starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-12-11 01:10:09 +03:00
Code Issues 429 Packages Projects Releases 10 Wiki Activity

Session expired on login #565

New Issue
Closed
opened 2025-10-09 16:38:32 +03:00 by OVERLORD · 18 comments
OVERLORD commented 2025-10-09 16:38:32 +03:00
Owner
Copy Link

Originally created by @duckimann on GitHub.

Subject of the issue

Can't login. Everytime I try, it'll say Your session has expired

Deployment environment

  • vaultwarden version: 1.30.3

  • Install method: docker image | image id: 61dc6fc85f3f

  • Clients used: web vault

  • Reverse proxy and version: nginx:alpine, image id: 2b70e4aaac6b

  • Other relevant details: Deployed on Docker Desktop Windows v4.27.1

Troubleshooting data

https://github.com/dani-garcia/vaultwarden/assets/46382253/f559d426-71eb-4cf7-87d1-c2002089be87

Originally created by @duckimann on GitHub. ### Subject of the issue Can't login. Everytime I try, it'll say `Your session has expired` ### Deployment environment <!-- ========================================================================================= Preferably, use the `Generate Support String` button on the admin page's Diagnostics tab. That will auto-generate most of the info requested in this section. ========================================================================================= --> <!-- The version number, obtained from the logs (at startup) or the admin diagnostics page --> <!-- This is NOT the version number shown on the web vault, which is versioned separately from vaultwarden --> <!-- Remember to check if your issue exists on the latest version first! --> * vaultwarden version: `1.30.3` <!-- How the server was installed: Docker image, OS package, built from source, etc. --> * Install method: `docker image` | image id: `61dc6fc85f3f` * Clients used: `web vault` * Reverse proxy and version: `nginx:alpine`, image id: `2b70e4aaac6b` * Other relevant details: Deployed on Docker Desktop Windows v4.27.1 ### Troubleshooting data https://github.com/dani-garcia/vaultwarden/assets/46382253/f559d426-71eb-4cf7-87d1-c2002089be87
OVERLORD commented 2025-10-09 16:38:34 +03:00
Author
Owner
Copy Link

@duckimann commented on GitHub:

Here's what i got:

image

Note: The dk sh function is just a custom function to open an interactive shell on the specified container so you guys can skip that.

Log dump before the issue was created:

/--------------------------------------------------------------------\
|                        Starting Vaultwarden                        |
|                           Version 1.30.3                           |
|--------------------------------------------------------------------|
| This is an *unofficial* Bitwarden implementation, DO NOT use the   |
| official channels to report bugs/features, regardless of client.   |
| Send usage/configuration questions or feature requests to:         |
|   https://github.com/dani-garcia/vaultwarden/discussions or        |
|   https://vaultwarden.discourse.group/                             |
| Report suspected bugs/issues in the software itself at:            |
|   https://github.com/dani-garcia/vaultwarden/issues/new            |
\--------------------------------------------------------------------/

[2024-02-04 02:08:40.041][start][INFO] Rocket has launched from http://0.0.0.0:80
[2024-02-04 02:09:07.768][request][INFO] GET /bitwarden/api/config
[2024-02-04 02:09:07.768][response][INFO] (config) GET /bitwarden/api/config => 200 OK
[2024-02-04 02:09:12.054][request][INFO] GET /bitwarden/api/devices/knowndevice
[2024-02-04 02:09:12.058][response][INFO] (get_known_device) GET /bitwarden/api/devices/knowndevice => 200 OK
[2024-02-04 02:09:14.007][request][INFO] POST /bitwarden/identity/accounts/prelogin
[2024-02-04 02:09:14.008][response][INFO] (prelogin) POST /bitwarden/identity/accounts/prelogin => 200 OK
[2024-02-04 02:09:14.034][request][INFO] POST /bitwarden/identity/connect/token
[2024-02-04 02:09:14.144][vaultwarden::api::identity][INFO] User ducki@home.com logged in successfully. IP: 172.19.0.1
[2024-02-04 02:09:14.145][response][INFO] (login) POST /bitwarden/identity/connect/token => 200 OK
[2024-02-04 02:09:14.156][request][INFO] GET /bitwarden/api/config
[2024-02-04 02:09:14.156][response][INFO] (config) GET /bitwarden/api/config => 200 OK
[2024-02-04 02:09:14.209][request][INFO] POST /bitwarden/identity/connect/token
[2024-02-04 02:09:14.220][response][INFO] (login) POST /bitwarden/identity/connect/token => 200 OK
[2024-02-04 02:09:14.261][request][INFO] GET /bitwarden/notifications/hub?access_token=eyJ0eXAiOiJKV1QiL
[2024-02-04 02:09:14.262][response][INFO] (web_files) GET /bitwarden/<p..> [10] => 404 Not Found
[2024-02-04 02:09:14.278][request][INFO] GET /bitwarden/api/sync?excludeDomains=true
[2024-02-04 02:09:14.278][vaultwarden::auth][ERROR] Error decoding JWT
[2024-02-04 02:09:14.278][auth][ERROR] Unauthorized Error: Invalid claim
[2024-02-04 02:09:14.278][vaultwarden::api::core::ciphers::_][WARN] Request guard `Headers` failed: "Invalid claim".
[2024-02-04 02:09:14.278][response][INFO] (sync) GET /bitwarden/api/sync?<data..> => 401 Unauthorized
[2024-02-04 02:09:14.304][request][INFO] GET /bitwarden/api/config
[2024-02-04 02:09:14.304][response][INFO] (config) GET /bitwarden/api/config => 200 OK
@duckimann commented on GitHub: Here's what i got: ![image](https://github.com/dani-garcia/vaultwarden/assets/46382253/386e534a-910c-4e4d-8841-0ac8b702a4bb) Note: The `dk sh` function is just a custom function to open an interactive shell on the specified container so you guys can skip that. Log dump before the issue was created: ``` /--------------------------------------------------------------------\ | Starting Vaultwarden | | Version 1.30.3 | |--------------------------------------------------------------------| | This is an *unofficial* Bitwarden implementation, DO NOT use the | | official channels to report bugs/features, regardless of client. | | Send usage/configuration questions or feature requests to: | | https://github.com/dani-garcia/vaultwarden/discussions or | | https://vaultwarden.discourse.group/ | | Report suspected bugs/issues in the software itself at: | | https://github.com/dani-garcia/vaultwarden/issues/new | \--------------------------------------------------------------------/ [2024-02-04 02:08:40.041][start][INFO] Rocket has launched from http://0.0.0.0:80 [2024-02-04 02:09:07.768][request][INFO] GET /bitwarden/api/config [2024-02-04 02:09:07.768][response][INFO] (config) GET /bitwarden/api/config => 200 OK [2024-02-04 02:09:12.054][request][INFO] GET /bitwarden/api/devices/knowndevice [2024-02-04 02:09:12.058][response][INFO] (get_known_device) GET /bitwarden/api/devices/knowndevice => 200 OK [2024-02-04 02:09:14.007][request][INFO] POST /bitwarden/identity/accounts/prelogin [2024-02-04 02:09:14.008][response][INFO] (prelogin) POST /bitwarden/identity/accounts/prelogin => 200 OK [2024-02-04 02:09:14.034][request][INFO] POST /bitwarden/identity/connect/token [2024-02-04 02:09:14.144][vaultwarden::api::identity][INFO] User ducki@home.com logged in successfully. IP: 172.19.0.1 [2024-02-04 02:09:14.145][response][INFO] (login) POST /bitwarden/identity/connect/token => 200 OK [2024-02-04 02:09:14.156][request][INFO] GET /bitwarden/api/config [2024-02-04 02:09:14.156][response][INFO] (config) GET /bitwarden/api/config => 200 OK [2024-02-04 02:09:14.209][request][INFO] POST /bitwarden/identity/connect/token [2024-02-04 02:09:14.220][response][INFO] (login) POST /bitwarden/identity/connect/token => 200 OK [2024-02-04 02:09:14.261][request][INFO] GET /bitwarden/notifications/hub?access_token=eyJ0eXAiOiJKV1QiL [2024-02-04 02:09:14.262][response][INFO] (web_files) GET /bitwarden/<p..> [10] => 404 Not Found [2024-02-04 02:09:14.278][request][INFO] GET /bitwarden/api/sync?excludeDomains=true [2024-02-04 02:09:14.278][vaultwarden::auth][ERROR] Error decoding JWT [2024-02-04 02:09:14.278][auth][ERROR] Unauthorized Error: Invalid claim [2024-02-04 02:09:14.278][vaultwarden::api::core::ciphers::_][WARN] Request guard `Headers` failed: "Invalid claim". [2024-02-04 02:09:14.278][response][INFO] (sync) GET /bitwarden/api/sync?<data..> => 401 Unauthorized [2024-02-04 02:09:14.304][request][INFO] GET /bitwarden/api/config [2024-02-04 02:09:14.304][response][INFO] (config) GET /bitwarden/api/config => 200 OK ```
OVERLORD commented 2025-10-09 16:38:35 +03:00
Author
Owner
Copy Link

@stefan0xC commented on GitHub:

image

One thing that's noticable is that the reported times differ from the one displayed in your shell and there's also a difference between the delays to the containers too (i.e. 30 seconds in one and 3 seconds in the other). Not sure if this is the cause of the problem, though. (Ah no, I read this wrong. Sorry.)

Deployed on Docker Desktop Windows v4.27.1

If this was a Linux system I'd recommend using timedatectl set-ntp true to enable systemd-timesyncd but not sure what the equivalent would be. 🫣

@stefan0xC commented on GitHub: > ![image](https://private-user-images.githubusercontent.com/46382253/302056543-dd5c59c6-2180-4267-8d42-c87e63e632e4.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MDY5ODg0MjEsIm5iZiI6MTcwNjk4ODEyMSwicGF0aCI6Ii80NjM4MjI1My8zMDIwNTY1NDMtZGQ1YzU5YzYtMjE4MC00MjY3LThkNDItYzg3ZTYzZTYzMmU0LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDAyMDMlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwMjAzVDE5MjIwMVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWUyNTc5NDllYzllYjczZjg1M2FkMjFiMTNjZjFlZWI1OGNlNWUxNzMxOTkxN2IxNDEzNDAwNjkyMzQwOTllNTEmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.toTAE1u9iQAqxDd0Q2JvtoUadrPxk371STC4xghHusI) > <s>One thing that's noticable is that the reported times differ from the one displayed in your shell and there's also a difference between the delays to the containers too (i.e. 30 seconds in one and 3 seconds in the other). Not sure if this is the cause of the problem, though.</s> (Ah no, I read this wrong. Sorry.) > Deployed on Docker Desktop Windows v4.27.1 If this was a Linux system I'd recommend using `timedatectl set-ntp true` to enable `systemd-timesyncd` but not sure what the equivalent would be. 🫣
OVERLORD commented 2025-10-09 16:38:35 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub:

Check the date and time on both client and server.
Check the server logs of both Vaultwarden and your reverse proxy.

Also try a different browser and/or Private/Incognito browser.

@BlackDex commented on GitHub: Check the date and time on both client and server. Check the server logs of both Vaultwarden and your reverse proxy. Also try a different browser and/or Private/Incognito browser.
OVERLORD commented 2025-10-09 16:38:35 +03:00
Author
Owner
Copy Link

@stefan0xC commented on GitHub:

Can you check with --universal? Because currently date -u would be Sa 03 Feb 2024 19:19:35 UTC (I mean it's probably fine but I find comparing time zones a bit tricky.)

@stefan0xC commented on GitHub: Can you check with `--universal`? Because currently `date -u` would be `Sa 03 Feb 2024 19:19:35 UTC` (I mean it's probably fine but I find comparing time zones a bit tricky.)
OVERLORD commented 2025-10-09 16:38:36 +03:00
Author
Owner
Copy Link

@duckimann commented on GitHub:

  • Incognito browser behave the same
  • I've set the timezone in respected containers to my timezone (Asia/Ho_Chi_Minh) by the environment in the docker-compose file

image

And still get the same error

@duckimann commented on GitHub: - Incognito browser behave the same - I've set the timezone in respected containers to my timezone (`Asia/Ho_Chi_Minh`) by the `environment` in the `docker-compose` file ![image](https://github.com/dani-garcia/vaultwarden/assets/46382253/dd5c59c6-2180-4267-8d42-c87e63e632e4) And still get the same error
OVERLORD commented 2025-10-09 16:38:37 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub:

Why do we see /bitwarden/api and /api in the two different screenshots?

Are there two different servers?
Did you configured the domain variable correctly?

@BlackDex commented on GitHub: Why do we see `/bitwarden/api` and `/api` in the two different screenshots? Are there two different servers? Did you configured the domain variable correctly?
OVERLORD commented 2025-10-09 16:38:41 +03:00
Author
Owner
Copy Link

@duckimann commented on GitHub:

I've downgrade Docker version to v4.27.0 and login one more time. the docker-compose is still the same (with env TZ=Asia/Ho_Chi_Minh applied to the nginx proxy and the vaultwarden container)

image

Nginx proxy logs:

172.19.0.1 - - [04/Feb/2024:03:18:16 +0700] "GET /bitwarden/ HTTP/1.1" 200 1236 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" "-"
172.19.0.1 - - [04/Feb/2024:03:18:16 +0700] "GET /bitwarden/api/config HTTP/1.1" 200 433 "https://ducki.local/bitwarden/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" "-"
172.19.0.1 - - [04/Feb/2024:03:18:19 +0700] "GET /index.php/apps/files/preview-service-worker.js HTTP/1.1" 200 5253 "https://ducki.local/index.php/apps/files/preview-service-worker.js" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" "-"
172.19.0.1 - - [04/Feb/2024:03:18:20 +0700] "GET /bitwarden/api/devices/knowndevice HTTP/1.1" 200 4 "https://ducki.local/bitwarden/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" "-"
172.19.0.1 - - [04/Feb/2024:03:18:23 +0700] "POST /bitwarden/identity/accounts/prelogin HTTP/1.1" 200 71 "https://ducki.local/bitwarden/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" "-"
172.19.0.1 - - [04/Feb/2024:03:18:23 +0700] "POST /bitwarden/identity/connect/token HTTP/1.1" 200 3164 "https://ducki.local/bitwarden/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" "-"
172.19.0.1 - - [04/Feb/2024:03:18:23 +0700] "GET /bitwarden/api/config HTTP/1.1" 200 433 "https://ducki.local/bitwarden/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" "-"
172.19.0.1 - - [04/Feb/2024:03:18:23 +0700] "POST /bitwarden/identity/connect/token HTTP/1.1" 200 3080 "https://ducki.local/bitwarden/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" "-"
172.19.0.1 - - [04/Feb/2024:03:18:23 +0700] "GET /bitwarden/notifications/hub?access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJuYmYiOjE3MDY5OTE1MDMsImV4cCI6MTcwNjk5ODcwMywiaXNzIjoiaHR0cHM6Ly9kdWNraS5sb2NhbHxsb2dpbiIsInN1YiI6IjUzZjA5ZDNhLWFhYWYtNDBiNC04NmI5LTMyNzA5MDg3YTMyZSIsInByZW1pdW0iOnRydWUsIm5hbWUiOiJkdWNraW1hbm4iLCJlbWFpbCI6ImR1Y2tpQGhvbWUuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsInNzdGFtcCI6IjM3M2JhNzc5LWUyMTAtNGIyMi1iZDc3LTdjZGRlM2YzNjFjYyIsImRldmljZSI6ImYxM2Y0YmNjLTNmZTctNDkyNi1iNzNiLTI4M2ViYWMwYzdlZSIsInNjb3BlIjpbImFwaSIsIm9mZmxpbmVfYWNjZXNzIl0sImFtciI6WyJBcHBsaWNhdGlvbiJdfQ.cQja8yC2olSEWIpDS8ZBcNvBpuixAeWdtmJeHMXe5Sw5YN8bRYbr9e_Sz1mlXpxup27C-QuWueKYQKkU-Ua8Xxxi-BwaeB6ENXOOi4Hs9hLoo-ywu4O0rq2fUfKoJw7zNzsagS4uvMYxwEFzF9Mexn_BDrYtTNpQE2lMoJlM7izXj7d_Fy4uDv-OKH3rnDZqh1bEyZmrCJln-bUV7qAGyal314kQPlpf3iCnrmYPURd7Cx3ae3yZoe_G8H8z2GFRks2yjEz1R_JY4uaZfx-VO6JZB9EzxQIftSX18500EJGculquZ9yDT1OTJw-wWftRnNKGQnCmRHauevIiZfS6lg HTTP/1.1" 404 1914 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" "-"
172.19.0.1 - - [04/Feb/2024:03:18:23 +0700] "GET /bitwarden/api/sync?excludeDomains=true HTTP/1.1" 401 130 "https://ducki.local/bitwarden/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" "-"
172.19.0.1 - - [04/Feb/2024:03:18:23 +0700] "GET /bitwarden/api/config HTTP/1.1" 200 433 "https://ducki.local/bitwarden/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" "-"

And the error is the same too :D

@duckimann commented on GitHub: I've downgrade Docker version to `v4.27.0` and login one more time. the docker-compose is still the same (with env `TZ=Asia/Ho_Chi_Minh` applied to the `nginx proxy` and the `vaultwarden` container) ![image](https://github.com/dani-garcia/vaultwarden/assets/46382253/d7e6df7f-5a36-4a68-a71c-900001d47ecc) Nginx proxy logs: ``` 172.19.0.1 - - [04/Feb/2024:03:18:16 +0700] "GET /bitwarden/ HTTP/1.1" 200 1236 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" "-" 172.19.0.1 - - [04/Feb/2024:03:18:16 +0700] "GET /bitwarden/api/config HTTP/1.1" 200 433 "https://ducki.local/bitwarden/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" "-" 172.19.0.1 - - [04/Feb/2024:03:18:19 +0700] "GET /index.php/apps/files/preview-service-worker.js HTTP/1.1" 200 5253 "https://ducki.local/index.php/apps/files/preview-service-worker.js" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" "-" 172.19.0.1 - - [04/Feb/2024:03:18:20 +0700] "GET /bitwarden/api/devices/knowndevice HTTP/1.1" 200 4 "https://ducki.local/bitwarden/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" "-" 172.19.0.1 - - [04/Feb/2024:03:18:23 +0700] "POST /bitwarden/identity/accounts/prelogin HTTP/1.1" 200 71 "https://ducki.local/bitwarden/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" "-" 172.19.0.1 - - [04/Feb/2024:03:18:23 +0700] "POST /bitwarden/identity/connect/token HTTP/1.1" 200 3164 "https://ducki.local/bitwarden/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" "-" 172.19.0.1 - - [04/Feb/2024:03:18:23 +0700] "GET /bitwarden/api/config HTTP/1.1" 200 433 "https://ducki.local/bitwarden/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" "-" 172.19.0.1 - - [04/Feb/2024:03:18:23 +0700] "POST /bitwarden/identity/connect/token HTTP/1.1" 200 3080 "https://ducki.local/bitwarden/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" "-" 172.19.0.1 - - [04/Feb/2024:03:18:23 +0700] "GET /bitwarden/notifications/hub?access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJuYmYiOjE3MDY5OTE1MDMsImV4cCI6MTcwNjk5ODcwMywiaXNzIjoiaHR0cHM6Ly9kdWNraS5sb2NhbHxsb2dpbiIsInN1YiI6IjUzZjA5ZDNhLWFhYWYtNDBiNC04NmI5LTMyNzA5MDg3YTMyZSIsInByZW1pdW0iOnRydWUsIm5hbWUiOiJkdWNraW1hbm4iLCJlbWFpbCI6ImR1Y2tpQGhvbWUuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsInNzdGFtcCI6IjM3M2JhNzc5LWUyMTAtNGIyMi1iZDc3LTdjZGRlM2YzNjFjYyIsImRldmljZSI6ImYxM2Y0YmNjLTNmZTctNDkyNi1iNzNiLTI4M2ViYWMwYzdlZSIsInNjb3BlIjpbImFwaSIsIm9mZmxpbmVfYWNjZXNzIl0sImFtciI6WyJBcHBsaWNhdGlvbiJdfQ.cQja8yC2olSEWIpDS8ZBcNvBpuixAeWdtmJeHMXe5Sw5YN8bRYbr9e_Sz1mlXpxup27C-QuWueKYQKkU-Ua8Xxxi-BwaeB6ENXOOi4Hs9hLoo-ywu4O0rq2fUfKoJw7zNzsagS4uvMYxwEFzF9Mexn_BDrYtTNpQE2lMoJlM7izXj7d_Fy4uDv-OKH3rnDZqh1bEyZmrCJln-bUV7qAGyal314kQPlpf3iCnrmYPURd7Cx3ae3yZoe_G8H8z2GFRks2yjEz1R_JY4uaZfx-VO6JZB9EzxQIftSX18500EJGculquZ9yDT1OTJw-wWftRnNKGQnCmRHauevIiZfS6lg HTTP/1.1" 404 1914 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" "-" 172.19.0.1 - - [04/Feb/2024:03:18:23 +0700] "GET /bitwarden/api/sync?excludeDomains=true HTTP/1.1" 401 130 "https://ducki.local/bitwarden/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" "-" 172.19.0.1 - - [04/Feb/2024:03:18:23 +0700] "GET /bitwarden/api/config HTTP/1.1" 200 433 "https://ducki.local/bitwarden/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" "-" ``` And the error is the same too :D
OVERLORD commented 2025-10-09 16:38:42 +03:00
Author
Owner
Copy Link

@duckimann commented on GitHub:

I think i'm having a one-off issue here.

image

Same docker-compose, same data, but mounted in a Debian VM and I still got the same error. I did try to start new separated instance on the same VM but the error doesn't occur.

@duckimann commented on GitHub: I think i'm having a one-off issue here. ![image](https://github.com/dani-garcia/vaultwarden/assets/46382253/45a7b8f7-48ae-4e68-9bf1-5b8e74d56525) Same docker-compose, same data, but mounted in a Debian VM and I still got the same error. I did try to start new separated instance on the same VM but the error doesn't occur.
OVERLORD commented 2025-10-09 16:38:43 +03:00
Author
Owner
Copy Link

@duckimann commented on GitHub:

Yes, those are two different server. And I've configured the domain variable correctly.

The top editor is the log from the new instance using this configuration:

version: "3.8"

services:
  bitwarden:
    container_name: "bitwarden"
    image: vaultwarden/server
    ports:
      - 80:80
    volumes:
      - ./bw-data/:/data/
    restart: unless-stopped

and the bottom editor is the log from the old instance, which I'm having a problem with right now, using this configuration:

version: "3.8"

services:
  # Nginx Proxy
  nginx-proxy:
    image: nginx:alpine
    container_name: nginx
    restart: unless-stopped
    # environment:
    #   - TZ=Asia/Ho_Chi_Minh
    ports:
      - 80:80
      - 443:443
      - 27017:27017
    volumes:
      - ./ssl/:/etc/nginx/ssl/
      - ./nginx/conf.d/:/etc/nginx/conf.d/
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf
    networks:
      - app-network
  
  bitwarden:
    container_name: bitwarden
    image: vaultwarden/server
    environment:
      - DOMAIN=https://ducki.local/bitwarden/
      # - TZ=Asia/Ho_Chi_Minh
    expose:
      - 80
    volumes:
      - ./bw-data/:/data/
    restart: unless-stopped
    networks:
      - app-network
  
networks:
  app-network:
    driver: bridge

Nginx Config:

server {
    listen 80;
    return 301 https://$host$request_uri;
}

server {
    client_max_body_size 20G;
    listen 443 ssl;

    ssl_certificate         /etc/nginx/ssl/bitwarden.crt;
    ssl_certificate_key     /etc/nginx/ssl/bitwarden.key;

    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    # HSTS, remove # from the line below to enable HSTS
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;

    # Enable TLS 1.3 early data
    ssl_early_data on;

    location /bitwarden/ {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;

        # Fix the “It appears that your reverse proxy set up is broken" error.
        proxy_pass          http://bitwarden;
        proxy_read_timeout  90;
    }
}

There's some other services so i will not include it here.

@duckimann commented on GitHub: Yes, those are two different server. And I've configured the domain variable correctly. The top editor is the log from the new instance using this configuration: ```yml version: "3.8" services: bitwarden: container_name: "bitwarden" image: vaultwarden/server ports: - 80:80 volumes: - ./bw-data/:/data/ restart: unless-stopped ``` and the bottom editor is the log from the old instance, which I'm having a problem with right now, using this configuration: ```yml version: "3.8" services: # Nginx Proxy nginx-proxy: image: nginx:alpine container_name: nginx restart: unless-stopped # environment: # - TZ=Asia/Ho_Chi_Minh ports: - 80:80 - 443:443 - 27017:27017 volumes: - ./ssl/:/etc/nginx/ssl/ - ./nginx/conf.d/:/etc/nginx/conf.d/ - ./nginx/nginx.conf:/etc/nginx/nginx.conf networks: - app-network bitwarden: container_name: bitwarden image: vaultwarden/server environment: - DOMAIN=https://ducki.local/bitwarden/ # - TZ=Asia/Ho_Chi_Minh expose: - 80 volumes: - ./bw-data/:/data/ restart: unless-stopped networks: - app-network networks: app-network: driver: bridge ``` Nginx Config: ``` server { listen 80; return 301 https://$host$request_uri; } server { client_max_body_size 20G; listen 443 ssl; ssl_certificate /etc/nginx/ssl/bitwarden.crt; ssl_certificate_key /etc/nginx/ssl/bitwarden.key; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; ssl_prefer_server_ciphers on; # HSTS, remove # from the line below to enable HSTS add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; # Enable TLS 1.3 early data ssl_early_data on; location /bitwarden/ { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Fix the “It appears that your reverse proxy set up is broken" error. proxy_pass http://bitwarden; proxy_read_timeout 90; } } ``` There's some other services so i will not include it here.
OVERLORD commented 2025-10-09 16:38:44 +03:00
Author
Owner
Copy Link

@duckimann commented on GitHub:

image

I've notice there's an error at request /api/sync?excludeDomains=true and I don't know does this related or not

@duckimann commented on GitHub: ![image](https://github.com/dani-garcia/vaultwarden/assets/46382253/b65a2dd1-9253-4727-af99-8d173eae38e4) I've notice there's an error at request `/api/sync?excludeDomains=true` and I don't know does this related or not
OVERLORD commented 2025-10-09 16:38:46 +03:00
Author
Owner
Copy Link

@duckimann commented on GitHub:

Nah. I don't have those security features.

@duckimann commented on GitHub: Nah. I don't have those security features.
OVERLORD commented 2025-10-09 16:38:46 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub:

I would suggest to take a look at the examples https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples

And then mainly the sub-path example for Nginx by me.
I'm missing a few configurations there.

Nothing that should break the normal login though, but will break websocket.

@BlackDex commented on GitHub: I would suggest to take a look at the examples https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples And then mainly the sub-path example for Nginx by me. I'm missing a few configurations there. Nothing that should break the normal login though, but will break websocket.
OVERLORD commented 2025-10-09 16:38:47 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub:

Yes you have, those are in the data folder. They are used to generate the JWT's.

@BlackDex commented on GitHub: Yes you have, those are in the data folder. They are used to generate the JWT's.
OVERLORD commented 2025-10-09 16:38:48 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub:

It shouldn't really.
Are there any security features active by default? Like ModSecurity or WAF or something?

Try to remove the rsa_key.* files.

@BlackDex commented on GitHub: It shouldn't really. Are there any security features active by default? Like ModSecurity or WAF or something? Try to remove the `rsa_key.*` files.
OVERLORD commented 2025-10-09 16:38:49 +03:00
Author
Owner
Copy Link

@duckimann commented on GitHub:

I'm fine with the broken websocket, but if it is important here then I'll update the Nginx config.

@duckimann commented on GitHub: I'm fine with the broken websocket, but if it is important here then I'll update the Nginx config.
OVERLORD commented 2025-10-09 16:38:51 +03:00
Author
Owner
Copy Link

@duckimann commented on GitHub:

Problem solved. Thanks @BlackDex 👍 Login succeeded after remove rsa_key.* files.

@duckimann commented on GitHub: Problem solved. Thanks @BlackDex 👍 Login succeeded after remove `rsa_key.*` files.
OVERLORD commented 2025-10-09 16:38:51 +03:00
Author
Owner
Copy Link

@duckimann commented on GitHub:

The Docker Desktop broken right after I upgrade it to v4.27.1 and I have to factory reset it. That could be the culprit. I'm not sure.

@duckimann commented on GitHub: The Docker Desktop broken right after I upgrade it to `v4.27.1` and I have to factory reset it. That could be the culprit. I'm not sure.
OVERLORD commented 2025-10-09 16:38:51 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub:

Strange. They must have been corrupted in some way.
Good that it is fixed now.

@BlackDex commented on GitHub: Strange. They must have been corrupted in some way. Good that it is fixed now.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
better for forum
bug
bug
bug
documentation
duplicate
enhancement
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
SSO
Third party
troubleshooting
troubleshooting
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#565
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?