Upgrading Vaultwarden from 2.20.3 to v2022.10.0

Creating a bug report/issue

When I manually upgrade via the re-install method:
dietpi-software reinstall 183
I lose connectivity to vaultwarden
I restore a system backup to get access to my vault.
Please can you advise how to upgrade to the latest version of vaultwarden - obviously I don’t want to loose my vault hence the backup and restore
Recently dietpi-upgraded to 8.10.2 which prompted me to upgrade vaultwarden - however I am not keen on loosing access to my vault, hence I am reaching out for advice.
After the dietpi-software reinstall 183 I lost connectivity to my vault and tried several repboots - and the only recourse was to restore my last backup (which I made before the reinstall, thanks to the dietpi prompt!)
Am I missing something in the upgrade process?

Required Information

  • DietPi version | cat /boot/dietpi/.version
    G_DIETPI_VERSION_CORE=8
    G_DIETPI_VERSION_SUB=10
    G_DIETPI_VERSION_RC=2
    G_GITBRANCH=‘master’
    G_GITOWNER=‘MichaIng’
  • Distro version | echo $G_DISTRO_NAME $G_RASPBIAN
    buster
  • Kernel version | uname -a
    Linux DietPi 4.19.0-22-amd64 #1 SMP Debian 4.19.260-1 (2022-09-29) x86_64 GNU/Linux
  • SBC model | echo $G_HW_MODEL_NAME or (EG: RPi3)
    Native PC (x86_64)
  • Power supply used | (EG: 5V 1A RAVpower)
    OEM Dell Wyse 19V 1.6A
  • SD card used | (EG: SanDisk ultra)
    NA installed on SSD (SATA)

Additional Information (if applicable)

  • Software title | (EG: Nextcloud)
    Vaultwarden
  • Was the software title installed freshly or updated/migrated?
    updated
  • Can this issue be replicated on a fresh installation of DietPi?
    I have not tried it
    ← If you sent a “dietpi-bugreport”, please paste the ID here →
  • Bug report ID | echo $G_HW_UUID
    Na

Steps to reproduce

  1. vaultwarden running (2.20.3) prior to upgrade
  2. initiate upgrade via ‘dietpi-software reinstall 183’
  3. Unable to connect to vault (confirmed running via htop - both before and after reboot)

Expected behaviour

  • should be able to connect to vualt

Actual behaviour

  • Vault not accessible via browser or browser extension/Android app sync

Extra details

  • I may have missed an earlier vaultwarden upgrade for the same reason - not able to connect after ‘dietpi-software reinstall 183’ hence reverted to avoid loss of access to vault.

Any guidance would be appreciated

Also here is the output of: ‘cat syslog | grep vaultwarden’

Oct 30 21:39:08 DietPi systemd[1]: Stopping vaultwarden Server (Rust Edition)...
Oct 30 21:39:08 DietPi systemd[1]: vaultwarden.service: Main process exited, code=killed, status=15/TERM
Oct 30 21:39:08 DietPi systemd[1]: vaultwarden.service: Succeeded.
Oct 30 21:39:08 DietPi systemd[1]: Stopped vaultwarden Server (Rust Edition).
Oct 30 21:41:31 DietPi systemd[1]: Started vaultwarden Server (Rust Edition).
Oct 30 21:41:31 DietPi vaultwarden[4671]: /--------------------------------------------------------------------\
Oct 30 21:41:31 DietPi vaultwarden[4671]: |                        Starting Vaultwarden                        |
Oct 30 21:41:31 DietPi vaultwarden[4671]: |--------------------------------------------------------------------|
Oct 30 21:41:31 DietPi vaultwarden[4671]: | This is an *unofficial* Bitwarden implementation, DO NOT use the   |
Oct 30 21:41:31 DietPi vaultwarden[4671]: | official channels to report bugs/features, regardless of client.   |
Oct 30 21:41:31 DietPi vaultwarden[4671]: | Send usage/configuration questions or feature requests to:         |
Oct 30 21:41:31 DietPi vaultwarden[4671]: |   https://bitwardenrs.discourse.group/                             |
Oct 30 21:41:31 DietPi vaultwarden[4671]: | Report suspected bugs/issues in the software itself at:            |
Oct 30 21:41:31 DietPi vaultwarden[4671]: |   https://github.com/dani-garcia/vaultwarden/issues/new            |
Oct 30 21:41:31 DietPi vaultwarden[4671]: \--------------------------------------------------------------------/
Oct 30 21:41:31 DietPi vaultwarden[4671]: [INFO] No .env file found.
Oct 30 21:41:32 DietPi vaultwarden[4671]: [2022-10-30 21:41:32.128][start][INFO] Rocket has launched from https://0.0.0.0:8001
Oct 30 21:42:02 DietPi systemd[1]: Stopping vaultwarden Server (Rust Edition)...
Oct 30 21:42:02 DietPi systemd[1]: vaultwarden.service: Main process exited, code=killed, status=15/TERM
Oct 30 21:42:02 DietPi systemd[1]: vaultwarden.service: Succeeded.
Oct 30 21:42:02 DietPi systemd[1]: Stopped vaultwarden Server (Rust Edition).
Oct 30 21:43:40 DietPi systemd[1]: Started vaultwarden (DietPi).
Oct 30 21:43:41 DietPi vaultwarden[6977]: /--------------------------------------------------------------------\
Oct 30 21:43:41 DietPi vaultwarden[6977]: |                        Starting Vaultwarden                        |
Oct 30 21:43:41 DietPi vaultwarden[6977]: |--------------------------------------------------------------------|
Oct 30 21:43:41 DietPi vaultwarden[6977]: | This is an *unofficial* Bitwarden implementation, DO NOT use the   |
Oct 30 21:43:41 DietPi vaultwarden[6977]: | official channels to report bugs/features, regardless of client.   |
Oct 30 21:43:41 DietPi vaultwarden[6977]: | Send usage/configuration questions or feature requests to:         |
Oct 30 21:43:41 DietPi vaultwarden[6977]: |   https://vaultwarden.discourse.group/                             |
Oct 30 21:43:41 DietPi vaultwarden[6977]: | Report suspected bugs/issues in the software itself at:            |
Oct 30 21:43:41 DietPi vaultwarden[6977]: |   https://github.com/dani-garcia/vaultwarden/issues/new            |
Oct 30 21:43:41 DietPi vaultwarden[6977]: \--------------------------------------------------------------------/
Oct 30 21:43:41 DietPi vaultwarden[6977]: [INFO] No .env file found.
Oct 30 21:43:41 DietPi systemd[1]: Stopping vaultwarden (DietPi)...
Oct 30 21:43:41 DietPi systemd[1]: vaultwarden.service: Main process exited, code=killed, status=15/TERM
Oct 30 21:43:41 DietPi systemd[1]: vaultwarden.service: Succeeded.
Oct 30 21:43:41 DietPi systemd[1]: Stopped vaultwarden (DietPi).
Oct 30 21:44:07 DietPi systemd[1]: Started vaultwarden (DietPi).
Oct 30 21:44:07 DietPi vaultwarden[8110]: /--------------------------------------------------------------------\
Oct 30 21:44:07 DietPi vaultwarden[8110]: |                        Starting Vaultwarden                        |
Oct 30 21:44:07 DietPi vaultwarden[8110]: |--------------------------------------------------------------------|
Oct 30 21:44:07 DietPi vaultwarden[8110]: | This is an *unofficial* Bitwarden implementation, DO NOT use the   |
Oct 30 21:44:07 DietPi vaultwarden[8110]: | official channels to report bugs/features, regardless of client.   |
Oct 30 21:44:07 DietPi vaultwarden[8110]: | Send usage/configuration questions or feature requests to:         |
Oct 30 21:44:07 DietPi vaultwarden[8110]: |   https://vaultwarden.discourse.group/                             |
Oct 30 21:44:07 DietPi vaultwarden[8110]: | Report suspected bugs/issues in the software itself at:            |
Oct 30 21:44:07 DietPi vaultwarden[8110]: |   https://github.com/dani-garcia/vaultwarden/issues/new            |
Oct 30 21:44:07 DietPi vaultwarden[8110]: \--------------------------------------------------------------------/
Oct 30 21:44:07 DietPi vaultwarden[8110]: [INFO] No .env file found.
Oct 30 21:44:08 DietPi vaultwarden[8110]: [2022-10-30 21:44:08.101][vaultwarden][INFO] Public key created correctly.
Oct 30 21:44:08 DietPi vaultwarden[8110]: Running migration 20210430233251
Oct 30 21:44:08 DietPi vaultwarden[8110]: Running migration 20210511205202
Oct 30 21:44:08 DietPi vaultwarden[8110]: Running migration 20210701203140
Oct 30 21:44:08 DietPi vaultwarden[8110]: Running migration 20210830193501
Oct 30 21:44:08 DietPi vaultwarden[8110]: Running migration 20211024164321
Oct 30 21:44:08 DietPi vaultwarden[8110]: Running migration 20220117234911
Oct 30 21:44:08 DietPi vaultwarden[8110]: Running migration 20220302210038
Oct 30 21:44:08 DietPi vaultwarden[8110]: [2022-10-30 21:44:08.506][_][WARN] Detected TLS-enabled liftoff without enabling HSTS.
Oct 30 21:44:08 DietPi vaultwarden[8110]: [2022-10-30 21:44:08.506][_][WARN] Shield has enabled a default HSTS policy.
Oct 30 21:44:08 DietPi vaultwarden[8110]: [2022-10-30 21:44:08.507][start][INFO] Rocket has launched from https://127.0.0.1:8001

Welcome to our community. A restore is not needed. There was a change of vaultwarden app in the past to restrict access to localhost only. You would need to adjust LISTEN port on vaultwarden configuration to enable local network access.

Thanks @Joulinar I will look into this - I assume that it is a variable in the config file. I will let you know if I have any trouble tracking it down.

Cheers

Phil

let me know if you are not able to find it. In this case I will spin up a test system to have it checked.

Thanks Joulinar,
I poked around in the vaultwarden.env configuration file and didn’t see a listen setting:

root@DietPi:~# cat /mnt/dietpi_userdata/vaultwarden/vaultwarden.env | grep LISTEN
root@DietPi:~# 

I did try uncommenting the DOMAIN setting and replaced it with my domain but this resulted in vaultwarden not failing when I restarted the service via dietpi-services

and again I hit the oh-no button and restored my backup to get it back to a working state.
I think that it may be a case of doing a backup and getting a clean install of vaultwarden running again then restoring the backup.
but this will be something for when I have the time to do it and make sure I get everything right - losing my vault would be pretty bad - but at least not as bad as my vault falling into the wrong hands.

hehe that would be to easy, isn’t it? :smiley:

Can you ceck following value?

cat /mnt/dietpi_userdata/vaultwarden/vaultwarden.env | grep ROCKET_ADDRESS

Try following to change it

G_CONFIG_INJECT 'ROCKET_ADDRESS=' 'ROCKET_ADDRESS=0.0.0.0' /mnt/dietpi_userdata/vaultwarden/vaultwarden.env

That should have been done automatically. But probably on older vaultwarden versions the related config line looks different than expected. Let’s see.

Thanks @MichaIng and @Joulinar - for the support, sorry I have only just gotten the time to get back to this one. Anyhow it seems that you were correct in that the config ROCKET_ADDRESS didn’t get updated in the upgrade.
The line I had in my config was:

# ROCKET_ADDRESS=0.0.0.0 # Enable this to test mobile app

I tried uncommenting to give:

ROCKET_ADDRESS=0.0.0.0 # Enable this to test mobile app

but checking the logs indicated that the ROCKET_ADDRESS was not in the right format:

Jan 02 00:59:52 DietPi vaultwarden[4155]: Error: Rocket configuration extraction from provider failed.
Jan 02 00:59:52 DietPi vaultwarden[4155]:    >> invalid IP address syntax
Jan 02 00:59:52 DietPi vaultwarden[4155]:    >> for key ADDRESS
Jan 02 00:59:52 DietPi vaultwarden[4155]:    >> in `ROCKET_` environment variable(s)
Jan 02 00:59:52 DietPi vaultwarden[4155]: thread 'main' panicked at 'aborting due to configuration error(s)', /tmp/vaultwarden/.cargo/registry/src/github.com-1ecc6299db9ec823/rocket-0.5.0-rc.2/src/config
/config.rs:293:13
Jan 02 00:59:52 DietPi vaultwarden[4155]: note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Jan 02 00:59:52 DietPi systemd[1]: vaultwarden.service: Main process exited, code=exited, status=101/n/a
Jan 02 00:59:52 DietPi systemd[1]: vaultwarden.service: Failed with result 'exit-code'.

Removing the comment after the IP address solved it:

ROCKET_ADDRESS=0.0.0.0

I am not sure if I added the comment back when I initially set up vaultwarden (back when it was called bitwarden_RS) or if it is a remnant of the older config. Anyhow thanks again for the assistance :+1:

1 Like

Makes sense. Our DEB package is very picky/careful about replacing that setting automatically, i.e. the line must be # ROCKET_ADDRESS=0.0.0.0 without any appendix, to not overwrite changes done intentionally by the admin.

Thanks - now to have a look at upgrading to bullseye, hopefully, it will go smoothly and you will not see me here.