search

zilexa / Homeserver

Lightweight home server based on microservices, usable as desktop workstation
949 stars 57 forks source link

Vaultwarden login #15

Closed zsole2 closed 2 years ago

zsole2 commented 2 years ago

I run into an issue with Vaultwarden instructions. The first login screen requires to enter an email address and the master password. The instruction tells me to use the secret from the .env file, but there is no info on the e-mail to be used. I tried all emails that was given anywhere during install, but no luck.

zilexa commented 2 years ago

First, which instructions are you referring to exactly? Because my instructions are quite clear: I refer to Vaultwarden wiki: https://github.com/dani-garcia/vaultwarden/wiki/Configuration-overview

Second, where did you add an email address in the Vaultwarden section of your Compose file? There should not be one, right? Please have a closer look.

Third, a hint: https://github.com/zilexa/Homeserver/blob/master/docker/docker-compose.yml#L224

With the above info, you should be able to figure out how to get in Vaultwarden configuration initially, without account, since you don't have an account yet, and you don't want strangers to sign up to your Vaultwarden ;)

zsole2 commented 2 years ago

Thanks for the quick reply!

I don't refer emails at the valultvarden section in the compose file, indeed, there is none.

To cicrumvent the email at login, I changed SIGNUPS_ALLOWED to true (if that is the hint you refer to), and was able to get in the server. However, I could not find any place where I would be be to send invitations, or adjust any settings. That is the reason I was asking.

[........still checking........]

Now I found it! The configuration wiki says "After this, the page will be available in the /admin subdirectory." I was looking for this in the file system, not in the browser. This could be clearer...

Thanks for the pointers.

zilexa commented 2 years ago

You should not allow signups. Then everyone can (ab)use your system. Vaultwarden wiki is clear about Admin page, which you enabled via your Compose. Through Admin page, you configure SMTP and sent invites, also to yourself. My whole point is to really read the wiki of every service you use, to understand how to use it and what it's abilities are.

My guide is not a replacement of the documentation of the services. It only gives you a few pointers (the variables in your Compose + a link to official documentation). In your Compose you enabled Admin page.

Make sure you disable sign ups again.. your domain is constantly scanned by bots and if there is a malicious person behind it, that person could create lots of accounts on your system.

zsole2 commented 2 years ago

Of course I disable signups, that was only an attempt to see what is inside.