starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-26 09:46:00 +03:00
Code Issues 39 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #411] Docker: Unable to run as non-root user #237

New issue
Closed
opened 2026-03-03 01:27:04 +03:00 by kerem · 3 comments
kerem commented 2026-03-03 01:27:04 +03:00
Owner
Copy link

Originally created by @rcdailey on GitHub (Feb 23, 2019).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/411

Using the latest tag as of today (2/23/2019), I'm unable to launch the docker image provided by @mprasil. I get this error after docker-compose run:

bitwarden | [2019-02-23 11:33:55][launch][INFO] Configured for staging.
bitwarden | [2019-02-23 11:33:55][launch_][INFO] address: 0.0.0.0
bitwarden | [2019-02-23 11:33:55][launch_][INFO] port: 80
bitwarden | [2019-02-23 11:33:55][launch_][INFO] log: normal
bitwarden | [2019-02-23 11:33:55][launch_][INFO] workers: 10
bitwarden | [2019-02-23 11:33:55][launch_][INFO] secret key: generated
bitwarden | [2019-02-23 11:33:55][launch_][INFO] limits: forms = 32KiB, json* = 10MiB
bitwarden | [2019-02-23 11:33:55][launch_][INFO] keep-alive: 5s
bitwarden | [2019-02-23 11:33:55][launch_][INFO] tls: disabled
bitwarden | [2019-02-23 11:33:55][rocket::fairing::fairings][INFO] Fairings:
bitwarden | [2019-02-23 11:33:55][_][INFO] 1 response: Application Headers
bitwarden | [2019-02-23 11:33:55][bitwarden_rs][ERROR] Launch error Bind(Io(Os { code: 13, kind: PermissionDenied, message: "Permission denied" }))

My docker-compose.yml is as follows:

version: '3.7'

services:
  app:
    image: mprasil/bitwarden
    container_name: bitwarden
    user: $UID:$GID
    networks:
      - reverse_proxy
    volumes:
      - ./data:/data
      - /etc/timezone:/etc/timezone:ro
    environment:
      - TZ=America/Chicago

networks:
  reverse_proxy:
    external: 'true'
    name: reverse_proxy

And yes, the permissions of my ./data directory are set properly. The same user referred to by UID and GID also owns the ./data directory.

Originally created by @rcdailey on GitHub (Feb 23, 2019). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/411 Using the `latest` tag as of today (2/23/2019), I'm unable to launch the docker image provided by @mprasil. I get this error after `docker-compose run`: ``` bitwarden | [2019-02-23 11:33:55][launch][INFO] Configured for staging. bitwarden | [2019-02-23 11:33:55][launch_][INFO] address: 0.0.0.0 bitwarden | [2019-02-23 11:33:55][launch_][INFO] port: 80 bitwarden | [2019-02-23 11:33:55][launch_][INFO] log: normal bitwarden | [2019-02-23 11:33:55][launch_][INFO] workers: 10 bitwarden | [2019-02-23 11:33:55][launch_][INFO] secret key: generated bitwarden | [2019-02-23 11:33:55][launch_][INFO] limits: forms = 32KiB, json* = 10MiB bitwarden | [2019-02-23 11:33:55][launch_][INFO] keep-alive: 5s bitwarden | [2019-02-23 11:33:55][launch_][INFO] tls: disabled bitwarden | [2019-02-23 11:33:55][rocket::fairing::fairings][INFO] Fairings: bitwarden | [2019-02-23 11:33:55][_][INFO] 1 response: Application Headers bitwarden | [2019-02-23 11:33:55][bitwarden_rs][ERROR] Launch error Bind(Io(Os { code: 13, kind: PermissionDenied, message: "Permission denied" })) ``` My `docker-compose.yml` is as follows: ```yml version: '3.7' services: app: image: mprasil/bitwarden container_name: bitwarden user: $UID:$GID networks: - reverse_proxy volumes: - ./data:/data - /etc/timezone:/etc/timezone:ro environment: - TZ=America/Chicago networks: reverse_proxy: external: 'true' name: reverse_proxy ``` And yes, the permissions of my `./data` directory are set properly. The same user referred to by `UID` and `GID` also owns the `./data` directory.
kerem closed this issue 2026-03-03 01:27:05 +03:00
kerem commented 2026-03-03 01:27:06 +03:00
Author
Owner
Copy link

@mprasil commented on GitHub (Feb 23, 2019):

Please see #287. You're definitely missing environment variable ROCKET_PORTset to something above 1024 (only root can bind to first 1024 ports) and it seems like you also might need to add DATA_FOLDER set to /data.

Hope that helps, please continue any discussion under #287 to avoid duplicates.

<!-- gh-comment-id:466673242 --> @mprasil commented on GitHub (Feb 23, 2019): Please see #287. You're definitely missing environment variable `ROCKET_PORT`set to something above `1024` (only root can bind to first `1024` ports) and it seems like you also might need to add `DATA_FOLDER` set to `/data`. Hope that helps, please continue any discussion under #287 to avoid duplicates.
kerem commented 2026-03-03 01:27:06 +03:00
Author
Owner
Copy link

@rcdailey commented on GitHub (Feb 23, 2019):

@mprasil Thank you, I will try what you have suggested. Could you please update your README to document these environment variables? https://hub.docker.com/r/mprasil/bitwarden

<!-- gh-comment-id:466673415 --> @rcdailey commented on GitHub (Feb 23, 2019): @mprasil Thank you, I will try what you have suggested. Could you please update your README to document these environment variables? https://hub.docker.com/r/mprasil/bitwarden
kerem commented 2026-03-03 01:27:06 +03:00
Author
Owner
Copy link

@rcdailey commented on GitHub (Feb 23, 2019):

For anyone else that comes across this, this docker-compose.yml works with non-root user. I also have it set up to share my reverse proxy network so I can forward requests from NGINX to Bitwarden:

version: '3.7'

services:
  app:
    image: mprasil/bitwarden
    container_name: bitwarden
    restart: always
    user: $UID:$GID
    networks:
      - reverse_proxy
    volumes:
      - ./data:/data
      - /etc/timezone:/etc/timezone:ro
    environment:
      - TZ=America/Chicago
      - ROCKET_PORT=10080
      - DATA_FOLDER=/data

networks:
  reverse_proxy:
    external: 'true'
    name: reverse_proxy
<!-- gh-comment-id:466673887 --> @rcdailey commented on GitHub (Feb 23, 2019): For anyone else that comes across this, this `docker-compose.yml` works with non-root user. I also have it set up to share my reverse proxy network so I can forward requests from NGINX to Bitwarden: ```yml version: '3.7' services: app: image: mprasil/bitwarden container_name: bitwarden restart: always user: $UID:$GID networks: - reverse_proxy volumes: - ./data:/data - /etc/timezone:/etc/timezone:ro environment: - TZ=America/Chicago - ROCKET_PORT=10080 - DATA_FOLDER=/data networks: reverse_proxy: external: 'true' name: reverse_proxy ```
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
revert-7033-patch-1
cached-config-operations
test_dylint
1.35.8
1.35.7
1.35.6
1.35.5
1.35.4
1.35.3
1.35.2
1.35.1
1.35.0
1.34.3
1.34.2
1.34.1
1.34.0
1.33.2
1.33.1
1.33.0
1.32.7
1.32.6
1.32.5
1.32.4
1.32.3
1.32.2
1.32.1
1.32.0
1.31.0
1.30.5
1.30.4
1.30.3
1.30.2
1.30.1
1.30.0
1.29.2
1.29.1
1.29.0
1.28.1
1.28.0
1.27.0
1.26.0
1.25.2
1.25.1
1.25.0
1.24.0
1.23.1
1.23.0
1.22.2
1.22.1
1.22.0
1.21.0
1.20.0
1.19.0
1.18.0
1.17.0
1.16.3
1.16.2
1.16.1
1.16.0
1.15.1
1.15.0
1.14.2
1.14.1
1.14
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.1
1.9.0
1.8.0
1.7.0
1.6.1
1.6.0
1.5.0
1.4.0
1.3.0
1.2.0
1.1.0
1.0.0
0.13.0
0.12.0
0.11.0
0.10.0
0.9.0
Labels
Clear labels   
SSO

   
Third party

   
better for forum

   
bug

   
bug

   
documentation

   
duplicate

   
enhancement

   
future Vault

   
future Vault

   
future Vault

   
good first issue

   
help wanted

   
low priority

   
notes

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
troubleshooting

   
wontfix
No labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
question
troubleshooting
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/vaultwarden#237
No description provided.