Bitwarden Self Hosted - 502 Bad Gateway error

alfonsojon · November 18, 2022, 10:49pm

Hi! I am attempting to install a Bitwarden self-hosted instance on a local domain, and am encountering a 502 Bad Gateway error. I checked the status of Docker by running docker ps and found that the bitwarden-admin and bitwarden-sso containers were unhealthy. I grabbed some logs from bitwarden-admin by running docker logs bitwarden-admin. I’ll attach the log momentarily

Has anyone run into this?

alfonsojon · November 18, 2022, 10:51pm

dh024 · November 18, 2022, 11:37pm

Hello @alfonsojon - what server version are you installing and what kind of hardware are you using?

alfonsojon · November 21, 2022, 5:40pm

Hi David! We are using the Bitwarden standalone installer running on Docker, which is being hosted on a Rocky Linux 8 virtual machine hosted upon a VMWare hypervisor. I am trying to install whatever version is the latest that the bitwarden.sh script installs.

dh024 · November 21, 2022, 6:05pm

What is the hardware, particularly CPU type?

alfonsojon · November 21, 2022, 6:09pm

dh024 · November 21, 2022, 6:13pm

It looks like your MSSQL container is failing. Have you tried checking the logs?

docker logs bitwarden-mssql

If nothing comes up there, 502 gateway errors often indicate a misconfigured proxy server. Are you running other web services on your docker instance that you are using a reverse proxy?

alfonsojon · November 21, 2022, 6:17pm

Here’s the logs from bitwarden-mssql. I am not running it as a reverse proxy, and this VM is strictly being used for Bitwarden. The server is using an SSL certificate signed by our domain’s SSL root CA.

[bitwarden@[redacted] ~]$ docker logs bitwarden-mssql
2022-11-18 22:34:45.99 Server      The licensing PID was successfully processed. The new edition is [Express Edition].
2022-11-18 22:34:46.55 Server      Setup step is FORCE copying system data file 'C:\templatedata\model_replicatedmaster.mdf' to '/var/opt/mssql/data/model_replicatedmaster.mdf'.
2022-11-18 22:34:46.57 Server      Setup step is FORCE copying system data file 'C:\templatedata\model_replicatedmaster.ldf' to '/var/opt/mssql/data/model_replicatedmaster.ldf'.
2022-11-18 22:34:46.57 Server      Setup step is FORCE copying system data file 'C:\templatedata\model_msdbdata.mdf' to '/var/opt/mssql/data/model_msdbdata.mdf'.
2022-11-18 22:34:46.60 Server      Setup step is FORCE copying system data file 'C:\templatedata\model_msdblog.ldf' to '/var/opt/mssql/data/model_msdblog.ldf'.
2022-11-18 22:34:46.72 Server      Microsoft SQL Server 2019 (RTM-CU17) (KB5016394) - 15.0.4249.2 (X64) 
        Jul 22 2022 12:11:33 
        Copyright (C) 2019 Microsoft Corporation
        Express Edition (64-bit) on Linux (Ubuntu 20.04.4 LTS) <X64>
2022-11-18 22:34:46.73 Server      UTC adjustment: 0:00
2022-11-18 22:34:46.73 Server      (c) Microsoft Corporation.
2022-11-18 22:34:46.73 Server      All rights reserved.
2022-11-18 22:34:46.73 Server      Server process ID is 376.
2022-11-18 22:34:46.73 Server      Logging SQL Server messages in file '/var/opt/mssql/log/errorlog'.
2022-11-18 22:34:46.73 Server      Registry startup parameters: 
         -d /var/opt/mssql/data/master.mdf
         -l /var/opt/mssql/data/mastlog.ldf
         -e /var/opt/mssql/log/errorlog
2022-11-18 22:34:46.74 Server      SQL Server detected 2 sockets with 1 cores per socket and 1 logical processors per socket, 2 total logical processors; using 1 logical processors based on SQL Server licensing. This is an informational message; no user action is required.
2022-11-18 22:34:46.74 Server      SQL Server is starting at normal priority base (=7). This is an informational message only. No user action is required.
2022-11-18 22:34:46.74 Server      Detected 2985 MB of RAM. This is an informational message; no user action is required.
2022-11-18 22:34:46.74 Server      Using conventional memory in the memory manager.
2022-11-18 22:34:46.74 Server      Page exclusion bitmap is enabled.
2022-11-18 22:34:46.76 Server      Buffer pool extension is not supported on Linux platform.
2022-11-18 22:34:46.76 Server      Buffer Pool: Allocating 524288 bytes for 368741 hashPages.
2022-11-18 22:34:46.98 Server      Buffer pool extension is already disabled. No action is necessary.
2022-11-18 22:34:47.52 Server      Successfully initialized the TLS configuration. Allowed TLS protocol versions are ['1.0 1.1 1.2']. Allowed TLS ciphers are ['ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA'].
2022-11-18 22:34:47.58 Server      Query Store settings initialized with enabled = 1, 
2022-11-18 22:34:47.60 Server      Node configuration: node 0: CPU mask: 0x0000000000000001:0 Active CPU mask: 0x0000000000000001:0. This message provides a description of the NUMA configuration for this computer. This is an informational message only. No user action is required.
2022-11-18 22:34:47.62 Server      The maximum number of dedicated administrator connections for this instance is '1'
2022-11-18 22:34:47.62 Server      Using dynamic lock allocation.  Initial allocation of 2500 Lock blocks and 5000 Lock Owner blocks per node.  This is an informational message only.  No user action is required.
2022-11-18 22:34:47.64 Server      In-Memory OLTP initialized on lowend machine.
2022-11-18 22:34:47.70 Server      [INFO] Created Extended Events session 'hkenginexesession'
2022-11-18 22:34:47.70 Server      Database Instant File Initialization: enabled. For security and performance considerations see the topic 'Database Instant File Initialization' in SQL Server Books Online. This is an informational message only. No user action is required.
ForceFlush is enabled for this instance. 
2022-11-18 22:34:47.71 Server      Total Log Writer threads: 1. This is an informational message; no user action is required.
2022-11-18 22:34:47.71 Server      clflush is selected for pmem flush operation.
2022-11-18 22:34:47.71 Server      Software Usage Metrics is disabled.
2022-11-18 22:34:47.77 spid8s      [1]. Feature Status: PVS: 0. CTR: 0. ConcurrentPFSUpdate: 1.
2022-11-18 22:34:47.77 spid8s      Starting up database 'master'.
ForceFlush feature is enabled for log durability.
2022-11-18 22:34:48.16 Server      CLR version v4.0.30319 loaded.
2022-11-18 22:34:48.85 spid8s      Service Master Key could not be decrypted using one of its encryptions. See sys.key_encryptions for details.
2022-11-18 22:34:48.86 spid8s      An error occurred during Service Master Key initialization. SQLErrorCode=33095, State=8, LastOsError=0.
2022-11-18 22:34:48.91 spid8s      SQL Server Audit is starting the audits. This is an informational message. No user action is required.
2022-11-18 22:34:49.09 spid8s      SQL Server Audit has started the audits. This is an informational message. No user action is required.
2022-11-18 22:34:49.37 Server      Common language runtime (CLR) functionality initialized.
2022-11-18 22:34:49.51 spid8s      SQL Trace ID 1 was started by login "sa".
2022-11-18 22:34:49.61 spid8s      Server name is '7e0f8fd39fac'. This is an informational message only. No user action is required.
2022-11-18 22:34:49.70 spid8s      [4]. Feature Status: PVS: 0. CTR: 0. ConcurrentPFSUpdate: 1.
2022-11-18 22:34:49.71 spid11s     [32767]. Feature Status: PVS: 0. CTR: 0. ConcurrentPFSUpdate: 1.
2022-11-18 22:34:49.71 spid27s     Always On: The availability replica manager is starting. This is an informational message only. No user action is required.
2022-11-18 22:34:49.73 spid8s      Starting up database 'msdb'.
2022-11-18 22:34:49.74 spid27s     Always On: The availability replica manager is waiting for the instance of SQL Server to allow client connections. This is an informational message only. No user action is required.
2022-11-18 22:34:49.76 spid11s     Starting up database 'mssqlsystemresource'.
2022-11-18 22:34:49.86 spid24s     A self-generated certificate was successfully loaded for encryption.
2022-11-18 22:34:49.86 spid11s     The resource database build version is 15.00.4249. This is an informational message only. No user action is required.
2022-11-18 22:34:49.90 spid24s     Server is listening on [ 'any' <ipv6> 1433].
2022-11-18 22:34:49.92 spid24s     Server is listening on [ 'any' <ipv4> 1433].
2022-11-18 22:34:49.93 spid24s     Dedicated administrator connection support was not started because it is disabled on this edition of SQL Server. If you want to use a dedicated administrator connection, restart SQL Server using the trace flag 7806. This is an informational message only. No user action is required.
2022-11-18 22:34:49.94 spid24s     Server is listening on [ ::1 <ipv6> 1431].
2022-11-18 22:34:49.96 spid24s     Server is listening on [ 127.0.0.1 <ipv4> 1431].
2022-11-18 22:34:49.96 spid24s     SQL Server is now ready for client connections. This is an informational message; no user action is required.
2022-11-18 22:34:49.98 spid11s     [3]. Feature Status: PVS: 0. CTR: 0. ConcurrentPFSUpdate: 1.
2022-11-18 22:34:49.99 spid11s     Starting up database 'model'.
2022-11-18 22:34:50.55 spid11s     Clearing tempdb database.
2022-11-18 22:34:50.95 spid11s     [2]. Feature Status: PVS: 0. CTR: 0. ConcurrentPFSUpdate: 1.
2022-11-18 22:34:50.96 spid11s     Starting up database 'tempdb'.
2022-11-18 22:34:51.23 spid27s     The Service Broker endpoint is in disabled or stopped state.
2022-11-18 22:34:51.24 spid27s     The Database Mirroring endpoint is in disabled or stopped state.
2022-11-18 22:34:51.27 spid27s     Service Broker manager has started.
2022-11-18 22:34:51.28 spid8s      Recovery is complete. This is an informational message only. No user action is required.

dh024 · November 21, 2022, 6:24pm

Not sure then. Have you checked your ports to make sure they are correct and that traffic is getting through? Could be a firewall issue. Here is a thread I found where someone had a similar problem:

github.com/bitwarden/server

Updated BW/Docker, get 502 Bad Gateway

opened 05:00AM - 12 May 20 UTC

closed 02:36PM - 29 May 20 UTC

nchorekchyan

Caveat: I upgraded from centos 7 > 8 prior to this and did not check if everythi…ng was alright. Updated docker to the latest version as well as doing the bitwarden upgrade. The following come up as unhealthy bitwarden/icons:1.33.1 bitwarden/admin:1.33.1 I don't see a port for MSSQL, not sure if it should be there. I do have backups I can revert to if needed. CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES cfb1c8088aee bitwarden/nginx:1.33.1 "/entrypoint.sh" 45 minutes ago Up 45 minutes (healthy) 80/tcp, 0.0.0.0:80->8080/tcp, 0.0.0.0:443->8443/tcp bitwarden-nginx **04f433b2ea19 bitwarden/admin:1.33.1 "/entrypoint.sh" 45 minutes ago Up 6 minutes (unhealthy) 5000/tcp bitwarden-admin** adae56943853 bitwarden/events:1.33.1 "/entrypoint.sh" 45 minutes ago Up 45 minutes (healthy) 5000/tcp bitwarden-events **66bacf44307b bitwarden/mssql:1.33.1 "/entrypoint.sh" 45 minutes ago Up 45 minutes (healthy) bitwarden-mssql** 7ed134acfe58 bitwarden/api:1.33.1 "/entrypoint.sh" 45 minutes ago Up 45 minutes (healthy) 5000/tcp bitwarden-api b222d11256ac bitwarden/notifications:1.33.1 "/entrypoint.sh" 45 minutes ago Up 45 minutes (healthy) 5000/tcp bitwarden-notifications a56fe0133b77 bitwarden/identity:1.33.1 "/entrypoint.sh" 45 minutes ago Up 45 minutes (healthy) 5000/tcp bitwarden-identity **43c6d07e1d28 bitwarden/icons:1.33.1 "/entrypoint.sh" 45 minutes ago Up 45 minutes (unhealthy) 5000/tcp bitwarden-icons** 0e501eb31df1 bitwarden/web:2.13.2 "/entrypoint.sh" 45 minutes ago Up 45 minutes (healthy) bitwarden-web 2ae104ec298b bitwarden/attachments:1.33.1 "/entrypoint.sh" 45 minutes ago Up 45 minutes (healthy) bitwarden-attachments **Recent errors for the admin service:** Info: Bit.Migrator.DbMigrator[12482444] Migrating database. fail: Bit.Admin.HostedServices.DatabaseMigrationHostedService[0] Database failed to migrate. System.Data.SqlClient.SqlException (0x80131904): A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 40 - Could not open a connection to SQL Server) at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData, Boolean applyTransientFaultHandling, String accessToken) at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions) at System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnection owningObject, DbConnectionOptions options, DbConnectionPoolKey poolKey, DbConnectionOptions userOptions) at System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) at System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) at System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection) at System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection) at System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection) at System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) at System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) at System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry) at System.Data.SqlClient.SqlConnection.Open() at Bit.Migrator.DbMigrator.MigrateMsSqlDatabase(Boolean enableLogging, CancellationToken cancellationToken) in /home/appveyor/projects/server/util/Migrator/DbMigrator.cs:line 41 at Bit.Admin.HostedServices.DatabaseMigrationHostedService.StartAsync(CancellationToken cancellationToken) in /home/appveyor/projects/server/src/Admin/HostedServices/DatabaseMigrationHostedService.cs:line 40 ClientConnectionId:00000000-0000-0000-0000-000000000000 Unhandled exception. System.Data.SqlClient.SqlException (0x80131904): A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 40 - Could not open a connection to SQL Server) at Bit.Admin.HostedServices.DatabaseMigrationHostedService.StartAsync(CancellationToken cancellationToken) in /home/appveyor/projects/server/src/Admin/HostedServices/DatabaseMigrationHostedService.cs:line 55 at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken) at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token) at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token) at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host) at Bit.Admin.Program.Main(String[] args) in /home/appveyor/projects/server/src/Admin/Program.cs:line 36 ClientConnectionId:00000000-0000-0000-0000-000000000000 info: Bit.Migrator.DbMigrator[12482444] Migrating database. fail: Bit.Admin.HostedServices.DatabaseMigrationHostedService[0] Database unavailable for migration. Trying again (attempt #2)... System.Data.SqlClient.SqlException (0x80131904): A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 40 - Could not open a connection to SQL Server) at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData, Boolean applyTransientFaultHandling, String accessToken) at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions) at System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnection owningObject, DbConnectionOptions options, DbConnectionPoolKey poolKey, DbConnectionOptions userOptions) at System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) at System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) at System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection) at System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection) at System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection) at System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) at System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) at System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry) at System.Data.SqlClient.SqlConnection.Open() at Bit.Migrator.DbMigrator.MigrateMsSqlDatabase(Boolean enableLogging, CancellationToken cancellationToken) in /home/appveyor/projects/server/util/Migrator/DbMigrator.cs:line 41 at Bit.Admin.HostedServices.DatabaseMigrationHostedService.StartAsync(CancellationToken cancellationToken) in /home/appveyor/projects/server/src/Admin/HostedServices/DatabaseMigrationHostedService.cs:line 40 ClientConnectionId:00000000-0000-0000-0000-000000000000

alfonsojon · November 21, 2022, 6:30pm

Exactly what was in that issue report fixed my issue. Thanks so much!

dh024 · November 21, 2022, 6:31pm

Great - so glad you got it working!!