Strange behavior between .env and config.json for websocket activation

[sebtiz13]

Subject of the issue

I have strange behavior between .env and config.json for websocket activation.
I need to add "websocket_enabled": true" in config.json for websocket synchronisation work with firefox extension (I haven't check other browser extension)

Deployment environment

Your environment (Generated via diagnostics page)

• Bitwarden_rs version: v1.20.0
• Web-vault version: v2.19.0
• Running within Docker: false
• Uses a reverse proxy: true
• IP Header check: true (X-Real-IP)
• Internet access: true
• Internet access via a proxy: false
• DNS Check: true
• Time Check: true
• Domain Configuration Check: true
• HTTPS Check: true
• Database type: SQLite
• Database version: 3.33.0
• Clients used: Firefox extension
• Reverse proxy and version: Nginx 1.14.2
• Other relevant information: use Bitwarden binary on raspbery pi (raspbian) with systemd configuration

Config (Generated via diagnostics page)

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_ip_header_enabled": true,
  "admin_token": null,
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_max_conns": 10,
  "database_url": "****/**.*******",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": true,
  "disable_icon_download": false,
  "domain": "*****://*********.********.**/",
  "domain_origin": "*****://*********.********.**",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "invitation_org_name": "Bitwarden_rs",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "org_attachment_limit": null,
  "org_creation_users": "",
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "sends_folder": "data/sends",
  "show_password_hint": true,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": "LOGIN",
  "smtp_debug": false,
  "smtp_explicit_tls": true,
  "smtp_from": "*******@********.**",
  "smtp_from_name": "Bitwarden_RS",
  "smtp_host": "****.***.***",
  "smtp_password": "***",
  "smtp_port": 465,
  "smtp_ssl": true,
  "smtp_timeout": 15,
  "smtp_username": "*******@********.**",
  "templates_folder": "data/templates",
  "use_syslog": false,
  "user_attachment_limit": -1,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

In doubt this is my .env

ROCKET_PORT=XXXX
WEBSOCKET_ENABLED="true" # enable websocket

Steps to reproduce

When I have set WEBSOCKET_ENABLED="true" in .env the connection to websocket in web_vault work normally but doesn't have websocket synchronization with my firefox extension

If i edit the config.json file manually to add "websocket_enabled": true" after restart of service and manually synchronization in firefox extension the websocket synchronization with my firefox extension work

Expected behaviour

Work normally with just .env variables or when update configuration with admin page don't remove "websocket_enabled" in config.json

Actual behaviour

The Firefox extension don't receive websocket synchronization if "websocket_enabled" is not in config.json and update on configuration page overwrite the config.json without "websocket_enabled"

Troubleshooting data

In my console with webvault

[2021-04-13T20:52:26.807Z] Information: WebSocket connected to wss://..*/notifications/hub?access_token=eyJ0eX....XMEvcsQ.

Sorry i don't find how show eventually error of websocket in firefox extension

[BlackDex]

This is how it works.
You probably have toggled the websockets setting within the admin interface, which saves the settings to the json file.

The json file overrules the env settings.

[jjlin]

websocket_enabled is read-only config, though. It shouldn't be editable via the admin interface, or saved to config.json. But I'm not sure what happens if you manually edit config.json with a conflicting value.

[BlackDex]

Hmm indeed. I'm also not sure if it gets saved to the json file, if that is the case, that should be fixed.

[sebtiz13]

Sorry, indeed I had trouble to really explaining the behavior.
Like say @jjlin the websocket_enabled its read-only configuration on admin, so it's not saved in config.json. This is why when update configuration on admin the config.json it's override without websocket_enabled.

This behavior seems logical to me, but what I don't understand its why when I set WEBSOCKET_ENABLED="true" only in .env its appear like enabled on admin page but doesn't work with Firefox extension and when I edit manually config.json to add "websocket_enabled": true after restart it's work.

I suppose there is a part of code where the parameter websocket_enabled it's only get from config.json and don't support environment variable.

That I found strange, it's web_vault sent to console WebSocket connected in two case (environment variable and manually add in config.json) but if parameter it's not set in config.json it's like websocket server are enabled, but not send synchronization message

In doubt, I add my dot env in original message

[BlackDex]

@sebtiz13:
There is no way that the env's arn't read and the config.json is. They are getting merged.
So, there are a few options here i think.

1. The env's aren't loaded at all and that file isn't read during startup.
2. There is something within the .env file which breaks parsing, but doesn't produces an error/warning/panic.

Best way to check this out is by renaming the config.json file temporarily to config.json.old or something.
Change the .env file var LOG_LEVEL to either have trace logging or no logging, off, at all, to see if it picks up that change, and maybe verify that by going to the /admin and check the settings over there.

If it does change the logging output, then i would suggest to move that variable LOG_LEVEL all the way at the bottom, and remove it from the previous place and see if it still works. If it breaks, then something is going wrong down the line in the file for some reason.

Same goes for the WEBSOCKET_ENABLED var, you could try to put that all the way at the top of the .env file and see what happens. If it then does start to work, then also there is something strange within the .env file which i really would like to know what, so that we can try to detect it, and prevent issues for the rest.

In any case, you should at least see something like this when it started:

[2021-06-20 18:03:11.450][parity_ws][INFO] Listening for new connections on 0.0.0.0:3012.
[2021-06-20 18:03:11.471][start][INFO] Rocket has launched from http://0.0.0.0:8080

So, could you provide us with this info please?

[sebtiz13]

Hello

I have finally found the cause of this behavior.
It's due too comment after the value # enable websocket

I have configured my server with systemd like example from wiki page Setup as a systemd service i have declared my .env like this

EnvironmentFile=/srv/vaultwarden/.env

and all env variables are loaded except "WEBSOCKET_ENABLED" it's due to the comment after the variables
I don't really understand why but when I start the server from bash with

./vaultwarden

It's read, but with systemd not, i supose it's an error to have an comment on same line as a variable in .env for systemd (maybe not use same parser like bash)

Finally i have remove the comment and it's work normally
And effectively if i keep "websocket_enabled": true in config.json on start i have this warning

[WARNING] The following environment variables are being overriden by the config file,
[WARNING] please use the admin panel to make changes to them:
[WARNING] WEBSOCKET_ENABLED

So maybe just need to add an comment for this details on wiki

Thanks for your help

[BlackDex]

@sebtiz13 feel free to update the wiki!