Cannot log in as admin on self hosted site

poldi · June 30, 2023, 12:18pm

I have an existing (Linux) server installation running virtual apache hosts with reverse proxies for the bitwarden ports 8080 and 8443 and have been running my own instance of bitwarden for a few years without any issues.

bitwarden.sh version 2023.5.1
Docker version 24.0.2, build cb74dfc
Docker Compose version v2.3.3

Individual users can get to the site via a browser and the certificat show the correct letsencrypt cert.

Something I haven’t used for a while is the admin function, which now causes some grief as both Chrome and Firefox refuse to connect as the admin user.

The first think I notoced is that the url changes from https://mydomain/#/Login to http://mydomain:8443/Admin resilting in an insecure connection.

Chrome reports (amongst other things)

‘You cannot visit “mydomain” right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.’

This definitely used to work in April this year.
As an aside, when I checked when this last worked, I clicked on an old hypelink in the admin email I received and ended up at https://mydomain/admin/login?error=2

When I entered my admin email and hit continue I received an email and was able to then log in as administrator; guess that’s a workaound for the moment.

poldi · January 8, 2024, 7:34am

It’s been a while and issue is still there .
I’m guessing it may be related the the proxy, but not really an expert.

To get the the existing letsencrypt certificate (and my other website) to play nice to gether I implemented the following, which worked fine until I first reported this issue.
Fortunately I don’t have to add/remove anu users
The following works for all clients without any issue, but has issues with all browsers

<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin [email protected]

                ServerName bitwarden.mydom.com
                ServerAlias bitwarden.mydom.com

                ErrorLog ${APACHE_LOG_DIR}/bw_error.log
                CustomLog ${APACHE_LOG_DIR}/bw_access.log combined


                ProxyPass / https://bitwarden.mydom.com:8443/
                ProxyPassReverse / https://bitwarded.mydom.com:8443/
                RewriteEngine on

                SSLProxyEngine On
                SSLProxyVerify none
                SSLProxyCheckPeerCN off
                SSLProxyCheckPeerExpire off

        SSLCertificateFile     /etc/letsencrypt/live/mydom.com/fullchain.pem

        SSLCertificateKeyFile          /etc/letsencrypt/live/mydom.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
        </VirtualHost>

</IfModule>

poldi · January 8, 2024, 9:30pm

Just to clarifiy
I can connect to https://bitwarden.mydom.com
bit cannot connct to https://bitwarden.mydom.com/admin