Hi
Since some weeks, I’m not able to connect to vaultwarden via the apps or extensions in chrome or firefox on umbrel.
Im connection to it via https protocol through an nginx proxy, but it seem’s that it’s not the newest version to install.
What can I do? To login direct to the vaultwarden via webgui is still possible, but it is very annoying for filling out forms. If you have any help in this or suggestions, that would be great.
Kind regards
Don
Have you tried using Tailscale? maybe that’s a possibility
No I haven’t. What should this solve to my problem? I use nginx proxy with https protocol. Isn’t that the same effect?
Yeah, you’re right you should be able to connect to it behind nginx.
The problem is probably what you said, Umbrel’s version of Vaultwarden is almost 1 year behind the current release, I can’t confirm (or reproduce) because I stopped using Vaultwarden on Umbrel.
So would it be possible to upgrade unofficial to the newest version. Because I would prefer to use it on umbrel, than to use another additional nas in my home.
Or where do I have to tell, that there should be a newer version for umbrel available?
Sorry I can’t help you further, as I said I’m no longer running Vaultwarden on Umbrel (I quit Umbrel entirely, for many reasons).
Having said that, if I’m not mistaken I believe you should be able to run your own instance of Vaultwarden on Umbrel, running its own container, you can try serving it on a different port so it doesn’t interfere with your current config.
You can try using Dockge, or Portainer, whatever suits you better, and run Vaultwarden from there, see more info here: vaultwarden/docker at main · dani-garcia/vaultwarden · GitHub
Other than that, the best solution would be Umbrel to upgrade its Vaultwarden app, but apparently that is not possible now due to the lack of https on Umbrel, check here: Update vaultwarden to version 1.35.1 by al-lac · Pull Request #4417 · getumbrel/umbrel-apps · GitHub
Unfortunately the https support has been waiting for more than 5 years, that was one of the reasons why I quit using Umbrel.
There should be some workaround using tailscale + https but it would take you some time to test it, and not being sure if it’s going to work.
Hey thanks for sharing so many insides. Why did you quit umbrel entirely, did you switch to another OS ? Appreciate your anser and yes what a pitty that Vaultwarden does not find a solution. In my opinion the Umbrel Team should also not list apps that are not being updated or even risky to use. Why is umbrel not updating to https ?
I used Umbrel for a couple of years since one of the first versions, and I still believe it’s a great options for many people.
Unfortunately I’ve some philosophical clash with their current business model, Umbrel started mainly focused on being a bitcoin node alternative, then they started adding other apps, which I think was a great idea. And then they started selling their “own” hardware (or whatever rebranded) and leaving the open source community focus aside, so many things started being tweaked for their own hardware, and the support is now focused mostly on their customers, and not all the users, and I’m not saying that is wrong, it’s just not what I like for myself.
There’re many REALLY BASIC features (like default https support) that hasn’t been solved in those many 5-6 years.
To be clear… I don’t know what you mean with “…what a pitty that Vaultwarden does not find a solution”, Vaultwarden is a very security-focused app, they should enforce security over all as the data you’re storing there is quite important, so ssl/tls/https is totally a MUST for this type of software, the problem is 100% on Umbrel’s side, not Vaultwarden’s.
I agree with you that there should be at least a warning on apps that can’t/won’t be upgraded properly, so it’s the user’s choice to use them or not.
Regarding the alternatives to Umbrel, there’re many options, the most “direct” ones might be Start9 or CasaOS.
In my case I chose to run a bitcoin node on a basic Debian-based device, so nothing too fancy, Raspiblitz or Raspibolt’s guides would do it, Start9 and CasaOS are bitcoin-focused too, that’s why those are the most direct alternatives to Umbrel.
And for the rest of the apps I chose Yunohost, but as I said, Start9, CasaOS, CapRover, etc. are good options too.
I agree with most of your concerns. The shift in focus you’re describing does feel a bit odd, especially given how much potential the platform originally had as a more open, community-driven project. It’s a pity, because the idea itself is still really strong, but some of those choices—like prioritizing their own hardware ecosystem and leaving basic features unresolved—make it feel like a missed opportunity. On top of that, there’s surprisingly little support, documentation, videos, or clear guidelines, which makes it harder for users who aren’t on their “official” path.
Here’s a compact but complete guide to run Vaultwarden on Umbrel via Portainer + Tailscale, and access it on iOS + macOS securely:
Vaultwarden on Umbrel via Portainer + Tailscale (iOS & macOS Access)
Overview
This guide sets up:
Vaultwarden in Docker (via Portainer)
Tailscale for secure remote access
Works with Bitwarden apps on iOS and macOS
No port forwarding, no public exposure
Requirements
Umbrel running (http://umbrel.local)
SSH access to Umbrel
Tailscale account
1. Install Portainer
SSH into Umbrel:
ssh umbrel@umbrel.local
Run:
docker volume create portainer_data
docker run -d \
-p 9000:9000 \
-p 9443:9443 \
--name portainer \
--restart=always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v portainer_data:/data \
portainer/portainer-ce:latest
Open in browser:
Create admin account.
2. Install Tailscale
On Umbrel:
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up
Log in via browser.
Check status:
tailscale status
Note your IP (e.g. 100.x.x.x)
3. Deploy Vaultwarden (Portainer)
In Portainer:
Paste:
version: “3”
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: unless-stopped
environment:
- WEBSOCKET_ENABLED=true
- SIGNUPS_ALLOWED=false
volumes:
- /home/umbrel/vaultwarden-data:/data
ports:
- 127.0.0.1:3000:80
Deploy.
4. Test locally
On Umbrel:
5. Access via Tailscale
From any device with Tailscale:
6. Enable MagicDNS (recommended)
In Tailscale admin panel:
Then access via:
7. Connect Bitwarden apps (iOS/macOS)
Install Bitwarden app.
Steps:
Open app
Log out if needed
Select “Self-hosted”
Server URL:
Login normally.
8. Optional: Restrict access to Tailscale only
sudo ufw deny 3000
sudo ufw allow from 100.64.0.0/10 to any port 3000
9. Backup
Backup this folder:
/home/umbrel/vaultwarden-data
Notes
No port forwarding required
Traffic is encrypted via Tailscale
WebSockets must be enabled for mobile apps
If connection fails: check Tailscale status and correct port
Result
Private Vaultwarden server
Accessible from anywhere via Tailscale
Works on iOS and macOS
Not exposed to the internet
Nice AI plan, ¿have you tried this? there’re some steps that should be simpler and more reliable, like using Tailscale app on Umbrel instead of deploying it at OS level.
Also using Dockge instead of Portainer might be an easier option.