-
-
Notifications
You must be signed in to change notification settings - Fork 2k
Enabling WebSocket notifications
WebSocket notifications are used to inform the browser and desktop Bitwarden clients that some event of interest has occurred, such as when an entry in the password database has been modified or deleted. Upon receiving the notification, the client can take an appropriate action, such as refetching the modified entry, or removing the deleted entry from its local copy of the database. In this notification scheme, the Bitwarden client establishes a persistent WebSocket connection with the Bitwarden server (vaultwarden in this case). Whenever the server has an event to report, it sends it to the client via this persistent connection.
Note that WebSocket notifications are not applicable to the mobile (Android/iOS) Bitwarden clients. These clients use the native push notification service instead (FCM for Android, APNs for iOS). vaultwarden does not currently support push notifications to mobile clients.
To enable WebSockets notifications, an external reverse proxy is necessary, and it must be configured to do the following:
- Route the
/notifications/hubendpoint to the WebSocket server, by default at port3012, making sure to pass theConnectionandUpgradeheaders. (Note the port can be changed withWEBSOCKET_PORTvariable) - Route everything else, including
/notifications/hub/negotiate, to the standard Rocket server, by default at port80. - If using Docker, you may need to map both ports with the
-pflag
Example configurations are included in Proxy examples.
Then you need to enable WebSockets negotiation on the vaultwarden side by setting the WEBSOCKET_ENABLED variable to true:
docker run -d --name vaultwarden \
-e WEBSOCKET_ENABLED=true \
-v /vw-data/:/data/ \
-p 80:80 \
-p 3012:3012 \
vaultwarden/server:latestNote: The reason for this workaround is the lack of support for WebSockets from Rocket (though it's a planned feature), which forces us to launch a secondary server on a separate port.
Testing if a connection is working correctly can be done in two ways:
-
Open the developer tools of your browser, go to the network tab and filter for
WS/WebSockets. Logout or refresh the page and login again and you you should see a 101 response for the upgraded WebSocket connection. If you click on that line you should be able to see the messages. If you do not get the status code 101 on/notifications/hubthen something is configured incorrectly. -
Open two different browsers or an incognito/private window. Login into your account on both. Either create a new entry, or rename the cipher in one, and that should instantly change also in the other.
- Which container image to use
- Starting a container
- Updating the vaultwarden image
- Using Docker Compose
- Using Podman
- Building your own docker image
- Building binary
- Pre-built binaries
- Third-party packages
- Deployment examples
- Proxy examples
- Logrotate example
- Overview
- Disable registration of new users
- Disable invitations
- Enabling admin page
- Disable the admin token
- Enabling WebSocket notifications
- Enabling Mobile Client push notification
- Enabling U2F and FIDO2 WebAuthn authentication
- Enabling YubiKey OTP authentication
- Changing persistent data location
- Changing the API request size limit
- Changing the number of workers
- SMTP configuration
- Translating the email templates
- Password hint display
- Disabling or overriding the Vault interface hosting
- Logging
- Creating a systemd service
- Syncing users from LDAP
- Using an alternate base dir (subdir/subpath)
- Other configuration