Bitwarden self hosted - Error starting userland proxy: listen tcp4 0.0.0.0:80: bind: address already in use

Hi!
I want to install Bitwaself-hosted, but after running ./bitwarden.sh install I received the following error:

docker: Error response from daemon: driver failed programming external connectivity on endpoint certbot (b9b17fe72efe89025dc7921f8cabe29e2923d8b09460b8bd6edc4e46a79321dc): Error starting userland proxy: listen tcp4 0.0.0.0:80: bind: address already in use.

Port 80 is already in use, and I should modify the ports before running the installer, but I don’t know how because I see only the file uid.env under /opt/bitwarden/bwdata/env/

I appreciate any help you can provide.

See here:

(If the link does not jump to the question directly, it’s the last one in the FAQs.)

Thank you.
Unfortunately, under /opt/bitwarden/bwdata/, I see only three directories:

  1. env
  2. letsencrypt
  3. scripts

Under /opt/bitwarden/bwdata/ there isn’t any config.yml file

I see… It looks like config.yml is created during the setup process.

I guess you could stop your existing webserver running on port 80 for a few minutes, install Bitwarden and change the ports afterwards.

Maybe somebody else also has an idea how to change the default ports before/during installation.

I did it, and I was able to install Bitwarden.
In config.yml, I changed the following values:

  • http_port: 80 to → http_port: 8090
  • http_port: 443 to → http_port: 9443

Now I receive the following error:

docker: Error response from daemon: driver failed programming external connectivity on endpoint certbot (aa813516f37c29d6645b461f446cc5213db1a7a53c7f3d0c911bc6430095c2cf): Error starting userland proxy: listen tcp4 0.0.0.0:443: bind: address already in use.
ERRO[0000] error waiting for container: context canceled

Any help?

Do you have other docker containers running a web server that Bitwarden is competing with?

What do you get when you run these commands?

sudo netstat -ntulp | grep 443

docker ps

Yes, I have another docker container on port 443.
Is there any opportunity to set forward ports?

Before you do that, did you remember to execute .bitwarden.sh rebuild after updating your config files?

Yes, I know.
What kind of settings can I do in config.yml of bitwarden to realize the forward ports?

You can disable Certbot by reinstalling and choosing to NOT use Certbot for an ssl cert (use a self-signed cert instead), or obtain your own CA cert instead, or you can run a reverse proxy to manage the ports. Not my area of expertise though.

Maybe this post will help:

Thank you.
It’s not clear to me what the Bitwarden configuration is.
Once installed to set a reverse proxy, must I change values into config.yml, or have I set up an nginx file external to bitwarden?

I definitely solved it!

Glad to hear that, @nicfab. If you would be willing to share how you fixed the issue, I suspect that some future reader would really benefit from that. Thanks!

1 Like

@dh024 For sure!

Sorry, but before, I was in a hurry to conclude the activity on the server.
I would have come back to clarify.

I did the following steps:

  1. I stopped the NGINX service running systemctl stop nginx;
  2. I run a fresh installation of bitwarden following the instructions published here, avoiding any request related to the SSL certificates (I remember to have chosen N at any questions);
  3. After the installation, I started the NGINX again, running systemctl start nginx so to come back on the services I have;
  4. I modified the config.yaml, changing the ports as follows:
# Docker compose file port mapping for HTTP. Leave empty to remove the port mapping.
# Learn more: https://docs.docker.com/compose/compose-file/#ports
http_port: 127.0.0.1:8089
#
# Docker compose file port mapping for HTTPS. Leave empty to remove the port mapping.
# Learn more: https://docs.docker.com/compose/compose-file/#ports
https_port: 9443

I choose those ports,s but you can decide any other you want; note that you do not have to open those ports because they are in localhost.
5. I created an NGINX file with the following content:

server {

    server_name your_domain.com;

    location / {
        proxy_pass http://127.0.0.1:8089;
    }

    client_max_body_size 100M;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/your_domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/your_domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = your_domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

}
  1. I modified the file ./bwdata/env/global.override.env adding the information related to my email address and the admin email, and I set globalSettings__disableUserRegistration=true to avoid that others can register on my instance.
  2. I run:
  • ./bitwarden.sh restart
  • ./bitwarden.sh rebuild
  • ./bitwarden.sh start

Finally, my instance is online.

I will be happy to receive any comments on the step I did, hoping not to have done anything wrong.

I hope my description could be helpful.