[GH-ISSUE #676] Documentation: Updated Traefik proxy example for use with Traefik v2 #456

New issue

Closed

opened 2026-03-03 01:29:18 +03:00 by kerem · 3 comments

kerem commented 2026-03-03 01:29:18 +03:00

Owner

Copy link

Originally created by @hwwilliams on GitHub (Oct 20, 2019).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/676

I just finished setting up Bitwarden and thought I'd provide the necessary labels that work for me when using the latest release of Traefik (v2.0.2 as of writing) now that v2 is out of beta in case you'd like to update the proxy example on the wiki.

These labels would provide the same functionality as the existing example just with updated syntax to work with Traefik v2 assuming you have the rest of Traefik configured correctly:

labels:
  - traefik.enable=true
  - traefik.docker.network=traefik
    # Define service of 'bitwarden' for UI port when using entrypoint websecure (port 443)
  - traefik.http.services.bitwarden.loadbalancer.server.port=80
  - traefik.http.routers.bitwarden.rule=Host(`bitwarden.domain.tld`)
  - traefik.http.routers.bitwarden.entrypoints=websecure
  - traefik.http.routers.bitwarden.service=bitwarden
    # Define service of 'bitwarden-websocket' for socket port when using entrypoint websecure (port 443)
  - traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012
  - traefik.http.routers.bitwarden-websocket.rule=Host(`bitwarden.domain.tld`) && Path(`/notifications/hub`)
  - traefik.http.routers.bitwarden-websocket.entrypoints=websecure
  - traefik.http.routers.bitwarden-websocket.service=bitwarden-websocket

At the time of writing this I don't know of a way to have Traefik v2 redirect all http traffic to https globally so if you'd like to do that here is another example which includes a middleware redirect:

labels:
  - traefik.enable=true
  - traefik.docker.network=traefik
    # Define middleware of 'redirect-https', set scheme and set permanent redirect as true
  - traefik.http.middlewares.redirect-https.redirectScheme.scheme=https
  - traefik.http.middlewares.redirect-https.redirectScheme.permanent=true
    # Define service of 'bitwarden' for UI port when using entrypoint websecure (port 443)
  - traefik.http.services.bitwarden.loadbalancer.server.port=80
  - traefik.http.routers.bitwarden-https.rule=Host(`bitwarden.domain.tld`)
  - traefik.http.routers.bitwarden-https.entrypoints=websecure
  - traefik.http.routers.bitwarden-https.service=bitwarden
    # Define service of 'bitwarden' for UI port when using entrypoint web (port 80)
  - traefik.http.routers.bitwarden-http.rule=Host(`bitwarden.domain.tld`)
  - traefik.http.routers.bitwarden-http.entrypoints=web
  - traefik.http.routers.bitwarden-http.middlewares=redirect-https
  - traefik.http.routers.bitwarden-http.service=bitwarden
    # Define service of 'bitwarden-websocket' for socket port when using entrypoint websecure (port 443)
  - traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012
  - traefik.http.routers.bitwarden-websocket-https.rule=Host(`bitwarden.domain.tld`) && Path(`/notifications/hub`)
  - traefik.http.routers.bitwarden-websocket-https.entrypoints=websecure
  - traefik.http.routers.bitwarden-websocket-https.service=bitwarden-websocket
    # Define service of 'bitwarden-websocket' for socket port when using entrypoint web (port 80)
  - traefik.http.routers.bitwarden-websocket-http.rule=Host(`bitwarden.domain.tld`) && Path(`/notifications/hub`)
  - traefik.http.routers.bitwarden-websocket-http.entrypoints=web
  - traefik.http.routers.bitwarden-websocket-http.middlewares=redirect-https
  - traefik.http.routers.bitwarden-websocket-http.service=bitwarden-websocket

Obviously remove all comments from the label section before use.

I included both examples as the configuration of https redirects on Traefik v1 weren't the most obvious since it usually did it automatically at certain points and as of now with Traefik v2.0.2 you have to include a redirect rule for each host.

Originally created by @hwwilliams on GitHub (Oct 20, 2019). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/676 I just finished setting up Bitwarden and thought I'd provide the necessary labels that work for me when using the latest release of Traefik (v2.0.2 as of writing) now that v2 is out of beta in case you'd like to update the proxy example on the wiki. These labels would provide the same functionality as the existing example just with updated syntax to work with Traefik v2 assuming you have the rest of Traefik configured correctly: ```yaml labels: - traefik.enable=true - traefik.docker.network=traefik # Define service of 'bitwarden' for UI port when using entrypoint websecure (port 443) - traefik.http.services.bitwarden.loadbalancer.server.port=80 - traefik.http.routers.bitwarden.rule=Host(`bitwarden.domain.tld`) - traefik.http.routers.bitwarden.entrypoints=websecure - traefik.http.routers.bitwarden.service=bitwarden # Define service of 'bitwarden-websocket' for socket port when using entrypoint websecure (port 443) - traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012 - traefik.http.routers.bitwarden-websocket.rule=Host(`bitwarden.domain.tld`) && Path(`/notifications/hub`) - traefik.http.routers.bitwarden-websocket.entrypoints=websecure - traefik.http.routers.bitwarden-websocket.service=bitwarden-websocket ``` At the time of writing this I don't know of a way to have Traefik v2 redirect all http traffic to https globally so if you'd like to do that here is another example which includes a middleware redirect: ```yaml labels: - traefik.enable=true - traefik.docker.network=traefik # Define middleware of 'redirect-https', set scheme and set permanent redirect as true - traefik.http.middlewares.redirect-https.redirectScheme.scheme=https - traefik.http.middlewares.redirect-https.redirectScheme.permanent=true # Define service of 'bitwarden' for UI port when using entrypoint websecure (port 443) - traefik.http.services.bitwarden.loadbalancer.server.port=80 - traefik.http.routers.bitwarden-https.rule=Host(`bitwarden.domain.tld`) - traefik.http.routers.bitwarden-https.entrypoints=websecure - traefik.http.routers.bitwarden-https.service=bitwarden # Define service of 'bitwarden' for UI port when using entrypoint web (port 80) - traefik.http.routers.bitwarden-http.rule=Host(`bitwarden.domain.tld`) - traefik.http.routers.bitwarden-http.entrypoints=web - traefik.http.routers.bitwarden-http.middlewares=redirect-https - traefik.http.routers.bitwarden-http.service=bitwarden # Define service of 'bitwarden-websocket' for socket port when using entrypoint websecure (port 443) - traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012 - traefik.http.routers.bitwarden-websocket-https.rule=Host(`bitwarden.domain.tld`) && Path(`/notifications/hub`) - traefik.http.routers.bitwarden-websocket-https.entrypoints=websecure - traefik.http.routers.bitwarden-websocket-https.service=bitwarden-websocket # Define service of 'bitwarden-websocket' for socket port when using entrypoint web (port 80) - traefik.http.routers.bitwarden-websocket-http.rule=Host(`bitwarden.domain.tld`) && Path(`/notifications/hub`) - traefik.http.routers.bitwarden-websocket-http.entrypoints=web - traefik.http.routers.bitwarden-websocket-http.middlewares=redirect-https - traefik.http.routers.bitwarden-websocket-http.service=bitwarden-websocket ``` Obviously remove all comments from the label section before use. I included both examples as the configuration of https redirects on Traefik v1 weren't the most obvious since it usually did it automatically at certain points and as of now with Traefik v2.0.2 you have to include a redirect rule for each host.

kerem closed this issue 2026-03-03 01:29:18 +03:00

kerem commented 2026-03-03 01:29:19 +03:00

Author

Owner

Copy link

@mprasil commented on GitHub (Oct 22, 2019):

Hi @hwwilliams thanks for documenting this. Can you update wiki here? Leave the v1 configuration there and add v2 version afterwards or something like that so we have both. You can then respond back here if you want someone to have a look.

<!-- gh-comment-id:544948814 --> @mprasil commented on GitHub (Oct 22, 2019): Hi @hwwilliams thanks for documenting this. Can you update wiki [here](https://github.com/dani-garcia/bitwarden_rs/wiki/Proxy-examples)? Leave the v1 configuration there and add v2 version afterwards or something like that so we have both. You can then respond back here if you want someone to have a look.

kerem commented 2026-03-03 01:29:19 +03:00

Author

Owner

Copy link

@hwwilliams commented on GitHub (Oct 22, 2019):

Hey @mprasil , I've added the new examples to the wiki if you'd like to okay it.

<!-- gh-comment-id:545189436 --> @hwwilliams commented on GitHub (Oct 22, 2019): Hey @mprasil , I've added the new examples to the [wiki ](https://github.com/dani-garcia/bitwarden_rs/wiki/Proxy-examples#traefik-v2-docker-compose-example-by-hwwilliams)if you'd like to okay it.

kerem commented 2026-03-03 01:29:19 +03:00

Author

Owner

Copy link

@mprasil commented on GitHub (Oct 22, 2019):

That is perfect, thanks a lot. Going to close this now.

<!-- gh-comment-id:545193566 --> @mprasil commented on GitHub (Oct 22, 2019): That is perfect, thanks a lot. Going to close this now.

kerem referenced this issue 2026-03-03 08:52:51 +03:00

[PR #456] [CLOSED] Add get invites endpoint #2737

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.35.8

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels   

SSO

  

Third party

  

better for forum

  

bug

  

bug

  

documentation

  

duplicate

  

enhancement

  

future Vault

  

future Vault

  

future Vault

  

good first issue

  

help wanted

  

low priority

  

notes

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

troubleshooting

  

wontfix

No labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

question

troubleshooting

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/vaultwarden#456

No description provided.