Blank page when accessing Bitwarden web vault on Ubuntu 18.04.1 LTS VPS with Apache as reverse proxy

Hello everyone!

I have installed Bitwarden on my VPS with the following configuration:

  • ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-39-generic x86_64)
  • apache httpd version 2.4.29
  • docker version 18.06.1-ce, build e68fc7a
  • docker-compose version 1.22.0, build unknown

In the Bitwarden configuration file config.yml there are the following entries:

url: http://vault.domain.com
generate_compose_config: true
generate_nginx_config: true
http_port: 81
https_port: 444
compose_version:
ssl: false
ssl_versions:
ssl_ciphersuites:
ssl_managed_lets_encrypt: false
ssl_certificate_path:
ssl_key_path:
ssl_ca_path:
ssl_diffie_hellman_path:
push_notifications: true
database_docker_volume: false

All docker containers seem to be working fine. Executing docker ps returns:

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b35b87338f5a bitwarden/identity:1.26.0 “/entrypoint.sh” 18 hours ago Up 18 hours 5000/tcp bitwarden-identity
b9d66d419a5a bitwarden/web:2.5.0 “/entrypoint.sh” 18 hours ago Up 18 hours 5000/tcp bitwarden-web
54754869d258 bitwarden/nginx:1.26.0 “/entrypoint.sh” 18 hours ago Up 18 hours 80/tcp, 0.0.0.0:81->8080/tcp, 0.0.0.0:444->8443/tcp bitwarden-nginx
fc89d667df39 bitwarden/icons:1.26.0 “/entrypoint.sh” 18 hours ago Up 18 hours 5000/tcp bitwarden-icons
f67a89c8ec36 bitwarden/attachments:1.26.0 “/entrypoint.sh” 18 hours ago Up 18 hours 5000/tcp bitwarden-attachments
566f4abe6c78 bitwarden/notifications:1.26.0 “/entrypoint.sh” 18 hours ago Up 18 hours 5000/tcp bitwarden-notifications
5ad1beb2f085 bitwarden/api:1.26.0 “/entrypoint.sh” 18 hours ago Up 18 hours 5000/tcp bitwarden-api
17dfefc272af bitwarden/admin:1.26.0 “/entrypoint.sh” 18 hours ago Up 18 hours 5000/tcp bitwarden-admin
8c713f2ba043 bitwarden/mssql:1.26.0 “/entrypoint.sh” 18 hours ago Up 18 hours 1433/tcp bitwarden-mssql

Since my VPS runs Apache it is acting as a reverse proxy to the docker container. The corresponding configuration file looks like this:

<VirtualHost *:*>

  ServerName vault.domain.com

  <Proxy *>
    Allow from localhost
  </Proxy>

  ProxyPreserveHost On
  ProxyPass / http://0.0.0.0:81
  ProxyPassReverse / http://0.0.0.0:81

  SSLEngine on
  SSLCertificateFile /etc/ssl/certs/domain.com.crt
  SSLCertificateKeyFile /etc/ssl/private/domain.com.key

</Virtualhost>

Cloudflare is responsible for the domain SSL certificate and https redirections. I have disabled all the available speed optimizations and added the following DNS entry:

Type Name Value
CNAME vault domain.com

When accessing vault.domain.com I get the following blank page:

and my browser (all content filtering add-ons are disabled) console outputs:

Content Security Policy: Directive ‘child-src’ has been deprecated. Please use directive ‘worker-src’ to control workers, or directive ‘frame-src’ to control frames respectively.
Loading failed for the <script> with source “https://vault.domain.com/app/polyfills.abd6e16c35330d64a03d.js”. vault.domain.com:29:1
Loading failed for the <script> with source “https://vault.domain.com/app/vendor.abd6e16c35330d64a03d.js”. vault.domain.com:29:1
Loading failed for the <script> with source “https://vault.domain.com/app/main.abd6e16c35330d64a03d.js”. vault.domain.com:29:1

Any ideas?

Thank you in advance :slight_smile:

Solution

Apache was giving DNS lookup failures because of the missing trailing slash to ProxyPass and ProxyPassReverse directives:

ProxyPass / http://0.0.0.0:81/
ProxyPassReverse / http://0.0.0.0:81/