So I'm trying to add bitwarden_rs to my docker network but seems to fail hard.
I also have a nextcloud docker container running behind traefik (nextcloud.mydomain.com) which is working fine. But adding bitwarden with his own subdomain (bitwarden.mydomain.com) to traefik doesn't want to start working. I'm always getting a Bad Gateway error.
version: "3"
services:
traefik:
image: traefik:latest
container_name: traefik
restart: always
command:
- --log.level=DEBUG
- --api.insecure
- --api.dashboard
- --providers.file.directory=/FileProvider/
- --providers.file.watch=true
- --providers.docker
- --providers.docker.exposedbydefault=false
- --providers.docker.endpoint=unix:///var/run/docker.sock
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --certificatesresolvers.letsencryptresolver.acme.email=my@email.com
- --certificatesresolvers.letsencryptresolver.acme.storage=./letsencrypt/acme.json
- --certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web
- --certificatesresolvers.letsencryptresolver.acme.httpchallenge=true
ports:
- 80:80
- 443:443
- 8080:8080
volumes:
- ...
networks:
- local-lan
labels:
- --traefik.http.middlewares.https.redirectscheme.scheme=https
- --traefik.http.routers.https_redirect.middlewares=https
- --traefik.http.routers.https_redirect.rule=(Host(`bitwarden.mydomain.com`) || Host(`nextcloud.mydomain.com`))
- --traefik.http.routers.https_redirect.entrypoints=web
- --traefik.docker.network=local-lan
networks:
local-lan:
external: true
middlewares:
ncHeader:
headers:
customResponseHeaders:
stsPreload: true
stsSeconds: 15552000
redirect:
redirectScheme:
scheme: https
version: '3'
services:
bitwarden:
image: bitwardenrs/server:latest
container_name: bitwarden
restart: always
volumes:
- /home/reggi/bitwarden/data:/data
environment:
- WEBSOCKET_ENABLED=true
- WEB_VAULT_ENABLED=true
- SIGNUPS_ALLOWED=true
- ADMIN_TOKEN=xxxxxxxxxxx
ports:
- 3012:3012
- 4500:80
networks:
- local-lan
labels:
- traefik.enable=true
- traefik.docker.network=local-lan
- traefik.http.services.bitwarden-ui.loadbalancer.server.port=4500
- traefik.http.services.bitwarden-ui.loadbalancer.server.scheme=http
- traefik.http.routers.bitwarden-ui-https.rule=Host(`bitwarden.mydomain.com`)
- traefik.http.routers.bitwarden-ui-https.entrypoints=websecure
- traefik.http.routers.bitwarden-ui-https.tls=true
- traefik.http.routers.bitwarden-ui-https.tls.certresolver=letsencryptresolver
- traefik.http.routers.bitwarden-ui-https.service=bitwarden-ui@docker
- traefik.http.routers.bitwarden-ui-http.rule=Host(`bitwarden.mydomain.com`)
- traefik.http.routers.bitwarden-ui-http.entrypoints=web
- traefik.http.routers.bitwarden-ui-http.service=bitwarden-ui@docker
- traefik.http.routers.bitwarden-websocket-https.rule=Host(`bitwarden.mydomain.com`) && Path(`/notifications/hub`)
- traefik.http.routers.bitwarden-websocket-https.entrypoints=websecure
- traefik.http.routers.bitwarden-websocket-https.tls=true
- traefik.http.routers.bitwarden-websocket-https.tls.certresolver=letsencryptresolver
- traefik.http.routers.bitwarden-websocket-https.service=bitwarden-websocket
- traefik.http.routers.bitwarden-websocket-http.rule=Host(`bitwarden.mydomain.com`) && Path(`/notifications/hub`)
- traefik.http.routers.bitwarden-websocket-http.entrypoints=web
- traefik.http.routers.bitwarden-websocket-http.service=bitwarden-websocket
- traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012
networks:
local-lan:
external: true
Both containers are running fine with this configuration but for some reason, I get a Bad Gateway when I navigate to http(s)://bitwarden.mydomain.com.
When I navigate to my server IP:4500 bitwarden opens up meaning the docker container is running fine.
In my traefik log I can find this error:
time="2021-03-10T21:06:35Z" level=debug msg="'502 Bad Gateway' caused by: dial tcp 17.32.0.8:4500: connect: connection refused"
And when I do a simple curl to the bitwarden container from traefik container I get the same error:
curl --verbose http://17.32.0.8:4500
For example, curl to my nextcloud container does work:
I tried a lot of stuff already but can't seem to figure it out. For nextcloud I could add a trusted proxy domain but that doesn't seem to be possible for bitwarden_rs if I'm not mistaken.
Does someone know what I'm missing or doing wrong?
After some more investigation, I found my error.
I don't need to map port 80 outside your docker network, I just needed to expose it. So this works now:
version: '3'
services:
bitwarden:
image: bitwardenrs/server:latest
container_name: bitwarden
restart: always
volumes:
- /home/reggi/bitwarden/data:/data
environment:
- WEBSOCKET_ENABLED=true
- WEB_VAULT_ENABLED=true
- SIGNUPS_ALLOWED=true
- ADMIN_TOKEN=xxxxxxxxxxx
expose:
- 3012
- 80
networks:
- local-lan
labels:
- traefik.enable=true
- traefik.docker.network=local-lan
- traefik.http.services.bitwarden-ui.loadbalancer.server.port=4500
- traefik.http.services.bitwarden-ui.loadbalancer.server.scheme=http
- traefik.http.routers.bitwarden-ui-https.rule=Host(`bitwarden.mydomain.com`)
- traefik.http.routers.bitwarden-ui-https.entrypoints=websecure
- traefik.http.routers.bitwarden-ui-https.tls=true
- traefik.http.routers.bitwarden-ui-https.tls.certresolver=letsencryptresolver
- traefik.http.routers.bitwarden-ui-https.service=bitwarden-ui@docker
- traefik.http.routers.bitwarden-ui-http.rule=Host(`bitwarden.mydomain.com`)
- traefik.http.routers.bitwarden-ui-http.entrypoints=web
- traefik.http.routers.bitwarden-ui-http.service=bitwarden-ui@docker
- traefik.http.routers.bitwarden-websocket-https.rule=Host(`bitwarden.mydomain.com`) && Path(`/notifications/hub`)
- traefik.http.routers.bitwarden-websocket-https.entrypoints=websecure
- traefik.http.routers.bitwarden-websocket-https.tls=true
- traefik.http.routers.bitwarden-websocket-https.tls.certresolver=letsencryptresolver
- traefik.http.routers.bitwarden-websocket-https.service=bitwarden-websocket
- traefik.http.routers.bitwarden-websocket-http.rule=Host(`bitwarden.mydomain.com`) && Path(`/notifications/hub`)
- traefik.http.routers.bitwarden-websocket-http.entrypoints=web
- traefik.http.routers.bitwarden-websocket-http.service=bitwarden-websocket
- traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012
networks:
local-lan:
external: true