Sign in Subscribe
docker

Vaultwarden activate Push notification for mobile devices

New feature in Vaultwarden 1.29.0

2nistech

2 min read

The developpers of Vaultwarden just released a new feature with Vaultwarden 1.29.0, you can now setup Push notification to seamlessly sync your vault between the mobile app, the web extension and the web vault without the need to sync manually.

Also the websocked has been modified so you dont need to use the port 3012 anymore.

Enable push notification

First you need to update your Vaultwarden image if it's not already done with

docker compose pull vaultwarden
docker compose up -d vaultwarden

To setup you the mobile sync, you need to edit your  vaultwarden docker compose file and add this lines in the environnement part:

      - PUSH_ENABLED=true
      - PUSH_INSTALLATION_ID=
      - PUSH_INSTALLATION_KEY=
      - PUSH_RELAY_BASE_URI=https://push.bitwarden.com

To get the PUSH_INSTALLATION_ID and PUSH_INSTALLATION_KEY go to https://bitwarden.com/host/, put an email address and you'll get your ID and KEY.

Once it's done, restart your docker container with

docker compose up -d vaultwarden
đź’ˇ
At first the sync with my android phone was not working. I had to reinstall the app and relog to my Vaultwarden to make the push notification work.

Modify the live sync with Websocket

You can also remove the line WEBSOCKET_ENABLED=true has now Vaultwarden does not need a separate service running on the port 3012.

Do not forget to edit your reverse proxy configuration and modify the port 3012 by 80 for the notification hub.

Here my new vaultwarden.subdomain.conf for swag

## Version 2023/05/31
# make sure that your vaultwarden container is named vaultwarden
# make sure that your dns has a cname set for vaultwarden
# set the environment variable WEBSOCKET_ENABLED=true on your vaultwarden container

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name vaultwarden.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 128M;

    # enable for ldap auth (requires ldap-location.conf in the location block)
    #include /config/nginx/ldap-server.conf;

    # enable for Authelia (requires authelia-location.conf in the location block)
    #include /config/nginx/authelia-server.conf;

    # enable for Authentik (requires authentik-location.conf in the location block)
    #include /config/nginx/authentik-server.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable for ldap auth (requires ldap-server.conf in the server block)
        #include /config/nginx/ldap-location.conf;

        # enable for Authelia (requires authelia-server.conf in the server block)
        #include /config/nginx/authelia-location.conf;

        # enable for Authentik (requires authentik-server.conf in the server block)
        #include /config/nginx/authentik-location.conf;

        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app vaultwarden;
        set $upstream_port 80;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

    location ~ ^(/vaultwarden)?/admin {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable for ldap auth (requires ldap-server.conf in the server block)
        #include /config/nginx/ldap-location.conf;

        # enable for Authelia (requires authelia-server.conf in the server block)
        #include /config/nginx/authelia-location.conf;

        # enable for Authentik (requires authentik-server.conf in the server block)
        #include /config/nginx/authentik-location.conf;

        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app vaultwarden;
        set $upstream_port 80;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

    location ~ (/vaultwarden)?/api {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app vaultwarden;
        set $upstream_port 80;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

    location ~ (/vaultwarden)?/notifications/hub {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app vaultwarden;
        set $upstream_port 80;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

    location ~ (/vaultwarden)?/notifications/hub/negotiate {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app vaultwarden;
        set $upstream_port 80;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }
}

Sources: