[GH-ISSUE #1699] Vaultwarden Error validating domain with docker-compose & DOMAIN env var #1037

New issue

Closed

opened 2026-03-03 02:05:44 +03:00 by kerem · 1 comment

kerem commented

2026-03-03 02:05:44 +03:00

Owner

Originally created by @zilexa on GitHub (May 15, 2021).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1699

domain name validation issue

In my docker compose, to migrate from bitwarden_rs to vaultwarden I have switched the image for the vaultwarden image, changed container name AND changed the subdomain (bw.mydomain.com > vault.mydomain.com). After running compose It seems to run fine but there is an error in the log.

Error validating domain: relative URL without a base

Notice in the diagnostics, it says Domain configuration No Match HTTPS and both my old domain (bw and new one vault are mentioned).

My compose (I use caddy-docker-proxy but thats unrelated):

  vaultwarden:
    image: vaultwarden/server
    container_name: vaultwarden
    restart: always
    networks: 
      - web-proxy
    volumes:
      - $DOCKERDIR/vaultwarden:/data
    environment:
      WEBSOCKET_ENABLED: 'true'
      DOMAIN: vault.$DOMAIN
      SIGNUPS_ALLOWED: 'false'
      ADMIN_TOKEN: $VAULTWARDENTOKEN
    labels:
      caddy: vault.$DOMAIN
      caddy.reverse_proxy_0: "{{upstreams 80}}"
      # Useful extra extra headers??
      caddy.encode: gzip
      caddy.header.X-XSS-Protection: '"1; mode=block;"'
      caddy.header.X-Frame-Options: "DENY"
      caddy.header.X-Content-Type-Options: "none"
      # Necessary for web push notifications??
      caddy.reverse_proxy_1: "/notifications/hub/negotiate {{upstreams 80}}"
      caddy.reverse_proxy_2: "/notifications/hub {{upstreams 3012}}"

Deployment environment

Vaultwarden Admin

Settings
Users
Organizations
Diagnostics
Vault

Diagnostics
Versions

Server Installed Ok
1.21.0
Server Latest
1.21.0
Web Installed
2.19.0d
Database
SQLite: 3.33.0

Checks

Running within Docker
Yes
Uses a reverse proxy
Yes
IP header No Match
Config: X-Real-IP Server: X-Forwarded-For
Internet access Ok
Yes
Internet access via a proxy
No
DNS (github.com) Ok
140.82.121.4
Date & Time (Local)
Server: 2021-05-15 14:37:13 +00:00
Date & Time (UTC) Ok
Server: 2021-05-15 14:37:13 UTC Browser: 2021-05-15 14:37:13 UTC
Domain configuration No Match HTTPS
Server: https://bw.MYDOMAINNAME.com/admin/diagnostics Browser: https://vault.MYDOMAINNAME.com/admin/diagnostics

Support

### Your environment (Generated via diagnostics page)

    * Vaultwarden version: v1.21.0
    * Web-vault version: v2.19.0d
    * Running within Docker: true
    * Uses a reverse proxy: true
    * IP Header check: false (X-Forwarded-For)
    * Internet access: true
    * Internet access via a proxy: false
    * DNS Check: true
    * Time Check: true
    * Domain Configuration Check: false
    * HTTPS Check: true
    * Database type: SQLite
    * Database version: 3.33.0
    * Clients used: 
    * Reverse proxy and version: 
    * Other relevant information: 

    ### Config (Generated via diagnostics page)
    ```json
    {
      "_duo_akey": null,
      "_enable_duo": false,
      "_enable_email_2fa": false,
      "_enable_smtp": true,
      "_enable_yubico": true,
      "_ip_header_enabled": true,
      "admin_token": "***",
      "allowed_iframe_ancestors": "",
      "attachments_folder": "data/attachments",
      "authenticator_disable_time_drift": false,
      "data_folder": "data",
      "database_max_conns": 10,
      "database_url": "****/**.*******",
      "db_connection_retries": 15,
      "disable_2fa_remember": false,
      "disable_admin_token": false,
      "disable_icon_download": false,
      "domain": "*****://**.******.*****",
      "domain_origin": "*****://**.******.*****",
      "domain_path": "",
      "domain_set": true,
      "duo_host": null,
      "duo_ikey": null,
      "duo_skey": null,
      "email_attempts_limit": 3,
      "email_expiration_time": 600,
      "email_token_size": 6,
      "enable_db_wal": true,
      "extended_logging": true,
      "helo_name": null,
      "hibp_api_key": null,
      "icon_blacklist_non_global_ips": true,
      "icon_blacklist_regex": null,
      "icon_cache_folder": "data/icon_cache",
      "icon_cache_negttl": 259200,
      "icon_cache_ttl": 2592000,
      "icon_download_timeout": 10,
      "invitation_org_name": "Bitwarden_RS",
      "invitations_allowed": true,
      "ip_header": "X-Real-IP",
      "job_poll_interval_ms": 30000,
      "log_file": null,
      "log_level": "Info",
      "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
      "org_attachment_limit": null,
      "org_creation_users": "",
      "password_iterations": 100000,
      "reload_templates": false,
      "require_device_email": false,
      "rsa_key_filename": "data/rsa_key",
      "send_purge_schedule": "0 5 * * * *",
      "sends_folder": "data/sends",
      "show_password_hint": true,
      "signups_allowed": false,
      "signups_domains_whitelist": "",
      "signups_verify": false,
      "signups_verify_resend_limit": 6,
      "signups_verify_resend_time": 3600,
      "smtp_accept_invalid_certs": false,
      "smtp_accept_invalid_hostnames": false,
      "smtp_auth_mechanism": null,
      "smtp_debug": false,
      "smtp_explicit_tls": false,
      "smtp_from": "*********@******.*****",
      "smtp_from_name": "Bitwarden - MYDOMAINNAME Cloud",
      "smtp_host": "****.*******.***",
      "smtp_password": "***",
      "smtp_port": 587,
      "smtp_ssl": true,
      "smtp_timeout": 15,
      "smtp_username": "*********",
      "templates_folder": "data/templates",
      "trash_auto_delete_days": null,
      "trash_purge_schedule": "0 5 0 * * *",
      "use_syslog": false,
      "user_attachment_limit": null,
      "web_vault_enabled": true,
      "web_vault_folder": "web-vault/",
      "websocket_address": "0.0.0.0",
      "websocket_enabled": true,
      "websocket_port": 3012,
      "yubico_client_id": null,
      "yubico_secret_key": null,
      "yubico_server": null
    }
    ```

Originally created by @zilexa on GitHub (May 15, 2021). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1699 ### domain name validation issue In my docker compose, to migrate from bitwarden_rs to vaultwarden I have switched the image for the vaultwarden image, changed container name AND changed the subdomain (`bw.mydomain.com` > `vault.mydomain.com`). After running compose It seems to run fine but there is an error in the log. ``` Error validating domain: relative URL without a base ``` Notice in the diagnostics, it says `Domain configuration No Match HTTPS` and both my old domain (`bw` and new one `vault` are mentioned). My compose (I use caddy-docker-proxy but thats unrelated): ``` vaultwarden: image: vaultwarden/server container_name: vaultwarden restart: always networks: - web-proxy volumes: - $DOCKERDIR/vaultwarden:/data environment: WEBSOCKET_ENABLED: 'true' DOMAIN: vault.$DOMAIN SIGNUPS_ALLOWED: 'false' ADMIN_TOKEN: $VAULTWARDENTOKEN labels: caddy: vault.$DOMAIN caddy.reverse_proxy_0: "{{upstreams 80}}" # Useful extra extra headers?? caddy.encode: gzip caddy.header.X-XSS-Protection: '"1; mode=block;"' caddy.header.X-Frame-Options: "DENY" caddy.header.X-Content-Type-Options: "none" # Necessary for web push notifications?? caddy.reverse_proxy_1: "/notifications/hub/negotiate {{upstreams 80}}" caddy.reverse_proxy_2: "/notifications/hub {{upstreams 3012}}" ``` ### Deployment environment Vaultwarden Admin Settings Users Organizations Diagnostics Vault Diagnostics Versions Server Installed Ok 1.21.0 Server Latest 1.21.0 Web Installed 2.19.0d Database SQLite: 3.33.0 Checks Running within Docker Yes Uses a reverse proxy Yes IP header No Match Config: X-Real-IP Server: X-Forwarded-For Internet access Ok Yes Internet access via a proxy No DNS (github.com) Ok 140.82.121.4 Date & Time (Local) Server: 2021-05-15 14:37:13 +00:00 Date & Time (UTC) Ok Server: 2021-05-15 14:37:13 UTC Browser: 2021-05-15 14:37:13 UTC Domain configuration No Match HTTPS Server: https://bw.MYDOMAINNAME.com/admin/diagnostics Browser: https://vault.MYDOMAINNAME.com/admin/diagnostics Support ### Your environment (Generated via diagnostics page) ``` * Vaultwarden version: v1.21.0 * Web-vault version: v2.19.0d * Running within Docker: true * Uses a reverse proxy: true * IP Header check: false (X-Forwarded-For) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: false * HTTPS Check: true * Database type: SQLite * Database version: 3.33.0 * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": false, "_enable_smtp": true, "_enable_yubico": true, "_ip_header_enabled": true, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_max_conns": 10, "database_url": "****/**.*******", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://**.******.*****", "domain_origin": "*****://**.******.*****", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "enable_db_wal": true, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "invitation_org_name": "Bitwarden_RS", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "org_attachment_limit": null, "org_creation_users": "", "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sends_folder": "data/sends", "show_password_hint": true, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_explicit_tls": false, "smtp_from": "*********@******.*****", "smtp_from_name": "Bitwarden - MYDOMAINNAME Cloud", "smtp_host": "****.*******.***", "smtp_password": "***", "smtp_port": 587, "smtp_ssl": true, "smtp_timeout": 15, "smtp_username": "*********", "templates_folder": "data/templates", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": true, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ```

kerem closed this issue

2026-03-03 02:05:44 +03:00

kerem commented

2026-03-03 02:05:45 +03:00

Author

Owner

@zilexa commented on GitHub (May 15, 2021):

Not a bug, I forgot I had to change the domain also in Admin > General Settings !

@zilexa commented on GitHub (May 15, 2021): Not a bug, I forgot I had to change the domain also in Admin > General Settings !