-07 01:13:04][_][INFO] Matched: POST /notifications/hub/negotiate (negotiate) bitwarden | [2019-01-07 01:13:04][_][INFO] Outcome: Success bitwarden | [2019-01-07 01:13:04][_][INFO] Response succeeded. bitwarden | [2019-01-07 01:13:05][rocket::rocket][INFO] GET /service-worker.js text/html: bitwarden | [2019-01-07 01:13:05][_][INFO] Matched: GET /<p..> (web_files) bitwarden | [2019-01-07 01:13:05][_][ERROR] Response was a non-`Responder` `Err`: Os { code: 2, kind: NotFound, message: "No such file or directory" }. bitwarden | [2019-01-07 01:13:05][_][INFO] Outcome: Failure bitwarden | [2019-01-07 01:13:05][_][WARN] Responding with 500 Internal Server Error catcher. bitwarden | [2019-01-07 01:13:05][_][INFO] Response succeeded. bitwarden | [2019-01-07 01:13:09][rocket::rocket][INFO] POST /notifications/hub/negotiate text/plain; charset=UTF-8: bitwarden | [2019-01-07 01:13:09][_][INFO] Matched: POST /notifications/hub/negotiate (negotiate) bitwarden | [2019-01-07 01:13:09][_][INFO] Outcome: Success bitwarden | [2019-01-07 01:13:09][_][INFO] Response succeeded. ```

OVERLORD commented 2026-02-04 18:14:51 +03:00

Author

Owner

Copy Link

@dani-garcia commented on GitHub (Jan 7, 2019):

I'm not sure why that could be happening, to be honest. I uploaded a new commit to print a more detailed error message when hitting the unauthorized point, in case it helps.

Is the proxy stripping the headers?

Edit: I'm going to bed now, I'll try to help more tomorrow if the issue persists

@dani-garcia commented on GitHub (Jan 7, 2019): I'm not sure why that could be happening, to be honest. I uploaded a new commit to print a more detailed error message when hitting the unauthorized point, in case it helps. Is the proxy stripping the headers? Edit: I'm going to bed now, I'll try to help more tomorrow if the issue persists

OVERLORD commented 2026-02-04 18:14:56 +03:00

Author

Owner

Copy Link

@Xinayder commented on GitHub (Jan 7, 2019):

I don't know, it just tells me that it sent a 401 to the client. I'm trying to enable logs in the reverse proxy container, which uses a slightly modified version of this https://github.com/jwilder/nginx-proxy

@Xinayder commented on GitHub (Jan 7, 2019): I don't know, it just tells me that it sent a 401 to the client. I'm trying to enable logs in the reverse proxy container, which uses a slightly modified version of this https://github.com/jwilder/nginx-proxy

OVERLORD commented 2026-02-04 18:15:02 +03:00

Author

Owner

Copy Link

@Xinayder commented on GitHub (Jan 7, 2019):

Alright, I've managed to temporarily fix it for now. I have other containerized services running in my server, such as The Lounge, and when I rebooted my server, I tried to access the web vault and it redirected me to The Lounge (weird, because I don't have any fallback host setup in the reverse proxy container). I restarted the bitwarden container and it worked, until I tried to login.

I kept deleting local storage and realized that every time I logged in, some assets from The Lounge would appear in cache. So, I simply cleared the cache for the domain and it's working again. There's still one error in the console, though, but the vault works!

@Xinayder commented on GitHub (Jan 7, 2019): Alright, I've managed to temporarily fix it for now. I have other containerized services running in my server, such as [The Lounge](https://thelounge.chat), and when I rebooted my server, I tried to access the web vault and it redirected me to The Lounge (weird, because I don't have any fallback host setup in the reverse proxy container). I restarted the bitwarden container and it worked, until I tried to login. I kept deleting local storage and realized that every time I logged in, some assets from The Lounge would appear in cache. So, I simply cleared the cache for the domain and it's working again. There's still one error in the console, though, but the vault works! 

OVERLORD commented 2026-02-04 18:15:13 +03:00

Author

Owner

Copy Link

@dani-garcia commented on GitHub (Jan 7, 2019):

That last error is because there is a problem with websockets, if you have them disabled it's to be expected.

If you enabled them, then make sure that your proxy is redirecting the correct path to the websocket server, by default at port 3012. You have more info here https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-WebSocket-notifications.

@dani-garcia commented on GitHub (Jan 7, 2019): That last error is because there is a problem with websockets, if you have them disabled it's to be expected. If you enabled them, then make sure that your proxy is redirecting the correct path to the websocket server, by default at port 3012. You have more info here https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-WebSocket-notifications.

OVERLORD commented 2026-02-04 18:15:22 +03:00

Author

Owner

Copy Link

@darrenjl0 commented on GitHub (Jan 11, 2019):

Do you have some fancy SSL setting if using a reverse proxy? I had a very similar problem by applying SSL Stapling and something else which I can't remember.

@darrenjl0 commented on GitHub (Jan 11, 2019): Do you have some fancy SSL setting if using a reverse proxy? I had a very similar problem by applying SSL Stapling and something else which I can't remember.

OVERLORD commented 2026-02-04 18:15:36 +03:00

Author

Owner

Copy Link

@Xinayder commented on GitHub (Jan 12, 2019):

I don't think so, it's all managed by the nginx-proxy. I haven't touched SSL stapling.

@Xinayder commented on GitHub (Jan 12, 2019): I don't think so, it's all managed by the `nginx-proxy`. I haven't touched SSL stapling.

OVERLORD commented 2026-02-04 18:15:48 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Feb 6, 2019):

@rockytv do you still have this issue? If so, it sounds to me like something strange in the nginx config which redirects you or selects a default.

@BlackDex commented on GitHub (Feb 6, 2019): @rockytv do you still have this issue? If so, it sounds to me like something strange in the nginx config which redirects you or selects a default.

OVERLORD commented 2026-02-04 18:16:00 +03:00

Author

Owner

Copy Link

@mprasil commented on GitHub (Nov 15, 2019):

This wasn't updated for quite a while. I'm going to close it. Feel free to reopen if you need more help.

@mprasil commented on GitHub (Nov 15, 2019): This wasn't updated for quite a while. I'm going to close it. Feel free to reopen if you need more help.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

cached-config-operations

test_dylint

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#176