VaultWarden - No Access via Cloudfared or NPM

Agrarvolution · April 18, 2025, 9:40am

I’ve been trying to set up Vaultwarden on my NAS.
It works without issues, when I access it with the server-IP, Truenas interface hostname:30032. I get my SSL cert with Let’s Encrypt in my interface and NPM.

Now when I try to forward it with either NPM or Cloudflare tunnel I will always get an error page. Either host error via Cloudflare or DNS_PROBE_FINISHED_NXDOMAIN
The service just doesn’t get forwarded, despite matching ports.

NPM settings.

I tried looking for similar issues on the forum and online and couldn’t really come up with anything.
This is the most similar issue, but also not quite.
What could be the issue here?

oxyde · April 18, 2025, 10:27am

Have you already tried to change schema on NPM from https to http?

Agrarvolution · April 18, 2025, 10:38am

Yup tried both and it didn’t change.

For a second I thought I maybe missed a local DNS entry in PiHole for the NPM test, but that wasn’t the issue either.

oxyde · April 18, 2025, 11:31am

At this point i would try if NPM can nor reach the service via ip address and resolve the name (from inside the container).
For domain address check on host itself.
Also, this occur only with vaultwarden or you have other services running fine with NPM?

Agrarvolution · April 18, 2025, 11:57am

Only Vaultwarden doesn’t work. I have 6 services running without issues with NPM. 5 of those link back to the NAS (same IP) while one forwards another device. There is also one service running successfully via Cloudflare Tunnel.

If I ping the service with 10.1.0.1:30032 from within the NPM container I have no packet loss. I also checked the NPM logs and they surprisingly come up empty (both access and error) for what I assume is the entry for Vaultwarden (the last one)

I also tried running Vaultwarden with different cert settings, but never setting the domain. And it always works with the direct link. As expected, the user portal doesn’t load if there isn’t any cert set. I also tried setting the same domain I’m using in the proxy in the app settings and it doesn’t work.

oxyde · April 18, 2025, 12:00pm

Just one thing i didn’t understand:

Its the same for the domain?

Agrarvolution · April 18, 2025, 12:23pm

Ah, I think I made a mistake here, since the NPM container doesn’t have ping. So I must have blindly opened another app shell.
On the flip side - I can reach Waltwarden from other apps as well.

Back in NPM shell:
When I curl the domain with https://nas_hostname:30032 I get a response. But when I do with https://10.1.0.1:30032 I get an SSL error. Just like when I’m opening it in the browser.

oxyde · April 18, 2025, 12:29pm

Yep this Is pretty normal.
Sorry i ask you again but for sure i wasn’t be enough clear, what I was meaning Is to try to curl the vaultwarden domain you want NPM to proxy on, to see if Is resolved or not from the NPM container and from Nas itself.

Agrarvolution · April 18, 2025, 12:35pm

Thanks for you help. I typed an incomplete hostname in Pihole. Now the local hostname via NPM works.

But the Cloudflare Tunnel still fails with 502 from everywhere.

oxyde · April 18, 2025, 3:05pm

typo are evils
I’m sorry but for Cloudflare Tunnel i don’t know what to suggest, i never used it

Agrarvolution · April 18, 2025, 5:06pm

I figured everything out now. The Cloudflare tunnel issue come from the fact that Cloudflare and my server don’t use the same cert and then Cloudflare blocks it. Basically disabling the TLS-Check solved that issue.

Looking back at this thread, leaving it be for another day would have been better than asking on the forum. Seems like it wasn’t quite my day today.

Thanks a lot for your help anyways.