rocket-worker-thread' panicked, Unable to log into vault. #865

New Issue

Closed

opened 2025-10-09 16:54:30 +03:00 by OVERLORD · 6 comments

OVERLORD commented 2025-10-09 16:54:30 +03:00

Owner

Copy Link

Originally created by @sebasdt on GitHub.

Subject of the issue

Rocket giving a 404 after trying to connect to it.
accessing the container directly also gives the same error look below here:

Deployment environment

Im using a vm within that a docker enviorment.

• vaultwarden version:
  1.28.0 or the latest tag for docker

• Install method:
  on Docker via portainer.
• Clients used:
  Windows and android basicly every option and no ios or linux clients.
• Reverse proxy and version:
  Cloudflare ---> nginx Rproxy ---> container

• MySQL/MariaDB or PostgreSQL version:

• Other relevant details:
  I think this happend because Im experimenting with cloudflare tunnels. dont really think it has to do with cloudflare.

Steps to reproduce

I updated to the latest release and restarted the container. I am at version 1.28.0
as you can see in my log file you can see what parameters/env settings in using.

Expected behaviour

Im able to access the container and not get a rocket 404.
even when I try to access the container locally/directly the same error appears.

Actual behaviour

Im not able to do anything with vaultwarden

Troubleshooting data

LOGS:
https://pastebin.com/VNwLKb8n

Originally created by @sebasdt on GitHub. <!-- # ### NOTE: Please update to the latest version of vaultwarden before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/vaultwarden/issues/1180 * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue Rocket giving a 404 after trying to connect to it. accessing the container directly also gives the same error look below here:  ### Deployment environment Im using a vm within that a docker enviorment. <!-- ========================================================================================= Preferably, use the `Generate Support String` button on the admin page's Diagnostics tab. That will auto-generate most of the info requested in this section. ========================================================================================= --> <!-- The version number, obtained from the logs (at startup) or the admin diagnostics page --> <!-- This is NOT the version number shown on the web vault, which is versioned separately from vaultwarden --> <!-- Remember to check if your issue exists on the latest version first! --> * vaultwarden version: 1.28.0 or the latest tag for docker <!-- How the server was installed: Docker image, OS package, built from source, etc. --> * Install method: on Docker via portainer. * Clients used: <!-- web vault, desktop, Android, iOS, etc. (if applicable) --> Windows and android basicly every option and no ios or linux clients. * Reverse proxy and version: <!-- if applicable --> Cloudflare ---> nginx Rproxy ---> container * MySQL/MariaDB or PostgreSQL version: <!-- if applicable --> -- * Other relevant details: I think this happend because Im experimenting with cloudflare tunnels. dont really think it has to do with cloudflare. ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start vaultwarden? --> I updated to the latest release and restarted the container. I am at version 1.28.0 as you can see in my log file you can see what parameters/env settings in using. ### Expected behaviour <!-- Tell us what you expected to happen --> Im able to access the container and not get a rocket 404. even when I try to access the container locally/directly the same error appears. ### Actual behaviour <!-- Tell us what actually happened --> Im not able to do anything with vaultwarden ### Troubleshooting data <!-- Share any log files, screenshots, or other relevant troubleshooting data -->  LOGS: https://pastebin.com/VNwLKb8n 

OVERLORD closed this issue 2025-10-09 16:54:31 +03:00

OVERLORD commented 2025-10-09 16:54:32 +03:00

Author

Owner

Copy Link

@sebasdt commented on GitHub:

Yes I checked the domain is perfect fine.
It's pointed to https://vaultwarden.myAwesomedomain.bla

@sebasdt commented on GitHub: Yes I checked the domain is perfect fine. It's pointed to https://vaultwarden.myAwesomedomain.bla

OVERLORD commented 2025-10-09 16:54:33 +03:00

Author

Owner

Copy Link

@stefan0xC commented on GitHub:

[INFO] Using saved config from data/config.json for configuration.
[WARNING] The following environment variables are being overriden by the config.json file.
[WARNING] Please use the admin panel to make changes to them:
[WARNING] DOMAIN, SIGNUPS_ALLOWED, SIGNUPS_VERIFY, SIGNUPS_VERIFY_RESEND_TIME, SIGNUPS_VERIFY_RESEND_LIMIT, INVITATIONS_ALLOWED, EMERGENCY_ACCESS_ALLOWED

Can you check your DOMAIN settings? It looks like you might have set it to a sub-dir.

@stefan0xC commented on GitHub: > [INFO] Using saved config from `data/config.json` for configuration. > [WARNING] The following environment variables are being overriden by the config.json file. > [WARNING] Please use the admin panel to make changes to them: > [WARNING] DOMAIN, SIGNUPS_ALLOWED, SIGNUPS_VERIFY, SIGNUPS_VERIFY_RESEND_TIME, SIGNUPS_VERIFY_RESEND_LIMIT, INVITATIONS_ALLOWED, EMERGENCY_ACCESS_ALLOWED Can you check your `DOMAIN` settings? It looks like you might have set it to a [sub-dir](https://github.com/dani-garcia/vaultwarden/wiki/Using-an-alternate-base-dir).

OVERLORD commented 2025-10-09 16:54:33 +03:00

Author

Owner

Copy Link

@sebasdt commented on GitHub:

Oh I see,
Sorry yes in the conf that the domain is pointing to the right endpoint.
I just restarted the whole machine and that seemed to solve it.

@sebasdt commented on GitHub: Oh I see, Sorry yes in the conf that the domain is pointing to the right endpoint. I just restarted the whole machine and that seemed to solve it.

OVERLORD commented 2025-10-09 16:54:33 +03:00

Author

Owner

Copy Link

@sebasdt commented on GitHub:

Sorry to reopen the issue,
So in the meantime I was able to load page but forgot to check I could login..

here is the log that is in the portainer logs:

`/--------------------------------------------------------------------\

|                        Starting Vaultwarden                        |

|                           Version 1.28.0                           |

|--------------------------------------------------------------------|

| This is an *unofficial* Bitwarden implementation, DO NOT use the   |

| official channels to report bugs/features, regardless of client.   |

| Send usage/configuration questions or feature requests to:         |

|   https://github.com/dani-garcia/vaultwarden/discussions or        |

|   https://vaultwarden.discourse.group/                             |

| Report suspected bugs/issues in the software itself at:            |

|   https://github.com/dani-garcia/vaultwarden/issues/new            |

\--------------------------------------------------------------------/

[2023-04-01 18:59:00.634][start][INFO] Rocket has launched from http://0.0.0.0:80

[2023-04-01 18:59:24.131][request][INFO] GET /api/devices/knowndevice

[2023-04-01 18:59:24.131][vaultwarden::api::core::accounts::_][WARN] Request guard `KnownDevice` failed: "X-Request-Email value failed to decode as base64url".

[2023-04-01 18:59:24.131][rocket::server::_][WARN] No 400 catcher registered. Using Rocket default.

[2023-04-01 18:59:24.131][response][INFO] (get_known_device) GET /api/devices/knowndevice => 400 Bad Request

[2023-04-01 18:59:26.797][request][INFO] POST /identity/accounts/prelogin

[2023-04-01 18:59:26.798][response][INFO] (prelogin) POST /identity/accounts/prelogin => 200 OK

[2023-04-01 18:59:26.978][request][INFO] POST /identity/connect/token

[2023-04-01 18:59:27.144][panic][ERROR] thread 'rocket-worker-thread' panicked at 'index out of bounds: the len is 1 but the index is 1': src/mail.rs:595

   0: vaultwarden::init_logging::{{closure}}

   1: std::panicking::rust_panic_with_hook

   2: std::panicking::begin_panic_handler::{{closure}}

   3: std::sys_common::backtrace::__rust_end_short_backtrace

   4: rust_begin_unwind

   5: core::panicking::panic_fmt

   6: core::panicking::panic_bounds_check

   7: vaultwarden::mail::send_email::{{closure}}

   8: vaultwarden::api::identity::_json_err_twofactor::{{closure}}

   9: vaultwarden::api::identity::twofactor_auth::{{closure}}

  10: vaultwarden::api::identity::_password_login::{{closure}}

  11: vaultwarden::api::identity::login::{{closure}}

  12: vaultwarden::api::identity::login::into_info::monomorphized_function::{{closure}}

  13: rocket::server::<impl rocket::rocket::Rocket<rocket::phase::Orbit>>::route::{{closure}}

  14: rocket::server::hyper_service_fn::{{closure}}::{{closure}}

  15: tokio::loom::std::unsafe_cell::UnsafeCell<T>::with_mut

  16: tokio::runtime::task::core::Core<T,S>::poll

  17: tokio::runtime::task::harness::Harness<T,S>::poll

  18: tokio::runtime::scheduler::multi_thread::worker::Context::run_task

  19: tokio::runtime::scheduler::multi_thread::worker::Context::run

  20: tokio::macros::scoped_tls::ScopedKey<T>::set

  21: tokio::runtime::scheduler::multi_thread::worker::run

  22: tokio::loom::std::unsafe_cell::UnsafeCell<T>::with_mut

  23: tokio::runtime::task::core::Core<T,S>::poll

  24: tokio::runtime::task::harness::Harness<T,S>::poll

  25: tokio::runtime::blocking::pool::Inner::run

  26: std::sys_common::backtrace::__rust_begin_short_backtrace

  27: core::ops::function::FnOnce::call_once{{vtable.shim}}

  28: std::sys::unix::thread::Thread::new::thread_start

  29: start_thread

  30: clone

[2023-04-01 18:59:27.149][rocket::server::_][ERROR] Handler login panicked.

[2023-04-01 18:59:27.149][rocket::server::_][WARN] A panic is treated as an internal server error.

[2023-04-01 18:59:27.149][rocket::server::_][WARN] No 500 catcher registered. Using Rocket default.

[2023-04-01 18:59:27.149][response][INFO] (login) POST /identity/connect/token => 500 Internal Server Error`

the config:

  "domain": "https://vaultwarden.myawesomedomain.com/",
  "sends_allowed": false,
  "incomplete_2fa_time_limit": 3,
  "disable_icon_download": false,
  "signups_allowed": false,
  "signups_verify": true,
  "signups_verify_resend_time": 3600,
  "signups_verify_resend_limit": 6,
  "invitations_allowed": false,
  "emergency_access_allowed": true,
  "password_iterations": 1000000,
  "password_hints_allowed": true,
  "show_password_hint": false,
  "admin_token": "[REDACTED]",
  "invitation_org_name": "vaultwarden",
  "ip_header": "X-Real-IP",
  "icon_redirect_code": 302,
  "icon_cache_ttl": 2592000,
  "icon_cache_negttl": 259200,
  "icon_download_timeout": 10,
  "icon_blacklist_non_global_ips": true,
  "disable_2fa_remember": false,
  "authenticator_disable_time_drift": false,
  "require_device_email": false,
  "reload_templates": false,
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "_enable_yubico": true,
  "_enable_duo": false,
  "_enable_smtp": true,
  "smtp_host": "smtp.gmail.com",
  "smtp_security": "starttls",
  "smtp_port": 587,
  "smtp_from": "noreply@vaultwarden.com",
  "smtp_from_name": "vaultwarden",
  "smtp_username": "[REDACTED]",
  "smtp_password": "[REDACTED]",
  "smtp_timeout": 15,
  "smtp_embed_images": true,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "_enable_email_2fa": true,
  "email_token_size": 6,
  "email_expiration_time": 200,
  "email_attempts_limit": 3
}

If you need more information feel free to ask. I do have backups as I should, it is just annoying that I don't know what the cause is.

@sebasdt commented on GitHub: Sorry to reopen the issue, So in the meantime I was able to load page but forgot to check I could login.. here is the log that is in the portainer logs: ``` `/--------------------------------------------------------------------\ | Starting Vaultwarden | | Version 1.28.0 | |--------------------------------------------------------------------| | This is an *unofficial* Bitwarden implementation, DO NOT use the | | official channels to report bugs/features, regardless of client. | | Send usage/configuration questions or feature requests to: | | https://github.com/dani-garcia/vaultwarden/discussions or | | https://vaultwarden.discourse.group/ | | Report suspected bugs/issues in the software itself at: | | https://github.com/dani-garcia/vaultwarden/issues/new | \--------------------------------------------------------------------/ [2023-04-01 18:59:00.634][start][INFO] Rocket has launched from http://0.0.0.0:80 [2023-04-01 18:59:24.131][request][INFO] GET /api/devices/knowndevice [2023-04-01 18:59:24.131][vaultwarden::api::core::accounts::_][WARN] Request guard `KnownDevice` failed: "X-Request-Email value failed to decode as base64url". [2023-04-01 18:59:24.131][rocket::server::_][WARN] No 400 catcher registered. Using Rocket default. [2023-04-01 18:59:24.131][response][INFO] (get_known_device) GET /api/devices/knowndevice => 400 Bad Request [2023-04-01 18:59:26.797][request][INFO] POST /identity/accounts/prelogin [2023-04-01 18:59:26.798][response][INFO] (prelogin) POST /identity/accounts/prelogin => 200 OK [2023-04-01 18:59:26.978][request][INFO] POST /identity/connect/token [2023-04-01 18:59:27.144][panic][ERROR] thread 'rocket-worker-thread' panicked at 'index out of bounds: the len is 1 but the index is 1': src/mail.rs:595 0: vaultwarden::init_logging::{{closure}} 1: std::panicking::rust_panic_with_hook 2: std::panicking::begin_panic_handler::{{closure}} 3: std::sys_common::backtrace::__rust_end_short_backtrace 4: rust_begin_unwind 5: core::panicking::panic_fmt 6: core::panicking::panic_bounds_check 7: vaultwarden::mail::send_email::{{closure}} 8: vaultwarden::api::identity::_json_err_twofactor::{{closure}} 9: vaultwarden::api::identity::twofactor_auth::{{closure}} 10: vaultwarden::api::identity::_password_login::{{closure}} 11: vaultwarden::api::identity::login::{{closure}} 12: vaultwarden::api::identity::login::into_info::monomorphized_function::{{closure}} 13: rocket::server::<impl rocket::rocket::Rocket<rocket::phase::Orbit>>::route::{{closure}} 14: rocket::server::hyper_service_fn::{{closure}}::{{closure}} 15: tokio::loom::std::unsafe_cell::UnsafeCell<T>::with_mut 16: tokio::runtime::task::core::Core<T,S>::poll 17: tokio::runtime::task::harness::Harness<T,S>::poll 18: tokio::runtime::scheduler::multi_thread::worker::Context::run_task 19: tokio::runtime::scheduler::multi_thread::worker::Context::run 20: tokio::macros::scoped_tls::ScopedKey<T>::set 21: tokio::runtime::scheduler::multi_thread::worker::run 22: tokio::loom::std::unsafe_cell::UnsafeCell<T>::with_mut 23: tokio::runtime::task::core::Core<T,S>::poll 24: tokio::runtime::task::harness::Harness<T,S>::poll 25: tokio::runtime::blocking::pool::Inner::run 26: std::sys_common::backtrace::__rust_begin_short_backtrace 27: core::ops::function::FnOnce::call_once{{vtable.shim}} 28: std::sys::unix::thread::Thread::new::thread_start 29: start_thread 30: clone [2023-04-01 18:59:27.149][rocket::server::_][ERROR] Handler login panicked. [2023-04-01 18:59:27.149][rocket::server::_][WARN] A panic is treated as an internal server error. [2023-04-01 18:59:27.149][rocket::server::_][WARN] No 500 catcher registered. Using Rocket default. [2023-04-01 18:59:27.149][response][INFO] (login) POST /identity/connect/token => 500 Internal Server Error` ``` the config: ```{ "domain": "https://vaultwarden.myawesomedomain.com/", "sends_allowed": false, "incomplete_2fa_time_limit": 3, "disable_icon_download": false, "signups_allowed": false, "signups_verify": true, "signups_verify_resend_time": 3600, "signups_verify_resend_limit": 6, "invitations_allowed": false, "emergency_access_allowed": true, "password_iterations": 1000000, "password_hints_allowed": true, "show_password_hint": false, "admin_token": "[REDACTED]", "invitation_org_name": "vaultwarden", "ip_header": "X-Real-IP", "icon_redirect_code": 302, "icon_cache_ttl": 2592000, "icon_cache_negttl": 259200, "icon_download_timeout": 10, "icon_blacklist_non_global_ips": true, "disable_2fa_remember": false, "authenticator_disable_time_drift": false, "require_device_email": false, "reload_templates": false, "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "_enable_yubico": true, "_enable_duo": false, "_enable_smtp": true, "smtp_host": "smtp.gmail.com", "smtp_security": "starttls", "smtp_port": 587, "smtp_from": "noreply@vaultwarden.com", "smtp_from_name": "vaultwarden", "smtp_username": "[REDACTED]", "smtp_password": "[REDACTED]", "smtp_timeout": 15, "smtp_embed_images": true, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "_enable_email_2fa": true, "email_token_size": 6, "email_expiration_time": 200, "email_attempts_limit": 3 } ``` If you need more information feel free to ask. I do have backups as I should, it is just annoying that I don't know what the cause is. 

OVERLORD commented 2025-10-09 16:54:34 +03:00

Author

Owner

Copy Link

@stefan0xC commented on GitHub:

Okay, but Just to make sure. Have you also checked in data/config.json?
You could set LOG_LEVEL=debug to see what paths vaultwarden is setting up.

@stefan0xC commented on GitHub: Okay, but Just to make sure. Have you also checked in `data/config.json`? You could set `LOG_LEVEL=debug` to see what paths vaultwarden is setting up.

OVERLORD commented 2025-10-09 16:54:35 +03:00

Author

Owner

Copy Link

@sebasdt commented on GitHub:

Sorry for me being in such a panic state. hehe
It was just the mail that was bugged out and wouldn't send a 2fa. so I accidentally added one letter to the SMTP password..

and SO Im happily reporting I have access again to my vault.

@sebasdt commented on GitHub: Sorry for me being in such a panic state. hehe It was just the mail that was bugged out and wouldn't send a 2fa. so I accidentally added one letter to the SMTP password.. and SO Im happily reporting I have access again to my vault.

OVERLORD referenced this issue 2025-10-09 18:26:48 +03:00

[PR #866] [CLOSED] Allow disabling attachment uploading #3616

OVERLORD referenced this issue 2025-10-09 18:26:52 +03:00

[PR #866] Allow disabling attachment uploading #3620

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

test_dylint

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

better for forum

bug

bug

bug

documentation

duplicate

enhancement

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

SSO

Third party

troubleshooting

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#865