Websocket connection errors #1885

New Issue

MrUnknownDE · 2026-04-06T02:35:23+02:00

MrUnknownDE commented

2026-04-06 02:35:23 +02:00

Originally created by @super-ben on 12/2/2022

Subject of the issue

Can't seem to make the reverse proxy serve websocket connections, no matter the seemingly correct parameters.

Deployment environment

Your environment (Generated via diagnostics page)

Vaultwarden version: v1.26.0
Web-vault version: v2022.10.0
Running within Docker: true (Base: Debian)
Environment settings overridden: true
Uses a reverse proxy: true
IP Header check: true (X-Real-IP)
Internet access: true
Internet access via a proxy: false
DNS Check: true
Time Check: true
Domain Configuration Check: true
HTTPS Check: true
Database type: SQLite
Database version: 3.35.4
Clients used:
Reverse proxy and version:
Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden: DOMAIN, SIGNUPS_ALLOWED, ADMIN_TOKEN, SMTP_HOST, SMTP_SECURITY, SMTP_PORT, SMTP_FROM, SMTP_USERNAME, SMTP_PASSWORD

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "****/**.*******",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://******.***********.**",
  "domain_origin": "*****://******.***********.**",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 5 * * * *",
  "emergency_request_timeout_schedule": "0 5 * * * *",
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "password_hints_allowed": true,
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": true,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_explicit_tls": null,
  "smtp_from": "********@*****.***",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "****.*****.***",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": true,
  "smtp_timeout": 15,
  "smtp_username": "********@*****.***",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Install method: docker-compose
Clients used:
Reverse proxy and version: nginx/1.18.0
MySQL/MariaDB or PostgreSQL version:
Other relevant details: the relevant parts of my current reverse proxy configuration (only the certs and log sections are missing)(also, I'm using one of the example from the wiki)

upstream vaultwarden-default {
  zone vaultwarden-default 64k;
  server 127.0.0.1:8084;
  keepalive 2;
}
upstream vaultwarden-ws {
  zone vaultwarden-ws 64k;
  server 127.0.0.1:3012;
  keepalive 2;
}

server {
    listen 80;
    listen [::]:80;
    server_name warden.domain.tld;
    return 301 https://$host$request_uri;
}

server {
    listen [::]:443 ssl http2; # managed by Certbot
    listen 443 ssl http2;
    server_name warden.domain.tld;

    proxy_read_timeout 720s;
    proxy_connect_timeout 720s;
    proxy_send_timeout 720s;

    client_max_body_size 128m;

    location / {
      proxy_http_version 1.1;
      proxy_set_header "Connection" "";

      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_pass http://vaultwarden-default;
    }

    location /notifications/hub/negotiate {
      proxy_http_version 1.1;
      proxy_set_header "Connection" "";

      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_pass http://vaultwarden-default;
    }

    location /notifications/hub {
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";

      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Forwarded $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_pass http://vaultwarden-ws;
    }
	
}

My docker-compose.yml:

version: '3.9'
services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    volumes:
      - ./vw-data/:/data/
    env_file: ./.env
    environment:
      - ADMIN_TOKEN=${ADMIN_TOKEN}
      - WEBSOCKET_ENABLED=${WEBSOCKET_ENABLED}
      - SIGNUPS_ALLOWED=${SIGNUPS_ALLOWED}
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_FROM=${SMTP_FROM}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_SSL=${SMTP_SSL}
      - SMTP_USERNAME=${SMTP_USERNAME}
      - SMTP_PASSWORD=${SMTP_PASSWORD}
      - DOMAIN=${DOMAIN}
    ports:
      - 8084:80
    restart: always

My .env file:

ADMIN_TOKEN=MyAdminToken
WEBSOCKET_ENABLED=true
SIGNUPS_ALLOWED=false
SMTP_HOST=smtp.gmail.com 
SMTP_FROM=xxxx@gmail.com
SMTP_PORT=587
SMTP_SSL=true
SMTP_SECURITY=starttls
SMTP_USERNAME=xxxx@gmail.com
SMTP_PASSWORD=apppassword
DOMAIN=https://warden.domain.tld

Steps to reproduce

I simply started using Vaultwarden today and noticed the errors in the logs (will provide examples later)

Expected behaviour

Working websocket connections. :)

Actual behaviour

I see 502 errors in every logs, for example, the nginx error log:

2022/12/02 21:56:50 [error] 863114#863114: *59307 connect() failed (111: Unknown error) while connecting to upstream, client: myip, server: warden.domain.tld, request: "GET /notifications/hub?access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJuYmYiOjE2NzAwMTMxNTUsImV4cCI6MTY3MDAyMDM1NSwiaXNzIjoiaHR0cHM6Ly93YXJkZW4ubXVoZWx5c3pvYmEuaHV8bG9naW4iLCJzdWIiOiI2Y2I3MDAwOC01MzYwLTQ0OGYtYjA2NC0xMTczZjFjODg0MjEiLCJwcmVtaXVtIjp0cnVlLCJuYW1lIjoiQmVuY2UgQmFnaSIsImVtYWlsIjoiYmVuY2VAbXVoZWx5c3pvYmEuaHUiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwib3Jnb3duZXIiOltdLCJvcmdhZG1pbiI6W10sIm9yZ3VzZXIiOltdLCJvcmdtYW5hZ2VyIjpbXSwic3N0YW1wIjoiODI0NTcwMmMtOWFlYS00MWIwLWEyMjItMTlkOWU0Yzc2MzM0IiwiZGV2aWNlIjoiN2QxYzk5NmItNWJmMi00NzA4LWJiYmUtMTZkOWY3YTQ4YmQ3Iiwic2NvcGUiOlsiYXBpIiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbIkFwcGxpY2F0aW9uIl19.fvtjqFcn2VQy5-iojep0tOFYEYV7iT8vx7c0z8hRC-cUTbgJTv9KESg0FeydfYxiClOHL961jOWLF5fOdbHcEnRPEI9HewSOd_5Nh8-uN4q5TOIP8T-3j46RBPe076IBQ2FSa55XtFy6CXW-FLlN4hgqs7cohzSSIXCsmMFndCnEp7iAVCj1EcGMUEjQqaPcZSxwvUgYuyZNOCaXCIMJimmM0Q7LGUXIpswj9CdgHZjn8f7fjpoUrcjc-aGJRJImv1BTDbCNRlpOThQyVECHkKLPleS1plxhdgJviSEODbsDzRc3TqF_WYrOHx1fjycdrtvi3DWis2Fm33D0YDs6Dg HTTP/1.1", upstream: "http://127.0.0.1:3012/notifications/hub?access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJuYmYiOjE2NzAwMTMxNTUsImV4cCI6MTY3MDAyMDM1NSwiaXNzIjoiaHR0cHM6Ly93YXJkZW4ubXVoZWx5c3pvYmEuaHV8bG9naW4iLCJzdWIiOiI2Y2I3MDAwOC01MzYwLTQ0OGYtYjA2NC0xMTczZjFjODg0MjEiLCJwcmVtaXVtIjp0cnVlLCJuYW1lIjoiQmVuY2UgQmFnaSIsImVtYWlsIjoiYmVuY2VAbXVoZWx5c3pvYmEuaHUiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwib3Jnb3duZXIiOltdLCJvcmdhZG1pbiI6W10sIm9yZ3VzZXIiOltdLCJvcmdtYW5hZ2VyIjpbXSwic3N0YW1wIjoiODI0NTcwMmMtOWFlYS00MWIwLWEyMjItMTlkOWU0Yzc2MzM0IiwiZGV2aWNlIjoiN2QxYzk5NmItNWJmMi00NzA4LWJiYmUtMTZkOWY3YTQ4YmQ3Iiwic2NvcGUiOlsiYXBpIiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbIkFwcGxpY2F0aW9uIl19.fvtjqFcn2VQy5-iojep0tOFYEYV7iT8vx7c0z8hRC-cUTbgJTv9KESg0FeydfYxiClOHL961jOWLF5fOdbHcEnRPEI9HewSOd_5Nh8-uN4q5TOIP8T-3j46RBPe076IBQ2FSa55XtFy6CXW-FLlN4hgqs7cohzSSIXCsmMFndCnEp7iAVCj1EcGMUEjQqaPcZSxwvUgYuyZNOCaXCIMJimmM

In the access log:

myip - - [02/Dec/2022:21:56:42 +0100] "GET /notifications/hub HTTP/2.0" 502 166 "-" "Mozilla/5.0 (Windows NT 10.0; rv:107.0) Gecko/20100101 Firefox/107.0"
myip - - [02/Dec/2022:21:56:50 +0100] "GET /notifications/hub?access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJuYmYiOjE2NzAwMTMxNTUsImV4cCI6MTY3MDAyMDM1NSwiaXNzIjoiaHR0cHM6Ly93YXJkZW4ubXVoZWx5c3pvYmEuaHV8bG9naW4iLCJzdWIiOiI2Y2I3MDAwOC01MzYwLTQ0OGYtYjA2NC0xMTczZjFjODg0MjEiLCJwcmVtaXVtIjp0cnVlLCJuYW1lIjoiQmVuY2UgQmFnaSIsImVtYWlsIjoiYmVuY2VAbXVoZWx5c3pvYmEuaHUiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwib3Jnb3duZXIiOltdLCJvcmdhZG1pbiI6W10sIm9yZ3VzZXIiOltdLCJvcmdtYW5hZ2VyIjpbXSwic3N0YW1wIjoiODI0NTcwMmMtOWFlYS00MWIwLWEyMjItMTlkOWU0Yzc2MzM0IiwiZGV2aWNlIjoiN2QxYzk5NmItNWJmMi00NzA4LWJiYmUtMTZkOWY3YTQ4YmQ3Iiwic2NvcGUiOlsiYXBpIiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbIkFwcGxpY2F0aW9uIl19.fvtjqFcn2VQy5-iojep0tOFYEYV7iT8vx7c0z8hRC-cUTbgJTv9KESg0FeydfYxiClOHL961jOWLF5fOdbHcEnRPEI9HewSOd_5Nh8-uN4q5TOIP8T-3j46RBPe076IBQ2FSa55XtFy6CXW-FLlN4hgqs7cohzSSIXCsmMFndCnEp7iAVCj1EcGMUEjQqaPcZSxwvUgYuyZNOCaXCIMJimmM0Q7LGUXIpswj9CdgHZjn8f7fjpoUrcjc-aGJRJImv1BTDbCNRlpOThQyVECHkKLPleS1plxhdgJviSEODbsDzRc3TqF_WYrOHx1fjycdrtvi3DWis2Fm33D0YDs6Dg HTTP/1.1" 502 166 "-" "Mozilla/5.0 (Windows NT 10.0; rv:107.0) Gecko/20100101 Firefox/107.0"

Docker logs:

[2022-12-02 21:27:13.872][vaultwarden::api::notifications][ERROR] 
    ###########################################################
    '/notifications/hub' should be proxied to the websocket server or notifications won't work.
    Go to the Wiki for more info, or disable WebSockets setting WEBSOCKET_ENABLED=false.
    ###########################################################################################

Also, when I look up https://warden.domain.tld/notifications/hub in my browser, I get a 502 error right away.

If I check inside the container, I get this:

docker exec -it vaultwarden curl 127.0.0.1:3012
curl: (52) Empty reply from server

Troubleshooting data

I tried multiple different websocket configs (from the examples in the wiki, from my previous configs, etc), with no prevail.

I would be grateful for any pointers.

*Originally created by @super-ben on 12/2/2022* ### Subject of the issue Can't seem to make the reverse proxy serve websocket connections, no matter the seemingly correct parameters. ### Deployment environment ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.26.0 * Web-vault version: v2022.10.0 * Running within Docker: true (Base: Debian) * Environment settings overridden: true * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Database version: 3.35.4 * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** DOMAIN, SIGNUPS_ALLOWED, ADMIN_TOKEN, SMTP_HOST, SMTP_SECURITY, SMTP_PORT, SMTP_FROM, SMTP_USERNAME, SMTP_PASSWORD ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "****/**.*******", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://******.***********.**", "domain_origin": "*****://******.***********.**", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 5 * * * *", "emergency_request_timeout_schedule": "0 5 * * * *", "enable_db_wal": true, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "password_hints_allowed": true, "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": true, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_explicit_tls": null, "smtp_from": "********@*****.***", "smtp_from_name": "Vaultwarden", "smtp_host": "****.*****.***", "smtp_password": "***", "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": true, "smtp_timeout": 15, "smtp_username": "********@*****.***", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": true, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> * Install method: docker-compose * Clients used:  * Reverse proxy and version: nginx/1.18.0 * MySQL/MariaDB or PostgreSQL version:  * Other relevant details: the relevant parts of my current reverse proxy configuration (only the certs and log sections are missing)(also, I'm using one of the example from the wiki) ```shell upstream vaultwarden-default { zone vaultwarden-default 64k; server 127.0.0.1:8084; keepalive 2; } upstream vaultwarden-ws { zone vaultwarden-ws 64k; server 127.0.0.1:3012; keepalive 2; } server { listen 80; listen [::]:80; server_name warden.domain.tld; return 301 https://$host$request_uri; } server { listen [::]:443 ssl http2; # managed by Certbot listen 443 ssl http2; server_name warden.domain.tld; proxy_read_timeout 720s; proxy_connect_timeout 720s; proxy_send_timeout 720s; client_max_body_size 128m; location / { proxy_http_version 1.1; proxy_set_header "Connection" ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://vaultwarden-default; } location /notifications/hub/negotiate { proxy_http_version 1.1; proxy_set_header "Connection" ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://vaultwarden-default; } location /notifications/hub { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Forwarded $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://vaultwarden-ws; } } ``` My docker-compose.yml: ```yaml version: '3.9' services: vaultwarden: image: vaultwarden/server:latest container_name: vaultwarden volumes: - ./vw-data/:/data/ env_file: ./.env environment: - ADMIN_TOKEN=${ADMIN_TOKEN} - WEBSOCKET_ENABLED=${WEBSOCKET_ENABLED} - SIGNUPS_ALLOWED=${SIGNUPS_ALLOWED} - SMTP_HOST=${SMTP_HOST} - SMTP_FROM=${SMTP_FROM} - SMTP_PORT=${SMTP_PORT} - SMTP_SSL=${SMTP_SSL} - SMTP_USERNAME=${SMTP_USERNAME} - SMTP_PASSWORD=${SMTP_PASSWORD} - DOMAIN=${DOMAIN} ports: - 8084:80 restart: always ``` My .env file: ```shell ADMIN_TOKEN=MyAdminToken WEBSOCKET_ENABLED=true SIGNUPS_ALLOWED=false SMTP_HOST=smtp.gmail.com SMTP_FROM=xxxx@gmail.com SMTP_PORT=587 SMTP_SSL=true SMTP_SECURITY=starttls SMTP_USERNAME=xxxx@gmail.com SMTP_PASSWORD=apppassword DOMAIN=https://warden.domain.tld ``` ### Steps to reproduce I simply started using Vaultwarden today and noticed the errors in the logs (will provide examples later) ### Expected behaviour Working websocket connections. :) ### Actual behaviour I see 502 errors in every logs, for example, the nginx error log: ```shell 2022/12/02 21:56:50 [error] 863114#863114: *59307 connect() failed (111: Unknown error) while connecting to upstream, client: myip, server: warden.domain.tld, request: "GET /notifications/hub?access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJuYmYiOjE2NzAwMTMxNTUsImV4cCI6MTY3MDAyMDM1NSwiaXNzIjoiaHR0cHM6Ly93YXJkZW4ubXVoZWx5c3pvYmEuaHV8bG9naW4iLCJzdWIiOiI2Y2I3MDAwOC01MzYwLTQ0OGYtYjA2NC0xMTczZjFjODg0MjEiLCJwcmVtaXVtIjp0cnVlLCJuYW1lIjoiQmVuY2UgQmFnaSIsImVtYWlsIjoiYmVuY2VAbXVoZWx5c3pvYmEuaHUiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwib3Jnb3duZXIiOltdLCJvcmdhZG1pbiI6W10sIm9yZ3VzZXIiOltdLCJvcmdtYW5hZ2VyIjpbXSwic3N0YW1wIjoiODI0NTcwMmMtOWFlYS00MWIwLWEyMjItMTlkOWU0Yzc2MzM0IiwiZGV2aWNlIjoiN2QxYzk5NmItNWJmMi00NzA4LWJiYmUtMTZkOWY3YTQ4YmQ3Iiwic2NvcGUiOlsiYXBpIiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbIkFwcGxpY2F0aW9uIl19.fvtjqFcn2VQy5-iojep0tOFYEYV7iT8vx7c0z8hRC-cUTbgJTv9KESg0FeydfYxiClOHL961jOWLF5fOdbHcEnRPEI9HewSOd_5Nh8-uN4q5TOIP8T-3j46RBPe076IBQ2FSa55XtFy6CXW-FLlN4hgqs7cohzSSIXCsmMFndCnEp7iAVCj1EcGMUEjQqaPcZSxwvUgYuyZNOCaXCIMJimmM0Q7LGUXIpswj9CdgHZjn8f7fjpoUrcjc-aGJRJImv1BTDbCNRlpOThQyVECHkKLPleS1plxhdgJviSEODbsDzRc3TqF_WYrOHx1fjycdrtvi3DWis2Fm33D0YDs6Dg HTTP/1.1", upstream: "http://127.0.0.1:3012/notifications/hub?access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJuYmYiOjE2NzAwMTMxNTUsImV4cCI6MTY3MDAyMDM1NSwiaXNzIjoiaHR0cHM6Ly93YXJkZW4ubXVoZWx5c3pvYmEuaHV8bG9naW4iLCJzdWIiOiI2Y2I3MDAwOC01MzYwLTQ0OGYtYjA2NC0xMTczZjFjODg0MjEiLCJwcmVtaXVtIjp0cnVlLCJuYW1lIjoiQmVuY2UgQmFnaSIsImVtYWlsIjoiYmVuY2VAbXVoZWx5c3pvYmEuaHUiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwib3Jnb3duZXIiOltdLCJvcmdhZG1pbiI6W10sIm9yZ3VzZXIiOltdLCJvcmdtYW5hZ2VyIjpbXSwic3N0YW1wIjoiODI0NTcwMmMtOWFlYS00MWIwLWEyMjItMTlkOWU0Yzc2MzM0IiwiZGV2aWNlIjoiN2QxYzk5NmItNWJmMi00NzA4LWJiYmUtMTZkOWY3YTQ4YmQ3Iiwic2NvcGUiOlsiYXBpIiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbIkFwcGxpY2F0aW9uIl19.fvtjqFcn2VQy5-iojep0tOFYEYV7iT8vx7c0z8hRC-cUTbgJTv9KESg0FeydfYxiClOHL961jOWLF5fOdbHcEnRPEI9HewSOd_5Nh8-uN4q5TOIP8T-3j46RBPe076IBQ2FSa55XtFy6CXW-FLlN4hgqs7cohzSSIXCsmMFndCnEp7iAVCj1EcGMUEjQqaPcZSxwvUgYuyZNOCaXCIMJimmM ``` In the access log: ```shell myip - - [02/Dec/2022:21:56:42 +0100] "GET /notifications/hub HTTP/2.0" 502 166 "-" "Mozilla/5.0 (Windows NT 10.0; rv:107.0) Gecko/20100101 Firefox/107.0" myip - - [02/Dec/2022:21:56:50 +0100] "GET /notifications/hub?access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJuYmYiOjE2NzAwMTMxNTUsImV4cCI6MTY3MDAyMDM1NSwiaXNzIjoiaHR0cHM6Ly93YXJkZW4ubXVoZWx5c3pvYmEuaHV8bG9naW4iLCJzdWIiOiI2Y2I3MDAwOC01MzYwLTQ0OGYtYjA2NC0xMTczZjFjODg0MjEiLCJwcmVtaXVtIjp0cnVlLCJuYW1lIjoiQmVuY2UgQmFnaSIsImVtYWlsIjoiYmVuY2VAbXVoZWx5c3pvYmEuaHUiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwib3Jnb3duZXIiOltdLCJvcmdhZG1pbiI6W10sIm9yZ3VzZXIiOltdLCJvcmdtYW5hZ2VyIjpbXSwic3N0YW1wIjoiODI0NTcwMmMtOWFlYS00MWIwLWEyMjItMTlkOWU0Yzc2MzM0IiwiZGV2aWNlIjoiN2QxYzk5NmItNWJmMi00NzA4LWJiYmUtMTZkOWY3YTQ4YmQ3Iiwic2NvcGUiOlsiYXBpIiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbIkFwcGxpY2F0aW9uIl19.fvtjqFcn2VQy5-iojep0tOFYEYV7iT8vx7c0z8hRC-cUTbgJTv9KESg0FeydfYxiClOHL961jOWLF5fOdbHcEnRPEI9HewSOd_5Nh8-uN4q5TOIP8T-3j46RBPe076IBQ2FSa55XtFy6CXW-FLlN4hgqs7cohzSSIXCsmMFndCnEp7iAVCj1EcGMUEjQqaPcZSxwvUgYuyZNOCaXCIMJimmM0Q7LGUXIpswj9CdgHZjn8f7fjpoUrcjc-aGJRJImv1BTDbCNRlpOThQyVECHkKLPleS1plxhdgJviSEODbsDzRc3TqF_WYrOHx1fjycdrtvi3DWis2Fm33D0YDs6Dg HTTP/1.1" 502 166 "-" "Mozilla/5.0 (Windows NT 10.0; rv:107.0) Gecko/20100101 Firefox/107.0" ``` Docker logs: ```shell [2022-12-02 21:27:13.872][vaultwarden::api::notifications][ERROR] ########################################################### '/notifications/hub' should be proxied to the websocket server or notifications won't work. Go to the Wiki for more info, or disable WebSockets setting WEBSOCKET_ENABLED=false. ########################################################################################### ``` Also, when I look up https://warden.domain.tld/notifications/hub in my browser, I get a 502 error right away. If I check inside the container, I get this: ```shell docker exec -it vaultwarden curl 127.0.0.1:3012 curl: (52) Empty reply from server ``` ### Troubleshooting data I tried multiple different websocket configs (from the examples in the wiki, from my previous configs, etc), with no prevail. I would be grateful for any pointers.

MrUnknownDE closed this issue

2026-04-06 02:35:23 +02:00

Sign in to join this conversation.

No Label

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#1885