starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-26 01:35:54 +03:00
Code Issues 39 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #1607] Strange behavior between .env and config.json for websocket activation #1013

New issue
Closed
opened 2026-03-03 02:05:32 +03:00 by kerem · 7 comments
kerem commented 2026-03-03 02:05:32 +03:00
Owner
Copy link

Originally created by @sebtiz13 on GitHub (Apr 13, 2021).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1607

Subject of the issue

I have strange behavior between .env and config.json for websocket activation.
I need to add "websocket_enabled": true" in config.json for websocket synchronisation work with firefox extension (I haven't check other browser extension)

Deployment environment

Your environment (Generated via diagnostics page)

  • Bitwarden_rs version: v1.20.0
  • Web-vault version: v2.19.0
  • Running within Docker: false
  • Uses a reverse proxy: true
  • IP Header check: true (X-Real-IP)
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • Time Check: true
  • Domain Configuration Check: true
  • HTTPS Check: true
  • Database type: SQLite
  • Database version: 3.33.0
  • Clients used: Firefox extension
  • Reverse proxy and version: Nginx 1.14.2
  • Other relevant information: use Bitwarden binary on raspbery pi (raspbian) with systemd configuration

Config (Generated via diagnostics page)

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_ip_header_enabled": true,
  "admin_token": null,
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_max_conns": 10,
  "database_url": "****/**.*******",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": true,
  "disable_icon_download": false,
  "domain": "*****://*********.********.**/",
  "domain_origin": "*****://*********.********.**",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "invitation_org_name": "Bitwarden_rs",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "org_attachment_limit": null,
  "org_creation_users": "",
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "sends_folder": "data/sends",
  "show_password_hint": true,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": "LOGIN",
  "smtp_debug": false,
  "smtp_explicit_tls": true,
  "smtp_from": "*******@********.**",
  "smtp_from_name": "Bitwarden_RS",
  "smtp_host": "****.***.***",
  "smtp_password": "***",
  "smtp_port": 465,
  "smtp_ssl": true,
  "smtp_timeout": 15,
  "smtp_username": "*******@********.**",
  "templates_folder": "data/templates",
  "use_syslog": false,
  "user_attachment_limit": -1,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

In doubt this is my .env

ROCKET_PORT=XXXX
WEBSOCKET_ENABLED="true" # enable websocket

Steps to reproduce

When I have set WEBSOCKET_ENABLED="true" in .env the connection to websocket in web_vault work normally but doesn't have websocket synchronization with my firefox extension

If i edit the config.json file manually to add "websocket_enabled": true" after restart of service and manually synchronization in firefox extension the websocket synchronization with my firefox extension work

Expected behaviour

Work normally with just .env variables or when update configuration with admin page don't remove "websocket_enabled" in config.json

Actual behaviour

The Firefox extension don't receive websocket synchronization if "websocket_enabled" is not in config.json and update on configuration page overwrite the config.json without "websocket_enabled"

Troubleshooting data

In my console with webvault

[2021-04-13T20:52:26.807Z] Information: WebSocket connected to wss://..*/notifications/hub?access_token=eyJ0eX....XMEvcsQ.

Sorry i don't find how show eventually error of websocket in firefox extension

Originally created by @sebtiz13 on GitHub (Apr 13, 2021). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1607 <!-- # ### NOTE: Please update to the latest version of bitwarden_rs before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/bitwarden_rs/issues/1180 * https://github.com/dani-garcia/bitwarden_rs/wiki/Updating-the-bitwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue I have strange behavior between .env and config.json for websocket activation. I need to add `"websocket_enabled": true"` in config.json for websocket synchronisation work with firefox extension (I haven't check other browser extension) ### Deployment environment <!-- ========================================================================================= Preferably, use the `Generate Support String` button on the admin page's Diagnostics tab. That will auto-generate most of the info requested in this section. ========================================================================================= --> <!-- The version number, obtained from the logs (at startup) or the admin diagnostics page --> <!-- This is NOT the version number shown on the web vault, which is versioned separately from bitwarden_rs --> <!-- Remember to check if your issue exists on the latest version first! --> ### Your environment (Generated via diagnostics page) * Bitwarden_rs version: v1.20.0 * Web-vault version: v2.19.0 * Running within Docker: false * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Database version: 3.33.0 * Clients used: Firefox extension * Reverse proxy and version: Nginx 1.14.2 * Other relevant information: use Bitwarden binary on raspbery pi (raspbian) with systemd configuration ### Config (Generated via diagnostics page) ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": false, "_enable_smtp": true, "_enable_yubico": true, "_ip_header_enabled": true, "admin_token": null, "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_max_conns": 10, "database_url": "****/**.*******", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": true, "disable_icon_download": false, "domain": "*****://*********.********.**/", "domain_origin": "*****://*********.********.**", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "enable_db_wal": true, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "invitation_org_name": "Bitwarden_rs", "invitations_allowed": true, "ip_header": "X-Real-IP", "log_file": null, "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "org_attachment_limit": null, "org_creation_users": "", "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "sends_folder": "data/sends", "show_password_hint": true, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": "LOGIN", "smtp_debug": false, "smtp_explicit_tls": true, "smtp_from": "*******@********.**", "smtp_from_name": "Bitwarden_RS", "smtp_host": "****.***.***", "smtp_password": "***", "smtp_port": 465, "smtp_ssl": true, "smtp_timeout": 15, "smtp_username": "*******@********.**", "templates_folder": "data/templates", "use_syslog": false, "user_attachment_limit": -1, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": true, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` In doubt this is my .env ```ini ROCKET_PORT=XXXX WEBSOCKET_ENABLED="true" # enable websocket ``` ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start bitwarden_rs? --> When I have set `WEBSOCKET_ENABLED="true"` in `.env` the connection to websocket in web_vault work normally but doesn't have websocket synchronization with my firefox extension If i edit the `config.json` file manually to add `"websocket_enabled": true"` after restart of service and manually synchronization in firefox extension the websocket synchronization with my firefox extension work ### Expected behaviour <!-- Tell us what you expected to happen --> Work normally with just `.env` variables or when update configuration with admin page don't remove "websocket_enabled" in `config.json` ### Actual behaviour <!-- Tell us what actually happened --> The Firefox extension don't receive websocket synchronization if "websocket_enabled" is not in `config.json` and update on configuration page overwrite the `config.json` without "websocket_enabled" ### Troubleshooting data <!-- Share any log files, screenshots, or other relevant troubleshooting data --> In my console with webvault > [2021-04-13T20:52:26.807Z] Information: WebSocket connected to wss://*********.********.**/notifications/hub?access_token=eyJ0eX....XMEvcsQ. Sorry i don't find how show eventually error of websocket in firefox extension
kerem 2026-03-03 02:05:32 +03:00
kerem commented 2026-03-03 02:05:33 +03:00
Author
Owner
Copy link

@BlackDex commented on GitHub (Apr 13, 2021):

This is how it works.
You probably have toggled the websockets setting within the admin interface, which saves the settings to the json file.

The json file overrules the env settings.

<!-- gh-comment-id:819061073 --> @BlackDex commented on GitHub (Apr 13, 2021): This is how it works. You probably have toggled the websockets setting within the admin interface, which saves the settings to the json file. The json file overrules the env settings.
kerem commented 2026-03-03 02:05:33 +03:00
Author
Owner
Copy link

@jjlin commented on GitHub (Apr 13, 2021):

websocket_enabled is read-only config, though. It shouldn't be editable via the admin interface, or saved to config.json. But I'm not sure what happens if you manually edit config.json with a conflicting value.

<!-- gh-comment-id:819068319 --> @jjlin commented on GitHub (Apr 13, 2021): `websocket_enabled` is read-only config, though. It shouldn't be editable via the admin interface, or saved to config.json. But I'm not sure what happens if you manually edit config.json with a conflicting value.
kerem commented 2026-03-03 02:05:33 +03:00
Author
Owner
Copy link

@BlackDex commented on GitHub (Apr 13, 2021):

Hmm indeed. I'm also not sure if it gets saved to the json file, if that is the case, that should be fixed.

<!-- gh-comment-id:819071982 --> @BlackDex commented on GitHub (Apr 13, 2021): Hmm indeed. I'm also not sure if it gets saved to the json file, if that is the case, that should be fixed.
kerem commented 2026-03-03 02:05:33 +03:00
Author
Owner
Copy link

@sebtiz13 commented on GitHub (Apr 14, 2021):

Sorry, indeed I had trouble to really explaining the behavior.
Like say @jjlin the websocket_enabled its read-only configuration on admin, so it's not saved in config.json. This is why when update configuration on admin the config.json it's override without websocket_enabled.

This behavior seems logical to me, but what I don't understand its why when I set WEBSOCKET_ENABLED="true" only in .env its appear like enabled on admin page but doesn't work with Firefox extension and when I edit manually config.json to add "websocket_enabled": true after restart it's work.

I suppose there is a part of code where the parameter websocket_enabled it's only get from config.json and don't support environment variable.

That I found strange, it's web_vault sent to console WebSocket connected in two case (environment variable and manually add in config.json) but if parameter it's not set in config.json it's like websocket server are enabled, but not send synchronization message

In doubt, I add my dot env in original message

<!-- gh-comment-id:819336730 --> @sebtiz13 commented on GitHub (Apr 14, 2021): Sorry, indeed I had trouble to really explaining the behavior. Like say @jjlin the `websocket_enabled` its read-only configuration on admin, so it's not saved in `config.json`. This is why when update configuration on admin the `config.json` it's override without `websocket_enabled`. This behavior seems logical to me, but what I don't understand its why when I set `WEBSOCKET_ENABLED="true"` only in .env its appear like enabled on admin page but doesn't work with Firefox extension and when I edit manually `config.json` to add `"websocket_enabled": true` after restart it's work. I suppose there is a part of code where the parameter `websocket_enabled` it's only get from `config.json` and don't support environment variable. That I found strange, it's `web_vault` sent to console `WebSocket connected` in two case (environment variable and manually add in config.json) but if parameter it's not set in `config.json` it's like websocket server are enabled, but not send synchronization message In doubt, I add my dot env in original message
kerem commented 2026-03-03 02:05:33 +03:00
Author
Owner
Copy link

@BlackDex commented on GitHub (Jun 20, 2021):

@sebtiz13:
There is no way that the env's arn't read and the config.json is. They are getting merged.
So, there are a few options here i think.

  1. The env's aren't loaded at all and that file isn't read during startup.
  2. There is something within the .env file which breaks parsing, but doesn't produces an error/warning/panic.

Best way to check this out is by renaming the config.json file temporarily to config.json.old or something.
Change the .env file var LOG_LEVEL to either have trace logging or no logging, off, at all, to see if it picks up that change, and maybe verify that by going to the /admin and check the settings over there.

If it does change the logging output, then i would suggest to move that variable LOG_LEVEL all the way at the bottom, and remove it from the previous place and see if it still works. If it breaks, then something is going wrong down the line in the file for some reason.

Same goes for the WEBSOCKET_ENABLED var, you could try to put that all the way at the top of the .env file and see what happens. If it then does start to work, then also there is something strange within the .env file which i really would like to know what, so that we can try to detect it, and prevent issues for the rest.

In any case, you should at least see something like this when it started:

[2021-06-20 18:03:11.450][parity_ws][INFO] Listening for new connections on 0.0.0.0:3012.
[2021-06-20 18:03:11.471][start][INFO] Rocket has launched from http://0.0.0.0:8080

So, could you provide us with this info please?

<!-- gh-comment-id:864576052 --> @BlackDex commented on GitHub (Jun 20, 2021): @sebtiz13: There is no way that the env's arn't read and the config.json is. They are getting merged. So, there are a few options here i think. 1. The env's aren't loaded at all and that file isn't read during startup. 2. There is something within the .env file which breaks parsing, but doesn't produces an error/warning/panic. Best way to check this out is by renaming the `config.json` file temporarily to `config.json.old` or something. Change the .env file var `LOG_LEVEL` to either have `trace` logging or no logging, `off`, at all, to see if it picks up that change, and maybe verify that by going to the /admin and check the settings over there. If it does change the logging output, then i would suggest to move that variable `LOG_LEVEL` all the way at the bottom, and remove it from the previous place and see if it still works. If it breaks, then something is going wrong down the line in the file for some reason. Same goes for the `WEBSOCKET_ENABLED` var, you could try to put that all the way at the top of the `.env` file and see what happens. If it then does start to work, then also there is something strange within the `.env` file which i really would like to know what, so that we can try to detect it, and prevent issues for the rest. In any case, you should at least see something like this when it started: ``` [2021-06-20 18:03:11.450][parity_ws][INFO] Listening for new connections on 0.0.0.0:3012. [2021-06-20 18:03:11.471][start][INFO] Rocket has launched from http://0.0.0.0:8080 ``` So, could you provide us with this info please?
kerem commented 2026-03-03 02:05:33 +03:00
Author
Owner
Copy link

@sebtiz13 commented on GitHub (Jun 22, 2021):

Hello

I have finally found the cause of this behavior.
It's due too comment after the value # enable websocket

I have configured my server with systemd like example from wiki page Setup as a systemd service i have declared my .env like this

EnvironmentFile=/srv/vaultwarden/.env

and all env variables are loaded except "WEBSOCKET_ENABLED" it's due to the comment after the variables
I don't really understand why but when I start the server from bash with

./vaultwarden

It's read, but with systemd not, i supose it's an error to have an comment on same line as a variable in .env for systemd (maybe not use same parser like bash)

Finally i have remove the comment and it's work normally
And effectively if i keep "websocket_enabled": true in config.json on start i have this warning

[WARNING] The following environment variables are being overriden by the config file,
[WARNING] please use the admin panel to make changes to them:
[WARNING] WEBSOCKET_ENABLED

So maybe just need to add an comment for this details on wiki

Thanks for your help

<!-- gh-comment-id:866375258 --> @sebtiz13 commented on GitHub (Jun 22, 2021): Hello I have finally found the cause of this behavior. It's due too comment after the value `# enable websocket` I have configured my server with systemd like example from wiki page [Setup as a systemd service](https://github.com/dani-garcia/vaultwarden/wiki/Setup-as-a-systemd-service) i have declared my `.env` like this ``` EnvironmentFile=/srv/vaultwarden/.env ``` and all env variables are loaded except "**WEBSOCKET_ENABLED**" it's due to the comment after the variables I don't really understand why but when I start the server from bash with ``` ./vaultwarden ``` It's read, but with systemd not, i supose it's an error to have an comment on same line as a variable in `.env` for systemd (maybe not use same parser like bash) Finally i have remove the comment and it's work normally And effectively if i keep `"websocket_enabled": true` in config.json on start i have this warning > [WARNING] The following environment variables are being overriden by the config file, [WARNING] please use the admin panel to make changes to them: [WARNING] WEBSOCKET_ENABLED So maybe just need to add an comment for this details on wiki Thanks for your help
kerem commented 2026-03-03 02:05:33 +03:00
Author
Owner
Copy link

@BlackDex commented on GitHub (Jun 23, 2021):

@sebtiz13 feel free to update the wiki!

<!-- gh-comment-id:866976017 --> @BlackDex commented on GitHub (Jun 23, 2021): @sebtiz13 feel free to update the wiki!
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
revert-7033-patch-1
cached-config-operations
test_dylint
1.35.8
1.35.7
1.35.6
1.35.5
1.35.4
1.35.3
1.35.2
1.35.1
1.35.0
1.34.3
1.34.2
1.34.1
1.34.0
1.33.2
1.33.1
1.33.0
1.32.7
1.32.6
1.32.5
1.32.4
1.32.3
1.32.2
1.32.1
1.32.0
1.31.0
1.30.5
1.30.4
1.30.3
1.30.2
1.30.1
1.30.0
1.29.2
1.29.1
1.29.0
1.28.1
1.28.0
1.27.0
1.26.0
1.25.2
1.25.1
1.25.0
1.24.0
1.23.1
1.23.0
1.22.2
1.22.1
1.22.0
1.21.0
1.20.0
1.19.0
1.18.0
1.17.0
1.16.3
1.16.2
1.16.1
1.16.0
1.15.1
1.15.0
1.14.2
1.14.1
1.14
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.1
1.9.0
1.8.0
1.7.0
1.6.1
1.6.0
1.5.0
1.4.0
1.3.0
1.2.0
1.1.0
1.0.0
0.13.0
0.12.0
0.11.0
0.10.0
0.9.0
Labels
Clear labels   
SSO

   
Third party

   
better for forum

   
bug

   
bug

   
documentation

   
duplicate

   
enhancement

   
future Vault

   
future Vault

   
future Vault

   
good first issue

   
help wanted

   
low priority

   
notes

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
troubleshooting

   
wontfix
No labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
question
troubleshooting
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/vaultwarden#1013
No description provided.