Infinite loading loop with vaultwarden icon from Internet (from local network OK)

Troubleshooting
1

Required Information

  • DietPi version :
    G_DIETPI_VERSION_CORE=8
    G_DIETPI_VERSION_SUB=22
    G_DIETPI_VERSION_RC=3
    G_GITBRANCH=‘master’
    G_GITOWNER=‘MichaIng’

  • Distro version : bookworm 0

  • Kernel version : Linux DietPi 6.1.21-v8+ #1642 SMP PREEMPT Mon Apr 3 17:24:16 BST 2023 aarch64 GNU/Linux

  • Architecture : arm64

  • SBC model : RPi 4 Model B (aarch64)

  • SD card used : SSD

Additional Information (if applicable)

  • Software title : Vaultwarden
  • Was the software title installed freshly or updated/migrated? : Freshly
  • Can this issue be replicated on a fresh installation of DietPi? : Yes

Steps to reproduce

  1. Install Vaulwarden software and Nginx: Lightweight webserver
  2. Configure Nginx conf file for vaultwarden and

Expected behaviour

  • Access to Vaultwarden from local network and Internet

Actual behaviour

  • Access to Vaultwarden from local network works but infinite loading loop with vaultwarden icon when access from Internet

Extra details

  • I have a domain name
  • Ports 80 and 443 are redirected to my Diepi machine
  • I generated my certificates with certbot
  • /etc/nginx/sites-dietpi/vaultwarden.conf file looks ok
  • /mnt/dietpi_userdata/vaultwarden/vaultwarden.env looks ok
2

We have a couple of similar topics for lighttpd. But you could use them as starting point. Confused Reverse proxy and vaultwarden - #21 by Joulinar

Of course, proxy settings look different but there are a couple of examples within vaultwarden wiki. Proxy examples · dani-garcia/vaultwarden Wiki · GitHub

3

Hello Joulinar,

Thank you for your response and the time you spend helping us :slight_smile:

I tried with lighttpd instead of nginx but I have exactly the same problem (I followed your first link)

When i try to access to my vaultwarden instannce from outside, i get a infinite loading loop with vaultwarden icon but never get the login page. Bellow a screenshot :

I don’t understand :confused:

image
image400×652 5.9 KB

5

I’ve got this working with lighttpd and a dynDDNS domain. :thinking: Maybe we can get some hints from vaultwarden logs:
journalctl -u vaultwarden.service

6

Hello Jappe,

Thank you for your reply. :slight_smile:
Bellow, the vaultwarden logs :

Oct 10 17:28:39 DietPi systemd[1]: Started vaultwarden.service - vaultwarden (DietPi).
Oct 10 17:28:39 DietPi vaultwarden[3114]: /--------------------------------------------------------------------\
Oct 10 17:28:39 DietPi vaultwarden[3114]: |                        Starting Vaultwarden                        |
Oct 10 17:28:39 DietPi vaultwarden[3114]: |--------------------------------------------------------------------|
Oct 10 17:28:39 DietPi vaultwarden[3114]: | This is an *unofficial* Bitwarden implementation, DO NOT use the   |
Oct 10 17:28:39 DietPi vaultwarden[3114]: | official channels to report bugs/features, regardless of client.   |
Oct 10 17:28:39 DietPi vaultwarden[3114]: | Send usage/configuration questions or feature requests to:         |
Oct 10 17:28:39 DietPi vaultwarden[3114]: |   https://github.com/dani-garcia/vaultwarden/discussions or        |
Oct 10 17:28:39 DietPi vaultwarden[3114]: |   https://vaultwarden.discourse.group/                             |
Oct 10 17:28:39 DietPi vaultwarden[3114]: | Report suspected bugs/issues in the software itself at:            |
Oct 10 17:28:39 DietPi vaultwarden[3114]: |   https://github.com/dani-garcia/vaultwarden/issues/new            |
Oct 10 17:28:39 DietPi vaultwarden[3114]: \--------------------------------------------------------------------/
Oct 10 17:28:39 DietPi vaultwarden[3114]: [2023-10-10 17:28:39.886][start][INFO] Rocket has launched from http://0.0.0.0:8001
Oct 10 17:28:49 DietPi vaultwarden[3114]: [2023-10-10 17:28:49.074][request][INFO] GET /api/config
Oct 10 17:28:49 DietPi vaultwarden[3114]: [2023-10-10 17:28:49.076][response][INFO] (config) GET /api/config => 200 OK
Oct 10 17:28:49 DietPi vaultwarden[3114]: [2023-10-10 17:28:49.097][request][INFO] GET /api/config
Oct 10 17:28:49 DietPi vaultwarden[3114]: [2023-10-10 17:28:49.098][response][INFO] (config) GET /api/config => 200 OK
Oct 10 17:28:56 DietPi vaultwarden[3114]: [2023-10-10 17:28:56.208][request][INFO] GET /api/config
Oct 10 17:28:56 DietPi vaultwarden[3114]: [2023-10-10 17:28:56.209][response][INFO] (config) GET /api/config => 200 OK
Oct 10 17:28:56 DietPi vaultwarden[3114]: [2023-10-10 17:28:56.234][request][INFO] GET /api/config
Oct 10 17:28:56 DietPi vaultwarden[3114]: [2023-10-10 17:28:56.234][response][INFO] (config) GET /api/config => 200 OK
Oct 10 19:00:33 DietPi vaultwarden[3114]: [2023-10-10 19:00:33.704][rocket::response::responder::_][WARN] Response was `None`.
Oct 10 19:00:33 DietPi vaultwarden[3114]: [2023-10-10 19:00:33.705][rocket::server::_][WARN] Responding with registered (not_found) 404 catcher.
Oct 10 22:06:46 DietPi vaultwarden[3114]: [2023-10-10 22:06:46.503][rocket::response::responder::_][WARN] Response was `None`.
Oct 10 22:06:46 DietPi vaultwarden[3114]: [2023-10-10 22:06:46.503][rocket::server::_][WARN] Responding with registered (not_found) 404 catcher.
Oct 11 03:31:56 DietPi vaultwarden[3114]: [2023-10-11 03:31:56.925][rocket::response::responder::_][WARN] Response was `None`.
Oct 11 03:31:56 DietPi vaultwarden[3114]: [2023-10-11 03:31:56.926][rocket::server::_][WARN] Responding with registered (not_found) 404 catcher.
Oct 11 03:31:56 DietPi vaultwarden[3114]: [2023-10-11 03:31:56.970][rocket::response::responder::_][WARN] Response was `None`.
Oct 11 03:31:56 DietPi vaultwarden[3114]: [2023-10-11 03:31:56.970][rocket::server::_][WARN] Responding with registered (not_found) 404 catcher.
Oct 11 03:31:58 DietPi vaultwarden[3114]: [2023-10-11 03:31:58.318][rocket::response::responder::_][WARN] Response was `None`.
Oct 11 03:31:58 DietPi vaultwarden[3114]: [2023-10-11 03:31:58.318][rocket::server::_][WARN] Responding with registered (not_found) 404 catcher.
Oct 11 03:32:29 DietPi vaultwarden[3114]: [2023-10-11 03:32:29.752][rocket::response::responder::_][WARN] Response was `None`.
Oct 11 03:32:29 DietPi vaultwarden[3114]: [2023-10-11 03:32:29.752][rocket::server::_][WARN] Responding with registered (not_found) 404 catcher.
Oct 11 03:32:29 DietPi vaultwarden[3114]: [2023-10-11 03:32:29.838][rocket::response::responder::_][WARN] Response was `None`.
Oct 11 03:32:29 DietPi vaultwarden[3114]: [2023-10-11 03:32:29.839][rocket::server::_][WARN] Responding with registered (not_found) 404 catcher.
Oct 11 03:32:30 DietPi vaultwarden[3114]: [2023-10-11 03:32:30.281][rocket::response::responder::_][WARN] Response was `None`.
Oct 11 03:32:30 DietPi vaultwarden[3114]: [2023-10-11 03:32:30.281][rocket::server::_][WARN] Responding with registered (not_found) 404 catcher.
Oct 11 03:32:56 DietPi vaultwarden[3114]: [2023-10-11 03:32:56.874][rocket::response::responder::_][WARN] Response was `None`.
Oct 11 03:32:56 DietPi vaultwarden[3114]: [2023-10-11 03:32:56.874][rocket::server::_][WARN] Responding with registered (not_found) 404 catcher.
Oct 11 03:32:56 DietPi vaultwarden[3114]: [2023-10-11 03:32:56.930][rocket::response::responder::_][WARN] Response was `None`.
Oct 11 03:32:56 DietPi vaultwarden[3114]: [2023-10-11 03:32:56.930][rocket::server::_][WARN] Responding with registered (not_found) 404 catcher.
Oct 11 03:32:57 DietPi vaultwarden[3114]: [2023-10-11 03:32:57.073][rocket::response::responder::_][WARN] Response was `None`.
Oct 11 03:32:57 DietPi vaultwarden[3114]: [2023-10-11 03:32:57.074][rocket::server::_][WARN] Responding with registered (not_found) 404 catcher.
Oct 11 03:33:33 DietPi vaultwarden[3114]: [2023-10-11 03:33:33.526][rocket::response::responder::_][WARN] Response was `None`.
Oct 11 03:33:33 DietPi vaultwarden[3114]: [2023-10-11 03:33:33.529][rocket::server::_][WARN] Responding with registered (not_found) 404 catcher.
Oct 11 03:33:33 DietPi vaultwarden[3114]: [2023-10-11 03:33:33.536][rocket::response::responder::_][WARN] Response was `None`.
Oct 11 03:33:33 DietPi vaultwarden[3114]: [2023-10-11 03:33:33.536][rocket::server::_][WARN] Responding with registered (not_found) 404 catcher.
Oct 11 03:33:35 DietPi vaultwarden[3114]: [2023-10-11 03:33:35.687][rocket::response::responder::_][WARN] Response was `None`.
Oct 11 03:33:35 DietPi vaultwarden[3114]: [2023-10-11 03:33:35.689][rocket::server::_][WARN] Responding with registered (not_found) 404 catcher.
Oct 11 03:34:12 DietPi vaultwarden[3114]: [2023-10-11 03:34:12.128][rocket::response::responder::_][WARN] Response was `None`.
Oct 11 03:34:12 DietPi vaultwarden[3114]: [2023-10-11 03:34:12.128][rocket::server::_][WARN] Responding with registered (not_found) 404 catcher.
Oct 11 03:34:12 DietPi vaultwarden[3114]: [2023-10-11 03:34:12.190][rocket::response::responder::_][WARN] Response was `None`.
Oct 11 03:34:12 DietPi vaultwarden[3114]: [2023-10-11 03:34:12.190][rocket::server::_][WARN] Responding with registered (not_found) 404 catcher.
Oct 11 03:34:12 DietPi vaultwarden[3114]: [2023-10-11 03:34:12.223][rocket::response::responder::_][WARN] Response was `None`.
Oct 11 03:34:12 DietPi vaultwarden[3114]: [2023-10-11 03:34:12.224][rocket::server::_][WARN] Responding with registered (not_found) 404 catcher.
Oct 11 04:04:34 DietPi vaultwarden[3114]: [2023-10-11 04:04:34.426][rocket::response::responder::_][WARN] Response was `None`.
Oct 11 04:04:34 DietPi vaultwarden[3114]: [2023-10-11 04:04:34.426][rocket::server::_][WARN] Responding with registered (not_found) 404 catcher.
Oct 11 04:04:36 DietPi vaultwarden[3114]: [2023-10-11 04:04:36.038][rocket::response::responder::_][WARN] Response was `None`.
Oct 11 04:04:36 DietPi vaultwarden[3114]: [2023-10-11 04:04:36.039][rocket::server::_][WARN] Responding with registered (not_found) 404 catcher.
Oct 11 05:33:09 DietPi vaultwarden[3114]: [2023-10-11 05:33:09.691][rocket::response::responder::_][WARN] Response was `None`.
Oct 11 05:33:09 DietPi vaultwarden[3114]: [2023-10-11 05:33:09.692][rocket::server::_][WARN] Responding with registered (not_found) 404 catcher.
Oct 11 05:33:11 DietPi vaultwarden[3114]: [2023-10-11 05:33:11.283][rocket::response::responder::_][WARN] Response was `None`.
Oct 11 05:33:11 DietPi vaultwarden[3114]: [2023-10-11 05:33:11.283][rocket::server::_][WARN] Responding with registered (not_found) 404 catcher.
7

Hmm my guess is your proxy config is not right.
Can you check your lighttpd error log right after trying access vauktwarden:
cat /var/log/lighttpd/error.log
And please also show us your proxy config (delete your domain and/or other sensitive data before pasting)
cat /etc/lighttpd/conf-enabled/10-proxy.conf
And can you also check with another browser / cleared cache / private tab, to rule out some browser/cache problems?

8

Can you check your lighttpd error log right after trying access vauktwarden:
cat /var/log/lighttpd/error.log

cat /var/log/lighttpd/error.log :

2023-10-10 19:27:22: (mod_openssl.c.3275) SSL: 1 error:0A000102:SSL routines::unsupported protocol (71.6.165.200)
2023-10-10 19:27:23: (connections.c.714) invalid request-line -> sending Status 400 (71.6.165.200)
2023-10-10 19:27:23: (connections.c.714) invalid request-line -> sending Status 400 (71.6.165.200)
2023-10-10 19:27:24: (connections.c.714) invalid request-line -> sending Status 400 (71.6.165.200)
2023-10-10 19:27:25: (connections.c.714) invalid request-line -> sending Status 400 (71.6.165.200)
2023-10-10 19:27:26: (mod_openssl.c.3275) SSL: 1 error:0A0000F5:SSL routines::unexpected record (71.6.165.200)
2023-10-10 19:27:38: (mod_openssl.c.3275) SSL: 1 error:0A0000C1:SSL routines::no shared cipher (71.6.165.200)
2023-10-10 19:27:38: (mod_openssl.c.3275) SSL: 1 error:0A0000C1:SSL routines::no shared cipher (71.6.165.200)
2023-10-10 21:37:11: (mod_openssl.c.3275) SSL: 1 error:0A00009C:SSL routines::http request (71.6.134.230)
2023-10-10 22:34:39: (mod_openssl.c.3275) SSL: 1 error:0A00010B:SSL routines::wrong version number (139.59.185.17)
2023-10-10 22:34:43: (mod_openssl.c.3275) SSL: 1 error:0A00010B:SSL routines::wrong version number (206.189.175.167)
2023-10-10 22:38:38: (connections.c.714) unexpected TLS ClientHello on clear port (188.166.73.251)
2023-10-10 22:38:38: (mod_openssl.c.3275) SSL: 1 error:0A00010B:SSL routines::wrong version number (143.110.166.58)
2023-10-10 22:41:17: (mod_openssl.c.3275) SSL: 1 error:0A00010B:SSL routines::wrong version number (165.22.112.178)
2023-10-10 22:41:22: (mod_openssl.c.3275) SSL: 1 error:0A00010B:SSL routines::wrong version number (167.99.181.248)
2023-10-10 22:42:12: (mod_openssl.c.3275) SSL: 1 error:0A00010B:SSL routines::wrong version number (188.166.73.251)
2023-10-10 22:44:41: (mod_openssl.c.3275) SSL: 1 error:0A00010B:SSL routines::wrong version number (206.189.200.102)
2023-10-10 22:47:27: (mod_openssl.c.3275) SSL: 1 error:0A00010B:SSL routines::wrong version number (209.97.133.131)
2023-10-11 00:32:48: (mod_openssl.c.3275) SSL: 1 error:0A00009C:SSL routines::http request (71.6.134.234)
2023-10-11 01:09:22: (mod_openssl.c.3275) SSL: 1 error:0A0000C1:SSL routines::no shared cipher (159.65.17.52)
2023-10-11 01:09:23: (mod_openssl.c.3275) SSL: 1 error:0A000102:SSL routines::unsupported protocol (159.65.17.52)
2023-10-11 01:09:24: (mod_openssl.c.3275) SSL: 1 error:0A0000C1:SSL routines::no shared cipher (159.65.17.52)
2023-10-11 01:09:24: (mod_openssl.c.3275) SSL: 1 error:0A00006C:SSL routines::bad key share (159.65.17.52)
2023-10-11 02:09:55: (mod_openssl.c.3275) SSL: 1 error:0A0000C1:SSL routines::no shared cipher (198.199.94.8)
2023-10-11 02:09:55: (mod_openssl.c.3275) SSL: 1 error:0A000102:SSL routines::unsupported protocol (198.199.94.8)
2023-10-11 02:09:57: (mod_openssl.c.3275) SSL: 1 error:0A0000C1:SSL routines::no shared cipher (198.199.94.8)
2023-10-11 02:09:57: (mod_openssl.c.3275) SSL: 1 error:0A00006C:SSL routines::bad key share (198.199.94.8)
2023-10-11 03:30:45: (connections.c.714) unexpected TLS ClientHello on clear port (172.105.128.11)
2023-10-11 03:33:12: (mod_openssl.c.3275) SSL: 1 error:0A00009C:SSL routines::http request (109.237.98.226)
2023-10-11 04:07:01: (mod_openssl.c.3275) SSL: 1 error:0A0000C1:SSL routines::no shared cipher (212.102.40.218)
2023-10-11 04:07:02: (mod_openssl.c.3275) SSL: 1 error:0A000102:SSL routines::unsupported protocol (212.102.40.218)
2023-10-11 04:07:02: (mod_openssl.c.3275) SSL: 1 error:0A0000C1:SSL routines::no shared cipher (212.102.40.218)
2023-10-11 04:07:03: (mod_openssl.c.3275) SSL: 1 error:0A00006C:SSL routines::bad key share (212.102.40.218)
2023-10-11 04:53:01: (mod_openssl.c.3275) SSL: 1 error:0A000102:SSL routines::unsupported protocol (172.104.238.162)
2023-10-11 05:17:29: (mod_openssl.c.3275) SSL: 1 error:0A000102:SSL routines::unsupported protocol (198.235.24.94)
2023-10-11 05:50:30: (connections.c.714) unexpected TLS ClientHello on clear port (74.82.47.2)
2023-10-11 06:37:17: (connections.c.714) invalid request-line -> sending Status 400 (45.33.39.183)
2023-10-11 06:37:19: (connections.c.714) unexpected TLS ClientHello on clear port (45.33.39.183)
2023-10-11 06:37:20: (connections.c.714) invalid request-line -> sending Status 400 (45.33.39.183)
2023-10-11 06:37:23: (connections.c.714) invalid request-line -> sending Status 400 (45.33.39.183)
2023-10-11 07:22:13: (mod_openssl.c.3275) SSL: 1 error:0A0000C1:SSL routines::no shared cipher (167.248.133.185)
2023-10-11 07:22:14: (mod_openssl.c.3275) SSL: 1 error:0A000102:SSL routines::unsupported protocol (167.248.133.185)
2023-10-11 07:22:14: (mod_openssl.c.3275) SSL: 1 error:0A0000C1:SSL routines::no shared cipher (167.248.133.185)
2023-10-11 07:22:15: (mod_openssl.c.3275) SSL: 1 error:0A00006C:SSL routines::bad key share (167.248.133.185)
2023-10-11 07:50:18: (mod_openssl.c.3275) SSL: 1 error:0A00018C:SSL routines::version too low (64.62.197.167)
2023-10-11 07:51:12: (mod_openssl.c.3275) SSL: 1 error:0A0000C1:SSL routines::no shared cipher (64.62.197.167)
2023-10-11 07:53:19: (mod_openssl.c.3275) SSL: 1 error:0A0000C1:SSL routines::no shared cipher (64.62.197.171)
2023-10-11 07:53:20: (mod_openssl.c.3275) SSL: 1 error:0A000102:SSL routines::unsupported protocol (64.62.197.167)
2023-10-11 07:53:21: (mod_openssl.c.3275) SSL: 1 error:0A0000C1:SSL routines::no shared cipher (64.62.197.173)
2023-10-11 07:53:21: (mod_openssl.c.3275) SSL: 1 error:0A00006C:SSL routines::bad key share (64.62.197.171)
2023-10-11 07:56:35: (mod_openssl.c.3275) SSL: 1 error:0A00010B:SSL routines::wrong version number (3.10.205.189)

And please also show us your proxy config (delete your domain and/or other sensitive data before pasting) cat /etc/lighttpd/conf-enabled/10-proxy.conf

cat /etc/lighttpd/conf-enabled/10-proxy.conf :

# /usr/share/doc/lighttpd/proxy.txt

server.modules   += ( "mod_proxy" )

## Balance algorithm, possible values are: "hash", "round-robin" or "fair" (default)
# proxy.balance     = "hash"


## Redirect all queries to files ending with ".php" to 192.168.0.101:80
#proxy.server     = ( ".php" =>
#                     (
#                       ( "host" => "192.168.0.101",
#                         "port" => 80
#                       )
#                     )
#                    )

## Redirect all connections on www.example.com to 10.0.0.1{0,1,2,3}
#$HTTP["host"] == "www.example.com" {
#  proxy.balance = "hash"
#  proxy.server  = ( "" => ( ( "host" => "10.0.0.10" ),
#                            ( "host" => "10.0.0.11" ),
#                            ( "host" => "10.0.0.12" ),
#                            ( "host" => "10.0.0.13" ) ) )
#}

$HTTP["host"] == "sub.mydomain.tld" {
    $HTTP["url"] == "/notifications/hub" {
       # WebSocket proxy
       proxy.server  = ( "" => ("vaultwarden" => ( "host" => "127.0.0.1", "port" => 3012 )))
       proxy.forwarded = ( "for" => 1 )
       proxy.header = (
           "upgrade" => "enable",
           "connect" => "enable"
       )
    } else {
       proxy.server  = ( "" => ("vaultwarden" => ( "host" => "127.0.0.1", "port" => 8001 )))
       proxy.forwarded = ( "for" => 1 )
    }
}

I tried with Chrome, I have the problem with or without private browsing and cleaning the cache. Exactly the same behavior with Firefox

9

You’re accessing it diretly via https://your.domain.net and not with a subpath like https://your.domain.net/vault/ right?

But my guess is your SSL config is not right. Lighttpd throws a lot of errors because of SSL, but this is out of my scope.
Maybe somebody else can help or you can ask directly n vaultwarden github:
https://github.com/dani-garcia/vaultwarden/issues

10

You’re accessing it diretly via https://your.domain.net and not with a subpath like https://your.domain.net/vault/ right?

Yes indeed, directly via https://your.domain.net. I generated my SSL certificate via certbot only on your.domain.net with redirect http to https. It’s correct ?

Also, in my /mnt/dietpi_userdata/vaultwarden/vaultwarden.env file, i set DOMAIN=https://your.domain.net

11

how does it behave if you remove the Domain setting?

Just tested on a demo system without issues

12

Hello Joulinar,

how does it behave if you remove the Domain setting?

I comented the line DOMAIN and restart vaultwarden service but exactly the same behavior :confused:

13

quite strange, do you have other config files changed as well? Or added another proxy config?

You can have a look for other web server configurations on official Vaultwarden wiki Proxy examples · dani-garcia/vaultwarden Wiki · GitHub

14

I’ll reinstall DietPi on my Raspberry Pi 4 from scratch and I’ll keep you up-to-date :crossed_fingers:

15

I would recommend using Nginx as a web server as it offers more options and is more suitable as Reverse Proxy.