[GH-ISSUE #993] Bitwarden RS container hangs when is not allowed to access the Internet #705

New issue

Closed

opened 2026-03-03 02:02:22 +03:00 by kerem · 3 comments

kerem commented 2026-03-03 02:02:22 +03:00

Owner

Copy link

Originally created by @ajgon on GitHub (May 13, 2020).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/993

Subject of the issue

So here is the problem. I run my personal home-lab with plenty of services. To prevent them from "calling home" default policy for containers is to disallow any access to the Internet. However since I have problem with "internal loopbacks" with bitwarden and some other apps, containers can access themselves using their own domain name (so bitwarden.example.com can access any endpoint using bitwarden.example.com/something without any problem).

This setup worked flawlessly until recently. When I try to create a new item, Bitwarden hangs. When I enable access to the Internet, everything works as expected.

It happens both in OSX client and in web interface.

Your environment

• Bitwarden_rs version: 1.14.2-8bbbff75
• Install method: Docker
• Clients used: OSX, web
• Reverse proxy and version: nginx 1.17.9
• Version of mysql/postgresql: Postgres 12.2
• Other relevant information:

Steps to reproduce

• Set up bitwarden_rs docker container
• Disable Internet access to the container (create network with --internal param and attach it as a only network)
• Access web panel and try to save an item

Expected behaviour

Item should be saved properly.

Actual behaviour

Bitwarden container hangs.

Relevant logs

Nothing extraordinary except failed icons download (which is expected as container has no access to the Internet):

May 13 18:56:11 deedee bitwarden[560]: [2020-05-13 18:56:11][bitwarden_rs::api::icons][INFO] Download failed for https://****/favicon.ico
May 13 18:56:11 deedee bitwarden[560]: [2020-05-13 18:56:11][bitwarden_rs::api::icons][INFO] Download failed for https://****/favicon.ico
May 13 18:56:11 deedee bitwarden[560]: [2020-05-13 18:56:11][bitwarden_rs::api::icons][INFO] Download failed for https://****/favicon.ico
...

I really appreciate any help - should I allow some extra domains, or is it related to something else?

Thanks!

Originally created by @ajgon on GitHub (May 13, 2020). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/993 ### Subject of the issue So here is the problem. I run my personal home-lab with plenty of services. To prevent them from "calling home" default policy for containers is to disallow any access to the Internet. However since I have problem with "internal loopbacks" with bitwarden and some other apps, containers can access themselves using their own domain name (so `bitwarden.example.com` can access any endpoint using `bitwarden.example.com/something` without any problem). This setup worked flawlessly until recently. When I try to create a new item, Bitwarden hangs. When I enable access to the Internet, everything works as expected. It happens both in OSX client and in web interface. ### Your environment * Bitwarden_rs version: 1.14.2-8bbbff75 * Install method: Docker * Clients used: OSX, web * Reverse proxy and version: nginx 1.17.9 * Version of mysql/postgresql: Postgres 12.2 * Other relevant information: ### Steps to reproduce * Set up bitwarden_rs docker container * Disable Internet access to the container (create network with `--internal` param and attach it as a only network) * Access web panel and try to save an item ### Expected behaviour Item should be saved properly. ### Actual behaviour Bitwarden container hangs. ### Relevant logs Nothing extraordinary except failed icons download (which is expected as container has no access to the Internet): ``` May 13 18:56:11 deedee bitwarden[560]: [2020-05-13 18:56:11][bitwarden_rs::api::icons][INFO] Download failed for https://****/favicon.ico May 13 18:56:11 deedee bitwarden[560]: [2020-05-13 18:56:11][bitwarden_rs::api::icons][INFO] Download failed for https://****/favicon.ico May 13 18:56:11 deedee bitwarden[560]: [2020-05-13 18:56:11][bitwarden_rs::api::icons][INFO] Download failed for https://****/favicon.ico ... ``` I really appreciate any help - should I allow some extra domains, or is it related to something else? Thanks!

kerem closed this issue 2026-03-03 02:02:22 +03:00

kerem commented 2026-03-03 02:02:23 +03:00

Author

Owner

Copy link

@mqus commented on GitHub (May 13, 2020):

Hey! thanks for the report!
Did you try to disable Icon downloading? (using the environment variable, see https://github.com/dani-garcia/bitwarden_rs/blob/master/.env.template#L71) I think bitwarden_rs should not hang even if it isn't disabled but maybe that helps in you case?

<!-- gh-comment-id:628239551 --> @mqus commented on GitHub (May 13, 2020): Hey! thanks for the report! Did you try to disable Icon downloading? (using the environment variable, see https://github.com/dani-garcia/bitwarden_rs/blob/master/.env.template#L71) I think bitwarden_rs should not hang even if it isn't disabled but maybe that helps in you case?

kerem commented 2026-03-03 02:02:23 +03:00

Author

Owner

Copy link

@ajgon commented on GitHub (May 13, 2020):

Ha! My initial idea was to disable that, but wasn't aware of the option. After disabling it, everything went back to normal.

Thank you!

<!-- gh-comment-id:628244729 --> @ajgon commented on GitHub (May 13, 2020): Ha! My initial idea was to disable that, but wasn't aware of the option. After disabling it, everything went back to normal. Thank you!

kerem commented 2026-03-03 02:02:23 +03:00

Author

Owner

Copy link

@dani-garcia commented on GitHub (May 13, 2020):

I assume the hang is caused by the server trying to connect and waiting on a timeout, which by default is 10 seconds. The version of rocket that we currently use has a fixed number of threads, so once all of them are saturated waiting on a timeout the server will hang. This is particularly bad when a client has a lot of ciphers with a lot of icons.

That said, yeah in your case disabling them is the correct choice, so this can be closed.

<!-- gh-comment-id:628255531 --> @dani-garcia commented on GitHub (May 13, 2020): I assume the hang is caused by the server trying to connect and waiting on a timeout, which by default is 10 seconds. The version of rocket that we currently use has a fixed number of threads, so once all of them are saturated waiting on a timeout the server will hang. This is particularly bad when a client has a lot of ciphers with a lot of icons. That said, yeah in your case disabling them is the correct choice, so this can be closed.

kerem referenced this issue 2026-03-03 08:53:05 +03:00

[PR #713] [MERGED] Fixed issue/request #705 #2788

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels   

SSO

  

Third party

  

better for forum

  

bug

  

bug

  

documentation

  

duplicate

  

enhancement

  

future Vault

  

future Vault

  

future Vault

  

good first issue

  

help wanted

  

low priority

  

notes

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

troubleshooting

  

wontfix

No labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

question

troubleshooting

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/vaultwarden#705

No description provided.