starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-26 01:35:54 +03:00
Code Issues 39 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #469] How to use with nginx reverse proxy container and nginx letsencrypt companion container #287

New issue
Closed
opened 2026-03-03 01:27:38 +03:00 by kerem · 13 comments
kerem commented 2026-03-03 01:27:38 +03:00
Owner
Copy link

Originally created by @leggettc18 on GitHub (May 2, 2019).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/469

I'm attempting to deploy this using a docker_compose file, I already have it hosting a few more service set up in a similar way that work just fine, but for some reason with bitwarden_rs I'm getting a 502 bad gateway when I visit the domain. SSL is working, but I'm not getting to the actual app. Some help would be appreciated, here's the relevant parts of my docker_compose file.

version: '3'

services:
  
  bitwarden:
   image: mprasil/bitwarden
   restart: always
   volumes:
     - ./bw-data:/data
   environment:
     SIGNUPS_ALLOWED: "true"
     VIRTUAL_HOST: bitwarden.leggett.dev
     VIRTUAL_PORT: 443
     VIRTUAL_PROTO: https
     LETSENCRYPT_HOST: bitwarden.leggett.dev
     LETSENCRYPT_EMAIL: chris@leggett.dev
   networks:
     - proxy-tier

  proxy:
    build: ./proxy
    restart: always
    ports:
      - 80:80
      - 443:443
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    volumes:
      - certs:/etc/nginx/certs
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - proxy-tier

letsencrypt-companion:
    image: jrcs/letsencrypt-nginx-proxy-companion
    restart: always
    volumes:
      - certs:/etc/nginx/certs
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - proxy-tier
    depends_on:
      - proxy

networks:
  proxy-tier:
Originally created by @leggettc18 on GitHub (May 2, 2019). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/469 I'm attempting to deploy this using a docker_compose file, I already have it hosting a few more service set up in a similar way that work just fine, but for some reason with bitwarden_rs I'm getting a 502 bad gateway when I visit the domain. SSL is working, but I'm not getting to the actual app. Some help would be appreciated, here's the relevant parts of my docker_compose file. ``` version: '3' services: bitwarden: image: mprasil/bitwarden restart: always volumes: - ./bw-data:/data environment: SIGNUPS_ALLOWED: "true" VIRTUAL_HOST: bitwarden.leggett.dev VIRTUAL_PORT: 443 VIRTUAL_PROTO: https LETSENCRYPT_HOST: bitwarden.leggett.dev LETSENCRYPT_EMAIL: chris@leggett.dev networks: - proxy-tier proxy: build: ./proxy restart: always ports: - 80:80 - 443:443 labels: com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" volumes: - certs:/etc/nginx/certs - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/var/run/docker.sock:ro networks: - proxy-tier letsencrypt-companion: image: jrcs/letsencrypt-nginx-proxy-companion restart: always volumes: - certs:/etc/nginx/certs - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/var/run/docker.sock:ro networks: - proxy-tier depends_on: - proxy networks: proxy-tier: ```
kerem closed this issue 2026-03-03 01:27:38 +03:00
kerem commented 2026-03-03 01:27:39 +03:00
Author
Owner
Copy link

@mprasil commented on GitHub (May 2, 2019):

If I understand letsencrypt companion container configuration correctly (never used it, so I might be wrong here), you might want to remove VIRTUAL_PORT: 443 from your configuration, because bitwarden_rs listens on port 80 by default.

<!-- gh-comment-id:488529561 --> @mprasil commented on GitHub (May 2, 2019): If I understand letsencrypt companion container configuration correctly (never used it, so I might be wrong here), you might want to remove `VIRTUAL_PORT: 443` from your configuration, because `bitwarden_rs` listens on port `80` by default.
kerem commented 2026-03-03 01:27:39 +03:00
Author
Owner
Copy link

@leggettc18 commented on GitHub (May 2, 2019):

I still get the bad gateway if I take that out. I also tried changing the Virtual Port to 80, as well as setting the Rocket Port to 443 with Virtual Port to 443.

<!-- gh-comment-id:488530533 --> @leggettc18 commented on GitHub (May 2, 2019): I still get the bad gateway if I take that out. I also tried changing the Virtual Port to 80, as well as setting the Rocket Port to 443 with Virtual Port to 443.
kerem commented 2026-03-03 01:27:39 +03:00
Author
Owner
Copy link

@mprasil commented on GitHub (May 2, 2019):

You also want to remove VIRTUAL_PROTO: https if you're not doing https on the bitwarden_rs side.

<!-- gh-comment-id:488640510 --> @mprasil commented on GitHub (May 2, 2019): You also want to remove `VIRTUAL_PROTO: https` if you're not doing https on the `bitwarden_rs` side.
kerem commented 2026-03-03 01:27:39 +03:00
Author
Owner
Copy link

@leggettc18 commented on GitHub (May 2, 2019):

I did that as well, still getting the bad gateway error.

<!-- gh-comment-id:488640707 --> @leggettc18 commented on GitHub (May 2, 2019): I did that as well, still getting the bad gateway error.
kerem commented 2026-03-03 01:27:39 +03:00
Author
Owner
Copy link

@mprasil commented on GitHub (May 2, 2019):

Any errors in the bitwarden_rs container logs?

<!-- gh-comment-id:488643851 --> @mprasil commented on GitHub (May 2, 2019): Any errors in the `bitwarden_rs` container logs?
kerem commented 2026-03-03 01:27:39 +03:00
Author
Owner
Copy link

@leggettc18 commented on GitHub (May 2, 2019):

Would they be somewhere in the bwdata folder? Or somewhere in the container itself? I'm at work currently but I'll take a look as soon as I can.

<!-- gh-comment-id:488665974 --> @leggettc18 commented on GitHub (May 2, 2019): Would they be somewhere in the bwdata folder? Or somewhere in the container itself? I'm at work currently but I'll take a look as soon as I can.
kerem commented 2026-03-03 01:27:39 +03:00
Author
Owner
Copy link

@mprasil commented on GitHub (May 2, 2019):

The logs are sent to stdout by default, so you should be able to see them with docker logs.

<!-- gh-comment-id:488703823 --> @mprasil commented on GitHub (May 2, 2019): The logs are sent to stdout by default, so you should be able to see them with `docker logs`.
kerem commented 2026-03-03 01:27:39 +03:00
Author
Owner
Copy link

@leggettc18 commented on GitHub (May 3, 2019):

Actually I may have figured it out. It looks like had an incorrectly configured container running that was maybe taking up the port or something? I think it was caused by me renaming the parent directory and attempting to relaunch the containers, not realizing it made new containers. I saw an error and put it back but I didn't realize the containers had been created already. Stopping and removing all containers and relaunching the docker-compose command seems to have fixed it. Thanks for your help!

<!-- gh-comment-id:488884528 --> @leggettc18 commented on GitHub (May 3, 2019): Actually I may have figured it out. It looks like had an incorrectly configured container running that was maybe taking up the port or something? I think it was caused by me renaming the parent directory and attempting to relaunch the containers, not realizing it made new containers. I saw an error and put it back but I didn't realize the containers had been created already. Stopping and removing all containers and relaunching the docker-compose command seems to have fixed it. Thanks for your help!
kerem commented 2026-03-03 01:27:39 +03:00
Author
Owner
Copy link

@scope-username commented on GitHub (May 7, 2019):

Actually I may have figured it out. It looks like had an incorrectly configured container running that was maybe taking up the port or something? I think it was caused by me renaming the parent directory and attempting to relaunch the containers, not realizing it made new containers. I saw an error and put it back but I didn't realize the containers had been created already. Stopping and removing all containers and relaunching the docker-compose command seems to have fixed it. Thanks for your help!

Could you please help me out with docker-compose you have used to get bitwarden_rs container running with nginx reverse proxy container and nginx letsencrypt companion container ? I am getting the same 502 bad gateway error as you did previously and changing the port for bitwarden_rs container didn't help.

<!-- gh-comment-id:489923943 --> @scope-username commented on GitHub (May 7, 2019): > Actually I may have figured it out. It looks like had an incorrectly configured container running that was maybe taking up the port or something? I think it was caused by me renaming the parent directory and attempting to relaunch the containers, not realizing it made new containers. I saw an error and put it back but I didn't realize the containers had been created already. Stopping and removing all containers and relaunching the docker-compose command seems to have fixed it. Thanks for your help! Could you please help me out with docker-compose you have used to get bitwarden_rs container running with nginx reverse proxy container and nginx letsencrypt companion container ? I am getting the same 502 bad gateway error as you did previously and changing the port for bitwarden_rs container didn't help.
kerem commented 2026-03-03 01:27:39 +03:00
Author
Owner
Copy link

@kdaveid commented on GitHub (May 29, 2019):

Maybe @leggettc18 can confirm he used the posted docker-compose file above (or post the current one) to help other users/community. If everything is fine, please close the issue, that helps additionally. Thanks!

<!-- gh-comment-id:497080856 --> @kdaveid commented on GitHub (May 29, 2019): Maybe @leggettc18 can confirm he used the **posted** `docker-compose` file above (or post the current one) to help other users/community. If everything is fine, please close the issue, that helps additionally. Thanks!
kerem commented 2026-03-03 01:27:39 +03:00
Author
Owner
Copy link

@leggettc18 commented on GitHub (Jun 3, 2019):

I apologize for just now seeing this. I only have access to my phone for right now, but I'll post my current docker-compose file tomorrow night.

<!-- gh-comment-id:498091143 --> @leggettc18 commented on GitHub (Jun 3, 2019): I apologize for just now seeing this. I only have access to my phone for right now, but I'll post my current docker-compose file tomorrow night.
kerem commented 2026-03-03 01:27:40 +03:00
Author
Owner
Copy link

@leggettc18 commented on GitHub (Jun 4, 2019):

version: '3'

services:
  bitwarden:
    image: mprasil/bitwarden
    restart: always
    volumes:
      - ./bw-data:/data
    environment:
      ADMIN_TOKEN: ********************
      SIGNUPS_ALLOWED: "false"
      VIRTUAL_HOST: cloud.domain.tld
      LETSENCRYPT_HOST: cloud.domain.tld
      LETSENCRYPT_EMAIL: valid@email.com
    networks:
      - proxy-tier

  proxy:
    build: ./proxy
    restart: always
    ports:
      - 80:80
      - 443:443
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    volumes:
      - certs:/etc/nginx/certs:ro
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/tmp/docker.sock:ro
    networks:
      - proxy-tier

  letsencrypt-companion:
    image: jrcs/letsencrypt-nginx-proxy-companion
    restart: always
    volumes:
      - certs:/etc/nginx/certs
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - proxy-tier
    depends_on:
      - proxy

networks:
  proxy-tier:

Here's the relevant parts of my docker-compose file that are currently working. (Sensitive information edited out, obvs). I don't believe I changed anything between these trys, the problem I had was a previously incorrectly configured container taking the port but not getting routed to properly by the reverse proxy. Check to make sure you don't have any containers still running from failed attempts or previous configurations. Otherwise this setup should work.

<!-- gh-comment-id:498624594 --> @leggettc18 commented on GitHub (Jun 4, 2019): ``` version: '3' services: bitwarden: image: mprasil/bitwarden restart: always volumes: - ./bw-data:/data environment: ADMIN_TOKEN: ******************** SIGNUPS_ALLOWED: "false" VIRTUAL_HOST: cloud.domain.tld LETSENCRYPT_HOST: cloud.domain.tld LETSENCRYPT_EMAIL: valid@email.com networks: - proxy-tier proxy: build: ./proxy restart: always ports: - 80:80 - 443:443 labels: com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" volumes: - certs:/etc/nginx/certs:ro - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/tmp/docker.sock:ro networks: - proxy-tier letsencrypt-companion: image: jrcs/letsencrypt-nginx-proxy-companion restart: always volumes: - certs:/etc/nginx/certs - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/var/run/docker.sock:ro networks: - proxy-tier depends_on: - proxy networks: proxy-tier: ``` Here's the relevant parts of my docker-compose file that are currently working. (Sensitive information edited out, obvs). I don't believe I changed anything between these trys, the problem I had was a previously incorrectly configured container taking the port but not getting routed to properly by the reverse proxy. Check to make sure you don't have any containers still running from failed attempts or previous configurations. Otherwise this setup should work.
kerem commented 2026-03-03 01:27:40 +03:00
Author
Owner
Copy link

@leggettc18 commented on GitHub (Jun 4, 2019):

I'll close this issue now since I've got it working. @scope-username if you're still having issues you may want to open another issue, since your problem seems to be different.

<!-- gh-comment-id:498853282 --> @leggettc18 commented on GitHub (Jun 4, 2019): I'll close this issue now since I've got it working. @scope-username if you're still having issues you may want to open another issue, since your problem seems to be different.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
revert-7033-patch-1
cached-config-operations
test_dylint
1.35.8
1.35.7
1.35.6
1.35.5
1.35.4
1.35.3
1.35.2
1.35.1
1.35.0
1.34.3
1.34.2
1.34.1
1.34.0
1.33.2
1.33.1
1.33.0
1.32.7
1.32.6
1.32.5
1.32.4
1.32.3
1.32.2
1.32.1
1.32.0
1.31.0
1.30.5
1.30.4
1.30.3
1.30.2
1.30.1
1.30.0
1.29.2
1.29.1
1.29.0
1.28.1
1.28.0
1.27.0
1.26.0
1.25.2
1.25.1
1.25.0
1.24.0
1.23.1
1.23.0
1.22.2
1.22.1
1.22.0
1.21.0
1.20.0
1.19.0
1.18.0
1.17.0
1.16.3
1.16.2
1.16.1
1.16.0
1.15.1
1.15.0
1.14.2
1.14.1
1.14
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.1
1.9.0
1.8.0
1.7.0
1.6.1
1.6.0
1.5.0
1.4.0
1.3.0
1.2.0
1.1.0
1.0.0
0.13.0
0.12.0
0.11.0
0.10.0
0.9.0
Labels
Clear labels   
SSO

   
Third party

   
better for forum

   
bug

   
bug

   
documentation

   
duplicate

   
enhancement

   
future Vault

   
future Vault

   
future Vault

   
good first issue

   
help wanted

   
low priority

   
notes

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
troubleshooting

   
wontfix
No labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
question
troubleshooting
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/vaultwarden#287
No description provided.