Self hosted vault warden app issue with Graphene

Buckdddd66

Probably9857 no this is just local network so far

DeletedUser87

Buckdddd66 okay, we need a lot more information about the setup.

How do you resolve the domain? Do you have local DNS records/DNS rewrites that point to the server?
Are you using a reverse proxy like NGINX, NPM, Caddy, etc.? If yes, have you uploaded your self signed cert there?
How is Vaultwarden set up? Bare metal, docker, Home Assistant, etc.?
How did you create the cert?

All questions are important to determine what went wrong for you.

Probably9857

I understand that both server and phone are on your local network. I asked because a VPN on your phone would prevent it from accessing local network addresses if not properly configured.

Buckdddd66

Probably9857 yeah there is no vpn on the device

Buckdddd66

DeletedUser87

I am resolving the vault warden domain using the ip of the device(just https://(local ip). My device is configured to use my router as the DNS server. And there is no local dns records or rewrites.

I am using Caddy to act as my reverse proxy and I have uploaded my self signed cert there.

Vault warden and Caddy are running on docker on bare metal.

I used OpenSSL to generate the cert( this is the same cert I used to add to my CA certificates on graphene os).

At first I thought it was a cert issue but after I added the cert to my graphene devices I am able to browse to the local ip address and I don’t receive any ssl issues.

Buckdddd66

DeletedUser87 thanks for taking the time to ask, I just setup graphene today so I’m quite new to the environment. Let me know if you’d like to know anything else.

DeletedUser87

Buckdddd66 I think we might see the issue here. If you don't have DNS records, the request will default to your router DNS which resolves to... nothing since there are no A-records for the domain. This is why you can access the IP directly, while resolving the domain fails. Since you are already self hosting quite a bit, I would recommend to look into PiHole or AdGuard Home (note that PiHole has quite a few bugs that are very annoying in the docker version, AdGuard Home is much more reliable - at least for me) which not only acts as your DNS server, but can also block ads for your whole network and gives you some nice insights into your DNS traffic. In there, you can easily configure a DNS record to resolve to your Bitwarden instance. If you need a config.yaml for AdGuard Home, just ask.

Buckdddd66

DeletedUser87

Sadly the same issue persists, I tested trying to connect to the main bitwarden.com website and it worked so I am starting to think that graphene is somehow blocking the connection? Even though I have given the app network access.

Buckdddd66

DeletedUser87
I also ran adb and tried to ping the host and everything is working properly, I looked through the logs but couldn’t find any errors

DeletedUser87

Buckdddd66 can you tell me how your DNS records look like now? It needs to resolve properly.

Buckdddd66

DeletedUser87
I don’t think it’s dns related, I think the issue is it’s a self signed cert. I installed KeyGuard(an alternative to the bitwarden mobile app) and it gives me a cert error saying “Hostname cannot be verified”, I am assuming for some reason the cert cannot be verified even though when I go into vanadium and goto the local host I don’t get any certificate pop ups. Do you have any ideas on maybe if I should try to install it as a root cert?

DeletedUser87

Buckdddd66 what leads you to assume that it's a cert issue? If you open a browser and type in your domain (let's say it's bitwarden.local), what do you get?