-
-
Notifications
You must be signed in to change notification settings - Fork 2k
Enabling WebSocket notifications
WebSocket notifications are used to inform the browser and desktop Bitwarden clients that some event of interest has occurred, such as when an entry in the password database has been modified or deleted. Upon receiving the notification, the client can take an appropriate action, such as refetching the modified entry, or removing the deleted entry from its local copy of the database. In this notification scheme, the Bitwarden client establishes a persistent WebSocket connection with the Bitwarden server (vaultwarden in this case). Whenever the server has an event to report, it sends it to the client via this persistent connection.
Note that WebSocket notifications are not applicable to the mobile (Android/iOS) Bitwarden clients. These clients use the native push notification service instead (FCM for Android, APNs for iOS). vaultwarden does not currently support push notifications to mobile clients.
To enable WebSockets notifications, an external reverse proxy is necessary, and it must be configured to do the following:
- Route the
/notifications/hub
endpoint to the WebSocket server, by default at port3012
, making sure to pass theConnection
andUpgrade
headers. (Note the port can be changed withWEBSOCKET_PORT
variable) - Route everything else, including
/notifications/hub/negotiate
, to the standard Rocket server, by default at port80
. - If using Docker, you may need to map both ports with the
-p
flag
Example configurations are included in Proxy examples.
Then you need to enable WebSockets negotiation on the vaultwarden side by setting the WEBSOCKET_ENABLED
variable to true
:
docker run -d --name bitwarden \
-e WEBSOCKET_ENABLED=true \
-v /vw-data/:/data/ \
-p 80:80 \
-p 3012:3012 \
vaultwarden/server:latest
Note: The reason for this workaround is the lack of support for WebSockets from Rocket (though it's a planned feature), which forces us to launch a secondary server on a separate port.
- Which container image to use
- Starting a container
- Updating the vaultwarden image
- Using Docker Compose
- Using Podman
- Building your own docker image
- Building binary
- Pre-built binaries
- Third-party packages
- Deployment examples
- Proxy examples
- Logrotate example
- Overview
- Disable registration of new users
- Disable invitations
- Enabling admin page
- Disable the admin token
- Enabling WebSocket notifications
- Enabling Mobile Client push notification
- Enabling U2F and FIDO2 WebAuthn authentication
- Enabling YubiKey OTP authentication
- Changing persistent data location
- Changing the API request size limit
- Changing the number of workers
- SMTP configuration
- Translating the email templates
- Password hint display
- Disabling or overriding the Vault interface hosting
- Logging
- Creating a systemd service
- Syncing users from LDAP
- Using an alternate base dir (subdir/subpath)
- Other configuration