I’m trying to install BitWarden on a CentOS 8 server but after what looked like a smooth installation I’m getting a 502 error from Nginx.
Using “docker ps” I can see that my admin and SSO containers are Unhealty. It seems that they can’t connect to the SQL server :
Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware[3]
An exception was thrown attempting to execute the error handler.
System.Data.SqlClient.SqlException (0x80131904): A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 40 - Could not open a connection to SQL Server)
I have seen some post about similar problems on Synology’s NAS but I’m working on a CentOS 8 server. The CentOS is freshly install and have been update.
It’s the first time I’m using Docker and I can have missed something, like where this /home/runner/ folder can be…
I just installed the latest on CentOS 8 and having the exact same issue, the admin and sso containers are unhealthy.
My error in bitwarden-admin log file:
System.Data.SqlClient.SqlException (0x80131904): A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 40 - Could not open a connection to SQL Server)
at System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection)
at System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection) at System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection)
at System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource1 retry, DbConnectionOptions userOptions) at System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource1 retry, DbConnectionOptions userOptions)
at System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry)
at System.Data.SqlClient.SqlConnection.Open()
at Bit.Migrator.DbMigrator.MigrateMsSqlDatabase(Boolean enableLogging, CancellationToken cancellationToken) in /home/runner/work/server/server/util/Migrator/DbMigrator.cs:line 41
at Bit.Admin.HostedServices.DatabaseMigrationHostedService.StartAsync(CancellationToken cancellationToken) in /home/runner/work/server/server/src/Admin/HostedServices/DatabaseMigrationHostedService.cs:line 40
ClientConnectionId:00000000-0000-0000-0000-000000000000
info: Bit.Migrator.DbMigrator[12482444]
Migrating database.
jumping into this discussion I had a similar experience today: Installed Bitwarden on a current AlmaLinux 8.6 install (fresh install, nothing else).
The web interface just gave 502 errors, the admin container wasn’t able to connect to the mssql container.
Disabling firewalld completely “fixed” it, but I’d rather say “made it work”: I’m not comfortable disabling firewalld completely, and I’m sure there will be a smarter solution. I just haven’t found any reasoning, but have the slight idea in the back of my head that DNS resolution between the containers didn’t work?!
@cmeis I ran into the same issue today as we moved our self hosted debian instances over to RHEL based systems. I found the solution in a blog post by Ales Lerch. To put it short- in firewalld you need to enable masquerading.
This did the trick for us.
# Masquerading allows for docker ingress and egress (this is the juicy bit)
firewall-cmd --zone=public --add-masquerade --permanent
# Reload firewall to apply permanent rules
firewall-cmd --reload
@thusted-oss perfect, under docker ps I was seeing both admin and sso containers in an unhealthy state - applied the config as you suggested, restarted, everything worked perfectly.
Thanks so much for this!
I have exactly the same issue on a new Bitwarden install on Centos 9 Stream. 502 errors on nginx and docker ps showing unhealthy for admin and sso containers.
I have tried “firewall-cmd --zone=public --add-masquerade --permanent” and can see that masquerade is enabled, but the problem persists.
The only way I can get everything to work correctly is with firewalld disabled.
I want to use fail2ban, but this does not block any IP addresses without the firewall running.
Does anyone know the root cause of this issue and managed to actually get this working on Centos 9 Stream? If so, any pointers would be really appreciated.
OK, I have finally managed to get this working. You will need to modify the .bwdata/docker/docker-compose.yml and add the following to the mssql, web and attachment sections under services:
@Reputably6121 thanks for finding this out, good catch!
On revisiting this with a newer distro, adding masquerade to the public firewalld zone wasn’t doing the trick any longer, am fully glad to have found your solution.
This has got my newest self host off the ground, although on the advice of the docker-compose.yml notes, I’ve gone for creating a docker-compose.override.yml in the same directory (.bwdata/docker/) which persists through rebuilds, updates etc.
Now to figure out why it can’t talk to sendgrid and I’ll be a little happier (Might try a poste.io container as it’s only for myself in a home lab eh)
Thank you! That was the solution for me too!
But the real question is:
Why is this necessary and why is it not automatically present in the docker-compose.yml?
In my case, this suddenly appeared. An automatic update from Bitwarden is not present in my case. A server (Ubuntu Server) update did not run either…
You will probably want to create and add your changes to docker-compose.override.yml. If you don’t, when you update Bitwarden your changes will be lost from the docker-compose.yml (I found this out the hard way).
As to why this is not already in the docker-compose.yml, I guess only the devs can give an answer to that.
(Might try a