Bitwarden Self-Hosted Installation 502 Bad Gateway Error

RagingRhino489 · August 14, 2022, 2:30pm

Hello,

I am trying to run a bitwarden self-hosted installation and I am running into this issue where I go to create an account but fail to create the account due to the error message below. Any help would be greatly appreciated.

An error has occurred. <html> <head><title>502 Bad Gateway</title></head> <body> <center><h1>502 Bad Gateway</h1></center> <hr><center>nginx</center> </body> </html>

Please let me know what commands to run such as logs to better help visualize the error and get to the solution faster.

RagingRhino489 · August 14, 2022, 2:39pm

After doing some diagnostics with the bitwarden-nginx docker container. I was able to reproduce this error message in the logs of nginx.

[error] 45#45: *3 connect() failed (113: No route to host) while connecting to upstream, client: [IP-Address], server: vault.rhino-tech.org, request: "POST /api/accounts/register HTTP/2.0", upstream: "http://172.27.0.8:5000/accounts/register", host: "vault.rhino-tech.org", referrer: "https://vault.rhino-tech.org/"

RagingRhino489 · August 14, 2022, 2:46pm

I’ve found a similar article in the community forums for this issue. I ran the below commands and unfortunately I am still unable to create an account.

./bitwarden.sh stop
docker image ls
docker image rm id-for-admin id-for-mssql
./bitwarden.sh updateself
./bitwarden.sh update

bw-admin · August 18, 2022, 10:57am

Hey there, if you don’t get answers here, you can also contact the support team directly at Get in Touch | Bitwarden

Circular-Something · February 17, 2023, 8:41pm

They’re going to help out free, on-prem users?

EDIT: Suffice it to say, I appear to be getting the exact same error:

2023/02/17 20:38:47 [error] 49#49: *21 connect() failed (113: No route 
to host) while connecting to upstream, client: 172.29.0.1, server: 
bitwarden.example.com, request: "POST /identity/accounts/register
HTTP/1.1", upstream: "http://172.29.0.7:5000/identity/accounts/register", 
host: "bitwarden.example.com", referrer: "https://bitwarden.example.com/

Sparx82 · November 20, 2024, 2:56pm

I also have the same problem using a Nginx reverse proxy and docker images. Was anyone able to solve this?

Mark_Zeman · November 20, 2024, 4:32pm

Double-check the values you have set for the base service uris, and especially the internal service uris. The configuration for these is not well-documented.

Which exact setup are you using and what values do you have?

Sparx82 · November 21, 2024, 7:01am

My setup is the following:

I have a Docker nginx activ as a reverse proxy. Then I have several (docker) web-services as nginx server in the same docker network, bitwarden is one of them. Then I have as well the ACME companion to have the HTTPS certifcates automated.

The docker ENV vars are

APP_UID=1654
ASPNET_VERSION=8.0.11
ASPNETCORE_ENVIRONMENT=Production
ASPNETCORE_HTTP_PORTS=8080
BW_DB_DATABASE=bitwarden
BW_DB_FILE=/etc/bitwarden/vault.db
BW_DB_PASSWORD=VERYSTRONGPASSWORD
BW_DB_PROVIDER=mariadb
BW_DB_SERVER=mariadb_server
BW_DB_USERNAME=bitwarden
BW_DOMAIN=bitwarden.MYDOMAIN.me
BW_ENABLE_ADMIN=true
BW_ENABLE_API=true
BW_ENABLE_EVENTS=false
BW_ENABLE_ICONS=true
BW_ENABLE_IDENTITY=true
BW_ENABLE_NOTIFICATIONS=true
BW_ENABLE_SCIM=false
BW_ENABLE_SSO=false
BW_PORT_HTTP=80
BW_PORT_HTTPS=443
DOTNET_RUNNING_IN_CONTAINER=true
DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
DOTNET_VERSION=8.0.11
globalSettings__attachment__baseDirectory=/etc/bitwarden/attachments
globalSettings__baseServiceUri__internalAdmin=http://localhost:5000
globalSettings__baseServiceUri__internalApi=http://localhost:5001
globalSettings__baseServiceUri__internalEvents=http://localhost:5003
globalSettings__baseServiceUri__internalIcons=http://localhost:5004
globalSettings__baseServiceUri__internalIdentity=http://localhost:5005
globalSettings__baseServiceUri__internalNotifications=http://localhost:5006
globalSettings__baseServiceUri__internalScim=http://localhost:5002
globalSettings__baseServiceUri__internalSso=http://localhost:5007
globalSettings__baseServiceUri__internalVault=http://localhost:8080
globalSettings__dataProtection__directory=/etc/bitwarden/data-protection
globalSettings__identityServer__certificatePassword=default_cert_password
globalSettings__licenseDirectory=/etc/bitwarden/licenses
globalSettings__logDirectoryByProject=false
globalSettings__logRollBySizeLimit=1073741824
globalSettings__pushRelayBaseUri=https://push.bitwarden.com
globalSettings__selfHosted=true
globalSettings__send__baseDirectory=/etc/bitwarden/attachments/send
globalSettings__unifiedDeployment=true
LETSENCRYPT_HOST=bitwarden.MYDOMAIN.me
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
VIRTUAL_HOST=bitwarden.MYDOMAIN.me

Mark_Zeman · November 21, 2024, 8:04am

You say you’re using docker imageS - so not the unified setup? In that case I suspect that the localhost:500x urls for the services won’t work, unless you configure them to be reachable by each other. In my current understanding, those would be the correct values for the unified setup, where they share a single image/machine.

Sparx82 · November 21, 2024, 8:20am

What do you mean by unified setup? If I get it correctly here:Install and Deploy - Unified (Beta) | Bitwarden Help Center this is nothing else than a docker image. At least I’m using this exact docker image mentioned there. The only difference I see is that I “hide” everything behind a reverse proxy.

Mark_Zeman · November 21, 2024, 8:34am

There are at least two ways to self-host Bitwarden. One is the “unified” deployment, where you have a single image that contains all the microservices.

The other is described here: Linux Standard Deployment | Bitwarden Help Center and sets up multiple containers using docker-compose.

They need different values for these urls. But since you’re actually using the unified image, localhost:500x should be correct.

In that case, my experiences won’t help you, sorry.

Sparx82 · November 21, 2024, 11:01am

The nginx error.log inside the docker container says this. Doesn’t help me at the moment

2024/11/21 10:58:56 [error] 74#74: *40 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.0.17, server: bitwarden.MYDOMAIN.me, request: "POST /identity/accounts/prelogin HTTP/1.1", upstream: "http://127.0.0.1:5005/identity/accounts/prelogin", host: "bitwarden.MYDOMAIN.me", referrer: "https://bitwarden.MYDOMAIN.me/"
2024/11/21 10:58:56 [warn] 74#74: *40 upstream server temporarily disabled while connecting to upstream, client: 172.18.0.17, server: bitwarden.MYDOMAIN.me, request: "POST /identity/accounts/prelogin HTTP/1.1", upstream: "http://127.0.0.1:5005/identity/accounts/prelogin", host: "bitwarden.MYDOMAIN.me", referrer: "https://bitwarden.MYDOMAIN.me/"
2024/11/21 10:58:56 [error] 74#74: *40 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.0.17, server: bitwarden.MYDOMAIN.me, request: "POST /identity/accounts/prelogin HTTP/1.1", upstream: "http://127.0.0.1:5005/identity/accounts/prelogin", host: "bitwarden.MYDOMAIN.me", referrer: "https://bitwarden.MYDOMAIN.me/"
2024/11/21 10:58:56 [warn] 74#74: *40 upstream server temporarily disabled while connecting to upstream, client: 172.18.0.17, server: bitwarden.MYDOMAIN.me, request: "POST /identity/accounts/prelogin HTTP/1.1", upstream: "http://127.0.0.1:5005/identity/accounts/prelogin", host: "bitwarden.MYDOMAIN.me", referrer: "https://bitwarden.MYDOMAIN.me/"

Sparx82 · November 22, 2024, 7:37am

I finally was able to solve it… it was because I did not specify BW_INSTALLATION_ID and BW_INSTALLATION_KEY. Because of that, some services did not start and that’s why they could not have been conected by the frontend.
I provided the variables once in the beginning but then somehow they got lost. Was able to figure that out having a look at the log-files.