Bitwarden + Traefik 2 Setup

Mr-Protocol · March 23, 2021, 11:04pm

I wish there was something official to set this up and my brain is at a breaking point.

I’m using the self hosted install process of Bitwarden.

I have setup my Traefik2 / Portainer using this as a guide:

And trying to use this old thread on how to configure Bitwarden and I’m running into problems.

I can see the entry in the Traefik dashboard, but it keeps giving me “Bad Gateway - openresty” when trying to use my bitwarden domain.

Any Ideas? Bitwarden PLEASE make a guide how to set this up.

laurent78 · November 5, 2022, 4:45pm

Hello,
in config.yml turn off ssl and ssl_managed_lets_encrypt like this

Configure Nginx for SSL.

ssl: false

Installation uses a managed Let’s Encrypt certificate.

ssl_managed_lets_encrypt: false

create a docker-compose.override.yml in same repository where is docker-compose.yml and put this

version: ‘3.7’

services:

nginx:
labels:
- “traefik.enable=true”
- “traefik.docker.network=yourtraefiknetwork”
- “traefik.http.routers.nginx.rule=Host(yourdomain)”
- “traefik.http.routers.nginx.entrypoints=web,web-secure”
- “traefik.http.routers.nginx.tls=true”
- “traefik.http.routers.nginx.tls.certresolver=yourresolver”
- “traefik.http.services.nginx-docker.loadbalancer.server.port=yourcontenairport”

networks:
  - yourtraefiknetwork

networks:
yourtraefiknetwork:
external: true

paco · September 29, 2023, 7:22am

I had my bitwarden set up break recently and had to make a few changes. Namely, adding my traefik reverse proxy network into bitwarden docker’s ‘web’ service.

My setup is very similar to the link above. I am using traefik 2 with wild card certificates and cloudflare.

docker-compose.override.yml
file to be placed alongside the generated docker-compose.yml

version: '3'

services:
  web:
    networks:
      - yourtraefiknetwork

  nginx:
    networks:
      - default
      - public
      - yourtraefiknetwork
    labels:
      traefik.enable: "true"
      traefik.http.routers.nginx-bw.entrypoints: "web"
      traefik.http.routers.nginx-bw.rule: "Host(`yourdomain`)"
      traefik.http.middlewares.nginx-bw-https-redirect.redirectscheme.scheme: "https"
      traefik.http.routers.nginx-bw.middlewares: "nginx-bw-https-redirect"
      traefik.http.routers.nginx-bw-secure.entrypoints: "websecure"
      traefik.http.routers.nginx-bw-secure.rule: "Host(`yourdomain`)"
      traefik.http.routers.nginx-bw-secure.tls: "true"
      traefik.http.routers.nginx-bw-secure.service: "nginx-bw"
      traefik.http.services.nginx-bw.loadbalancer.server.port: "8080"
      traefik.docker.network: "yourtraefiknetwork"

networks:
  default:
    internal: true
  public:
    internal: false
  yourtraefiknetwork:
    external: true

notes/assistance on this docker compose override:

yourtraefiknetwork = ‘proxy’ for me
load balancer port default is 8080. you can check this is right for you by noting the bitwarden-nginx container ports using ‘docker ps’
yourdomain = ‘bitwarden.example.com’ for example
my ‘web’ and ‘websecure’ may be ‘http’ and ‘https’ respectively on your traefik setup (or anything else)
i use ‘nginx-bw’ as my service name. you may use ‘nginx’ or whatever you’d like

configure ‘config.yml’
likely you’ll also disable ssl related config options as @laurent78 mentioned in the previous reply

if you need to debug further you can use traefik’s web ui and refer to the generated docker-compose.yml. check firewalls and/or port forwarding as well.