Cannot make it work -- Tailscale + Headscale + Vaultwarden on local domain

Pinipon · May 1, 2025, 11:40am

What type of hardware are you using: Raspberry Pi 3, 4+
What YunoHost version are you running: 12.0.14
How are you able to access your server: The webadmin
SSH
Are you in a special context or did you perform specific tweaking on your YunoHost instance ?: no

Describe your issue

Hi everyone, I’m trying to configure this:

Headscale ynh app running on public domain
Tailscale on ynh + a few hosts
Vaultwarden ynh app running on a local domain
Worth mentioning: I’ve adguard home running on the yunohost server + in my local pc

The idea is to install vaultwarden but not to expos it to a public domain, but to connect to it using tailscale+headscale.
All the apps are installed and working, the hosts are connected using my own headscale instance, but I’m not being able to connect my bitwarden app on any of my devices to the vaultwarden server, obtaining a “fetch error”

Share relevant logs or error messages

no logs are enerated on yunohost regarding this issue

tituspijean · May 1, 2025, 4:19pm

Do you have errors and warnings about it in your browser console or in Vaultwarden’s service logs?

Pinipon · May 4, 2025, 10:19am

That error was shown in my host’s bitwarden

I’ve been doing many tests but I cannot make it work, I think I might have an issue in some DNS settings.

Here’s what I’ve tried:

Connect yunohost and other hosts through my own headscale instance, I’m able ping my 100.x.x.x IPs with no issue, but I cannot reach vaultwarden.local that way.
I tried installing vaultwarden in yunohost.local/vaultwarden and reach it on 100.x.x.x/vaultwarden and it didn’t work.
I tried connecting everything without using headscale (through tailscale public’s coordination server) and same result, I can reach the IP but not the vaultwarden local domain or yunohost.local/vaultwarden.
I tried deactivating MagicDNS, but still the same.

It’s worth mentioning that I’ve adguard home installed both in yunohost and in my pc, I tried with DNS rewrites (vaultwarden.local > 100.x.x.x) and didn’t work.

In yunohost diagnosis I get this message, if I’m not mistaken this happened right after installing headscale or tailscale:

[WARNING] DNS resolution seems to be working, but it looks like you're using a custom /etc/resolv.conf.
  - The file /etc/resolv.conf should be a symlink to /etc/resolvconf/run/resolv.conf itself pointing to 127.0.0.1 (dnsmasq). If you want to manually configure DNS resolvers, please edit /etc/resolv.dnsmasq.conf.

I don’t know what else to do at this point

Pinipon · May 7, 2025, 9:12am

Any idea of what I could be messing with?

Pinipon · May 9, 2025, 4:46pm

I noticed that if I install Vaultwarden in a public domain, everything works well.
But if I install it in a local domain I cannot connect to it using a host’s bitwarden app, even though I can access the app through the web browser.

It seems that the problem is Vaultwarden, not Tailscale or Headscale.
@ericg or @yalh76 have you tried using Vaultwarden in a local domain?

Pinipon · May 12, 2025, 1:31pm

I was able to make it work on http but not on https, still fighting but much closer now