Bitwarden nginx 502 + jwilder/nginx-proxy

Hello everybody

I need help.
I have set up bitwarden, and now comes a 502 error.

Do not see the mistake, have already tried different.

Thanks in advance.

config.yml
#
# Note: After making changes to this file you need to run the rebuild or update
# command for them to be applied.
#
# Full URL for accessing the installation from a browser. (Required)
url: https://host.xyz
#
# Auto-generate the ./docker/docker-compose.yml config file.
# WARNING: Disabling generated config files can break future updates. You will be
# responsible for maintaining this config file.
# Template: https://github.com/bitwarden/server/blob/master/util/Setup/Templates/DockerCompose.hbs
generate_compose_config: true
#
# Auto-generate the ./nginx/default.conf file.
# WARNING: Disabling generated config files can break future updates. You will be
# responsible for maintaining this config file.
# Template: https://github.com/bitwarden/server/blob/master/util/Setup/Templates/NginxConfig.hbs
generate_nginx_config: true
#
# Docker compose file port mapping for HTTP. Leave empty to remove the port mapping.
# Learn more: https://docs.docker.com/compose/compose-file/#ports
http_port: 8000

And here the docker-compose.override.yml file:
docker-compose.override.yml

version: '3'
services:
 nginx:
    ports:
      - 8000
    environment:
      - VIRTUAL_HOST=host.xyz
      - VIRTUAL_PORT=8000
      - VIRTUAL_PROTO=http
      - LETSENCRYPT_HOST=host.xyz
      - LETSENCRYPT_EMAIL=email
    networks:
      webproxy:

networks:
  webproxy:
    external:
      name: nginx-proxy

Did you resolve this?

Do you have deployment guide for how you did this behind the wilder/nginx-proxy configuration? I am using the same container / configuration, with the companion letsencrypt-nginx-proxy container for certification management.

Yes, I solved it. Thank you anyway.

Sorry, could I ask for details of how you solved this, as I have the same issue and configuration?

I cannot see how to provide the additional Environment Variables and custom Network settings to the docker-compose.yml file.

Manual edit? I tried this, then ran ./bitwarden.sh update and it overwrites the manual edits I made.
Or do you just start the containers, without applying the update command first? I expect this means you will forever be required to manually maintain the docker-compose.yml file (not the ideal scenario, as I would like to use the default generated content and merely supply the additional configuration to it)

I now manage bitwarden on a separate server.

I resolved this by placing the entire container stack into the same nginx-proxy network (mine was named “nginx-proxy-net”).

The contents of my docker-compose.override.yml is:

version: '3'

services:
  nginx:
    environment:
      - VIRTUAL_HOST=sub.domain.com
      - VIRTUAL_PORT=8080
      - LETSENCRYPT_HOST=sub.domain.com
      - [email protected]

networks:
  default:
    external:
      name: nginx-proxy-net

Ideally, I only hoped to need the bitwarden-nginx container on this network, but it does function like this. I will continue investigating splitting the containers onto separate networks.

8080 is the forwarded port of the nginx container. Bitwarden’s config was set to custom port 8280, which is forwarded to the container.

My override looks like this:

version: '2.4'

services:
  nginx:
    expose:
      - '8080'
    environment:
      - VIRTUAL_HOST=sub.domain.com
      - VIRTUAL_PORT=8080
      - HTTPS_METHOD=redirect
    networks:
      - default
      - reverse-proxy

networks:
  reverse-proxy:
    external:
      name: reverse-proxy

That ensures only the nginx container is patched through to the jwilder/proxy network. However, as of 9/4/2020 I have found an issue where this ends up with a 502 error. For me the root of the issue is that on the docker-compose.yml file every container had a container_name: bitwarden-[name] setting. I cannot remember if I did that or if that is the way bitwarden is shipping now.

But the nginx default.conf file, defines all upstreams as http://web:5000, http://api:5000, etc. When the stack runs, nginx can’t resolve those names, because the hosts names are now bitwarden-web, bitwarden-api etc… So all I did was update the default.conf to reflect those prefixes, and then did a bitwarden.sh start. My setup is fully working now.