[HOW TO] Vaultwarden - Disable "Create Account"

Share your awesome tips and tricks here.

Moderator: Lillian.W@AST

Post Reply
QProphecy
Posts: 19
youtube meble na wymiar Warszawa
Joined: Mon May 09, 2016 4:55 am

[HOW TO] Vaultwarden - Disable "Create Account"

Post by QProphecy »

After installing Vaultwarden on your Asustor NAS and creating the user account(s) you wish to use, from a security perspective it makes sense to turn off the "Create Account" option for others who might want to abuse it. Follow these instructions in order to do so.

Do note: the same steps have to be executed again after upgrading ADM.

Prerequisites:
  • Basic understanding of Linux commands
  • Vaultwarden fully installed, configured and accessible via HTTPS
  • In ADM > Services > Terminal, enable SSH
  • Install and configure PuTTY in order to gain access to your NAS' command line interface
  • Login with your system user account and password (and if used, enter the 2-step verification code)
Commands to execute:

Code: Select all

sudo docker ps
enter password and copy the Container ID of your Vaultwarden image to the clipboard (keep it for later)

Code: Select all

cd /volume1/.@plugins/AppCentral/docker-ce/docker_lib/containers/
change directory to the NAS' Docker containers

Code: Select all

ls
to show the container folder(s) in this location

Code: Select all

cd c97242945b9e5b7ec1267983af5632fbb4617aa6e63e3a0bc9ccf15e470463a0
replace it with your 65 characters long directory name, which starts with the Container ID of Vaultwarden -- tip: type a few characters of the directory and complete it by hitting the <TAB> button

Code: Select all

sudo docker inspect XXX
This step is optional! -- replace XXX with your Container ID -- this will show you the content of the config.v2.json file in an easy to read format. Look for the text "Env". You will have to insert a parameter there with the text editor VI

Code: Select all

sudo docker stop XXX
replace XXX with your Container ID, to stop the Vaultwarden container

Code: Select all

sudo cp config.v2.json config.v2.json.backup
This step is optional, but is recommended! -- make a backup of the configuration file, in case a mistake is made while editing the file and you want to restore the original configuration file

Code: Select all

sudo vi config.v2.json

Code: Select all

/env
to search for the text "Env", this will jump the cursor to the first (and only) occurrence of "Env" in the file

Code: Select all

i
to switch to VI's Insert mode, in order to insert the parameter text "SIGNUPS_ALLOWED=false", as shown in the next step

Code: Select all

"Env":["SIGNUPS_ALLOWED=false","ROCKET_TLS={certs=\"/ssl/ssl.crt\",key=\"/ssl/ssl.key\"}",
Hit <ESC> to exit VI's Insert mode

Code: Select all

qw
to save the file and exit VI

Code: Select all

sudo reboot now
to restart your NAS. Do not use sudo docker start XXX, because this will reset the config.v2.json file!

After everything is up and running again, go to your Vaultwarden website (https://yourdomain.com:32301/). The Create Account link is still visible, but it's no longer able to create new accounts. Do note: That's by design according to the developers. -- If you try to create a new account the following error message is shown: An error has occurred. Registration not allowed or user already exists.

Done!

Also, remember to disable SSH again if you're not using it for anything else!
Post Reply

Return to “Tips & Tricks”