Bitwarden iOS cannot log in to self-hosted server #458

New Issue

MrUnknownDE · 2026-04-05T21:21:12+02:00

MrUnknownDE commented

2026-04-05 21:21:12 +02:00

Originally created by @danielplaskur on 7/23/2025

Prerequisites

I have searched the existing issues and discussions
I have read the documentation

Vaultwarden Support String

Your environment (Generated via diagnostics page)

Vaultwarden version: v1.34.1
Web-vault version: v2025.5.0
OS/Arch: linux/x86_64
Running within a container: true (Base: Debian)
Database type: SQLite
Database version: 3.49.1
Uses config.json: true
Uses a reverse proxy: true
IP Header check: true (X-Forwarded-For)
Internet access: true
Internet access via a proxy: false
DNS Check: true
Browser/Server Time Check: true
Server/NTP Time Check: true
Domain Configuration Check: true
HTTPS Check: true
Websocket Check: true
HTTP Response Checks: true

Config & Details (Generated via diagnostics page)

Show Config & Details

Environment settings which are overridden: DOMAIN, ADMIN_TOKEN

Config:

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_max_note_size": 10000,
  "_smtp_img_src": "***:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_connect_src": "",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://****************",
  "domain_origin": "*****://****************",
  "domain_path": "",
  "domain_set": true,
  "duo_context_purge_schedule": "30 * * * * *",
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "duo_use_iframe": false,
  "email_2fa_auto_fallback": false,
  "email_2fa_enforce_on_verified_invite": false,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "enable_websocket": true,
  "enforce_single_org_with_reset_pw_policy": false,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "experimental_client_feature_flags": "",
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "http_request_block_non_global_ips": true,
  "http_request_block_regex": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "increase_note_size_limit": false,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Forwarded-For",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "push_enabled": false,
  "push_identity_uri": "https://identity.bitwarden.com",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": true,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "***************",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "*********************",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "***************",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Vaultwarden Build Version

v1.34.1

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

caddy v2.10.0

Host/Server Operating System

Linux

Operating System Version

Ubuntu 24.04.2 LTS

Clients

iOS

Client Version

Bitwarden iOS app - v2025.6.0(2235)

Steps To Reproduce

Join the iPhone to the same Wi-Fi/LAN (192.168.10.0/24).
Open Bitwarden → Settings → Self-Hosted → enter https://XXX.XX
Tap Save & Continue → Log In
Observe immediate pop-up “Internet connection required” (before any credentials screen).

Expected Result

The iOS client should connect to the server, fetch /api/config, and display the login form, just like every other Bitwarden client.

Actual Result

Internet connection required. Please connect to the Internet before continuing.”** when pointed at my self-hosted instance.
From mobile browser web vault is loaded fine.

Logs

No logs because, It cannot login.

Screenshots or Videos

Only error popup, so not relevant.

Additional Context

XXX.XX has static DNS A record pointing to Vaultwarden server.

compose.yml:

version: '3'

services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: unless-stopped
    user: "996:988"
    cap_drop:
      - ALL
    security_opt:
      - no-new-privileges:true
    environment:
      DOMAIN: "https://XXX.XX"
      WEBSOCKET_ENABLED: "true"
      REAL_IP_HEADER: "X-Forwarded-For"
      ADMIN_TOKEN: XXXXXX

    volumes:
      - ./vw-data:/data

    ports:
      - "8080:80"

  caddy:
    image: caddy:latest
    container_name: caddy
    restart: unless-stopped
    user: "996:988"
    security_opt:
      - no-new-privileges:true    
    ports:
      - "80:80"
      - "443:443"
    environment:
      LOG_FILE: /var/log/caddy/vault_access.log
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - ./caddy-data:/data
      - ./caddy-config:/config
      - ./logs/caddy:/var/log/caddy

Caddyfile:

XXX.XX {
  log {
    level INFO
    output file /var/log/caddy/vault_access.log {
      roll_size 10MB
      roll_keep 10
    }
  }
  reverse_proxy vaultwarden:80 {
    header_up X-Real-IP {remote_host}
  }
}

*Originally created by @danielplaskur on 7/23/2025* ### Prerequisites - [x] I have searched the existing issues and discussions - [x] I have read the documentation ### Vaultwarden Support String ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.34.1 * Web-vault version: v2025.5.0 * OS/Arch: linux/x86_64 * Running within a container: true (Base: Debian) * Database type: SQLite * Database version: 3.49.1 * Uses config.json: true * Uses a reverse proxy: true * IP Header check: true (X-Forwarded-For) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Websocket Check: true * HTTP Response Checks: true ### Config & Details (Generated via diagnostics page) <details><summary>Show Config & Details</summary> **Environment settings which are overridden:** DOMAIN, ADMIN_TOKEN **Config:** ```json { "_duo_akey": null, "_enable_duo": true, "_enable_email_2fa": false, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_max_note_size": 10000, "_smtp_img_src": "***:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_connect_src": "", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "***************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://****************", "domain_origin": "*****://****************", "domain_path": "", "domain_set": true, "duo_context_purge_schedule": "30 * * * * *", "duo_host": null, "duo_ikey": null, "duo_skey": null, "duo_use_iframe": false, "email_2fa_auto_fallback": false, "email_2fa_enforce_on_verified_invite": false, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "enable_websocket": true, "enforce_single_org_with_reset_pw_policy": false, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "experimental_client_feature_flags": "", "extended_logging": true, "helo_name": null, "hibp_api_key": null, "http_request_block_non_global_ips": true, "http_request_block_regex": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "increase_note_size_limit": false, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Forwarded-For", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "org_events_enabled": false, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 600000, "push_enabled": false, "push_identity_uri": "https://identity.bitwarden.com", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": true, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "***************", "smtp_from_name": "Vaultwarden", "smtp_host": "*********************", "smtp_password": "***", "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "***************", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "user_send_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> ### Vaultwarden Build Version v1.34.1 ### Deployment method Official Container Image ### Custom deployment method _No response_ ### Reverse Proxy caddy v2.10.0 ### Host/Server Operating System Linux ### Operating System Version Ubuntu 24.04.2 LTS ### Clients iOS ### Client Version Bitwarden iOS app - v2025.6.0(2235) ### Steps To Reproduce 1. Join the iPhone to the same Wi-Fi/LAN (`192.168.10.0/24`). 2. Open Bitwarden → Settings → *Self-Hosted* → enter `https://XXX.XX` 3. Tap *Save & Continue* → *Log In* 4. Observe immediate pop-up *“Internet connection required”* (before any credentials screen). ### Expected Result The iOS client should connect to the server, fetch `/api/config`, and display the login form, just like every other Bitwarden client. ### Actual Result Internet connection required. Please connect to the Internet before continuing.”** when pointed at my self-hosted instance. From mobile browser web vault is loaded fine. ### Logs ```text No logs because, It cannot login. ``` ### Screenshots or Videos Only error popup, so not relevant. ### Additional Context XXX.XX has static DNS A record pointing to Vaultwarden server. compose.yml: ``` version: '3' services: vaultwarden: image: vaultwarden/server:latest container_name: vaultwarden restart: unless-stopped user: "996:988" cap_drop: - ALL security_opt: - no-new-privileges:true environment: DOMAIN: "https://XXX.XX" WEBSOCKET_ENABLED: "true" REAL_IP_HEADER: "X-Forwarded-For" ADMIN_TOKEN: XXXXXX volumes: - ./vw-data:/data ports: - "8080:80" caddy: image: caddy:latest container_name: caddy restart: unless-stopped user: "996:988" security_opt: - no-new-privileges:true ports: - "80:80" - "443:443" environment: LOG_FILE: /var/log/caddy/vault_access.log volumes: - ./Caddyfile:/etc/caddy/Caddyfile - ./caddy-data:/data - ./caddy-config:/config - ./logs/caddy:/var/log/caddy ``` Caddyfile: ``` XXX.XX { log { level INFO output file /var/log/caddy/vault_access.log { roll_size 10MB roll_keep 10 } } reverse_proxy vaultwarden:80 { header_up X-Real-IP {remote_host} } } ```

MrUnknownDE closed this issue

2026-04-05 21:21:12 +02:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#458