Vaultwarden and 2FA/webauthn


I use DietPi and installed Vaultwarden through dietpi-software. Runs smoothly. Now I wanted to use Vaultwarden’s webauthn feature. But when trying to active it, vaultwarden displays an error “domain variable not set”.

I looked for a solution and found this article:

But how does that relate to DietpI installed by dietpi-software? What do I have to do?

I own a domain if that is of use?!

Going off the solution you listed, your domain needs to added to the vaultwarden config file.
Since you’ve installed though dietpi-software, you can modify the vaultwarden.env from in /mnt/dietpi_userdata/vaultwarden

The line you need to uncomment called DOMAIN= & add you domain next to it. Restart, & it should work.
A verified certificate from Let’s Encrypt should be used as well.

Oh thank you very much for that hint. :slight_smile: I didn’t know that file.

Can ‘domain’ also be a local IP like domain= Because that’s how I access vaultwarden, it’s runs locally.

I imported the locally signed HTTPS certificate to my browser, so it doesnt show a warning.

How can I add a Let’s Encrypt certificate to my local vaultwarden??

Unfortunately, you cannot have a signed certificate for a local IP address AFAIK.
You’ll need add the LetsEncrypt Cert to you webserver config file for the vaultwarden website/reverse proxy.
The Vaultwarden docs have a bunch of reverse proxy examples you can use.

Finally for the ‘domain’ part, a local IP address method is the default way to access, adding it to domain won’t help unfortunately.

is there a plan to access Vaultwarden from outside of your network? if not, what is the purpose of having 2FA activated?