WebAuthn fails to register in self-hosted Bitwarden server behind reverse proxy

Notice: This article is regarding third-party software. NodeSpace does not officially support third-party software, but support is provided on a best-effort basis.

Problem

When using a self-hosted Bitwarden server, users are unable to enroll WebAuthn MFA. Error message observed is: "An error has occurred. An unhandled server error has occurred."

This is seen on Bitwarden servers hosted behind a reverse proxy (NGINX or Apache).

Possible Resolution

This issue is because WebAuthn requires SSL in order to function. If there is no SSL on the Bitwarden server (as in most cases where a NGINX reverse proxy will terminate SSL), then WebAuthn will fail.

Edit /path/to/bwdata/config.yml and check url.

Typically generated config.yml will have url set as a http URL. This needs to be changed to https.

# 
# Note: After making changes to this file you need to run the `rebuild` or `update`
# command for them to be applied.
#
# Full URL for accessing the installation from a browser. (Required)
url: http://<BITWARDENDOMAIN>

Modify this to be:

# 
# Note: After making changes to this file you need to run the `rebuild` or `update`
# command for them to be applied.
#
# Full URL for accessing the installation from a browser. (Required)
url: https://<BITWARDENDOMAIN>

Replace <BITWARDENDOMAIN> with your actual Bitwarden domain.

Article Details

Article ID:
295
Category:
Views:
50
Rating (Votes):
(1)

Happy Servermas!