starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-12-09 17:23:04 +03:00
Code Issues 429 Packages Projects Releases 10 Wiki Activity

Connection Refused (self-built binary) #2276

New Issue
Closed
opened 2025-10-09 17:54:55 +03:00 by OVERLORD · 8 comments
OVERLORD commented 2025-10-09 17:54:55 +03:00
Owner
Copy Link

Originally created by @patoski on GitHub.

Hi, thanks for what looks to be a great project!

I followed the README instructions on how to build my own binary and web-vault which went great (Debian Stretch). When I start bitwarden_rs it seems happy saying "Rocket has launched from https://localhost:8000".

However, whenever I try to connect with "curl https://my.domain.com:8000" (or a web browser) I always get "connection refused" even if I'm on the server.

I'm sure I'm doing something incredibly silly but I can't seem to fix it. I know DNS and my SSL certs are fine because that's working with other things I have running. Below is the script I use to launch bitwarden_rs if that's helpful. Any help is really appreciated. Thanks!

export DOMAIN=https://my.domain.com:8000
export ROCKET_TLS='{certs="/etc/letsencrypt/live/my.domain.com/fullchain.pem",key="/etc/letsencrypt/live/my.domain.com/privkey.pem"}'
./bitwarden_rs

Originally created by @patoski on GitHub. Hi, thanks for what looks to be a great project! I followed the README instructions on how to build my own binary and web-vault which went great (Debian Stretch). When I start bitwarden_rs it seems happy saying "Rocket has launched from https://localhost:8000". However, whenever I try to connect with "curl https://my.domain.com:8000" (or a web browser) I always get "connection refused" even if I'm on the server. I'm sure I'm doing something incredibly silly but I can't seem to fix it. I know DNS and my SSL certs are fine because that's working with other things I have running. Below is the script I use to launch bitwarden_rs if that's helpful. Any help is really appreciated. Thanks! export DOMAIN=https://my.domain.com:8000 export ROCKET_TLS='{certs="/etc/letsencrypt/live/my.domain.com/fullchain.pem",key="/etc/letsencrypt/live/my.domain.com/privkey.pem"}' ./bitwarden_rs
OVERLORD added the question label 2025-10-09 17:54:55 +03:00
OVERLORD commented 2025-10-09 17:54:57 +03:00
Author
Owner
Copy Link

@RomanHargrave commented on GitHub:

I have not used the TLS support in rocket, and I understand that it's not exactly production ready (according to their own documentation, last I checked).

Have you thought of using a reverse proxy, like nginx? It has the added bonus of enabling websocket support when configured properly.

@RomanHargrave commented on GitHub: I have not used the TLS support in rocket, and I understand that it's not exactly production ready (according to their own documentation, last I checked). Have you thought of using a reverse proxy, like nginx? It has the added bonus of enabling websocket support when configured properly.
OVERLORD commented 2025-10-09 17:54:57 +03:00
Author
Owner
Copy Link

@mprasil commented on GitHub:

Yeah I'd suggest trying without the certs first and see if that works. Any errors in the logs?

@mprasil commented on GitHub: Yeah I'd suggest trying without the certs first and see if that works. Any errors in the logs?
OVERLORD commented 2025-10-09 17:54:58 +03:00
Author
Owner
Copy Link

@patoski commented on GitHub:

Thanks so much everyone for all the help! I really appreciate it! One interesting thing, launching bitwarden without any environment variables set, Rocket still wants to launch via https and won't accept http requests. When starting bitwarden it says "Rocket has launched from https://localhost:8000" and isn't accessible via http.

I was able to get connected using wget via https while ignoring the (obvious) certificate failure.

 wget --no-check-certificate https://localhost:8000
--2018-11-21 20:50:43--  https://localhost:8000/
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:8000... connected.
The certificate's owner does not match hostname ‘localhost’
HTTP request sent, awaiting response... 200 OK
Length: 1354 (1.3K) [text/html]
Saving to: ‘index.html.3’

If I try to connect via http I get the following:

wget http://localhost:8000
--2018-11-21 21:04:51--  http://localhost:8000/
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:8000... connected.
HTTP request sent, awaiting response... No data received.
Retrying.
@patoski commented on GitHub: Thanks so much everyone for all the help! I really appreciate it! One interesting thing, launching bitwarden without any environment variables set, Rocket still wants to launch via https and won't accept http requests. When starting bitwarden it says "Rocket has launched from https://localhost:8000" and isn't accessible via http. I was able to get connected using wget via https while ignoring the (obvious) certificate failure. ``` wget --no-check-certificate https://localhost:8000 --2018-11-21 20:50:43-- https://localhost:8000/ Resolving localhost (localhost)... ::1, 127.0.0.1 Connecting to localhost (localhost)|::1|:8000... connected. The certificate's owner does not match hostname ‘localhost’ HTTP request sent, awaiting response... 200 OK Length: 1354 (1.3K) [text/html] Saving to: ‘index.html.3’ ``` If I try to connect via http I get the following: ``` wget http://localhost:8000 --2018-11-21 21:04:51-- http://localhost:8000/ Resolving localhost (localhost)... ::1, 127.0.0.1 Connecting to localhost (localhost)|::1|:8000... connected. HTTP request sent, awaiting response... No data received. Retrying. ```
OVERLORD commented 2025-10-09 17:54:58 +03:00
Author
Owner
Copy Link

@dani-garcia commented on GitHub:

It would seem weird for the connection to be refused, even when TLS fails. I would try without TLS first.
Are you trying to access the server from another device? If so, you can't use localhost. You can try setting ROCKET_ADDRESS=0.0.0.0.
Otherwise it might be a firewall problem?

@dani-garcia commented on GitHub: It would seem weird for the connection to be refused, even when TLS fails. I would try without TLS first. Are you trying to access the server from another device? If so, you can't use localhost. You can try setting `ROCKET_ADDRESS=0.0.0.0`. Otherwise it might be a firewall problem?
OVERLORD commented 2025-10-09 17:55:00 +03:00
Author
Owner
Copy Link

@mprasil commented on GitHub:

I'd also suggest trying with 127.0.0.1 instead of localhost even when you're trying to access it locally, just in case your hosts file is borked for some reason.

@mprasil commented on GitHub: I'd also suggest trying with `127.0.0.1` instead of `localhost` even when you're trying to access it locally, just in case your hosts file is borked for some reason.
OVERLORD commented 2025-10-09 17:55:02 +03:00
Author
Owner
Copy Link

@mprasil commented on GitHub:

You can reverse proxy to https backend if you want, Rocket/bitwarden_rs doesn't really care. However it should not defaut to TLS on by default. You probably have some extra configuration somewhere (.envfile maybe?) that sets the ROCKET_TLS variable.

@mprasil commented on GitHub: You can reverse proxy to `https` backend if you want, Rocket/bitwarden_rs doesn't really care. However it should not defaut to TLS on by default. You probably have some extra configuration somewhere (`.env`file maybe?) that sets the `ROCKET_TLS` variable.
OVERLORD commented 2025-10-09 17:55:02 +03:00
Author
Owner
Copy Link

@patoski commented on GitHub:

Yep, it was a stray .env file. Thanks for all the support all. This app and the community is amazing!

@patoski commented on GitHub: Yep, it was a stray .env file. Thanks for all the support all. This app and the community is _amazing!_
OVERLORD commented 2025-10-09 17:55:02 +03:00
Author
Owner
Copy Link

@patoski commented on GitHub:

Ok, I was able to get a normal connection to TLS working with my domain. The entire issue was right in front of me the entire time:
export DOMAIN=https://my.domain.com:8000

The mistake was, I should not have added a port number (makes sense in hindsight). For posterity, my entire launch script looks like:

export DOMAIN=https://my.domain.com
export ROCKET_TLS='{certs="/etc/letsencrypt/live/my.domain.com/fullchain.pem",key="/etc/letsencrypt/live/my.domain.com/privkey.pem"}'
./bitwarden_rs

One final question, can I leave things the way they are and still run a reverse proxy or does Rocket need to run as plain old http? If so, how do I do that? Rocket starts with TLS turned on by default for me.

@patoski commented on GitHub: Ok, I was able to get a normal connection to TLS working with my domain. The entire issue was right in front of me the entire time: `export DOMAIN=https://my.domain.com:8000` The mistake was, I should not have added a port number (makes sense in hindsight). For posterity, my entire launch script looks like: ``` export DOMAIN=https://my.domain.com export ROCKET_TLS='{certs="/etc/letsencrypt/live/my.domain.com/fullchain.pem",key="/etc/letsencrypt/live/my.domain.com/privkey.pem"}' ./bitwarden_rs ``` One final question, can I leave things the way they are and still run a reverse proxy or does Rocket need to run as plain old http? If so, how do I do that? Rocket starts with TLS turned on by default for me.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
better for forum
bug
bug
bug
documentation
duplicate
enhancement
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
SSO
Third party
troubleshooting
troubleshooting
wontfix
No Label question
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#2276
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?