Hello everyone!
I have installed Bitwarden on my VPS with the following configuration:
- ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-39-generic x86_64)
- apache httpd version 2.4.29
- docker version 18.06.1-ce, build e68fc7a
- docker-compose version 1.22.0, build unknown
In the Bitwarden configuration file config.yml
there are the following entries:
url: http://vault.domain.com
generate_compose_config: true
generate_nginx_config: true
http_port: 81
https_port: 444
compose_version:
ssl: false
ssl_versions:
ssl_ciphersuites:
ssl_managed_lets_encrypt: false
ssl_certificate_path:
ssl_key_path:
ssl_ca_path:
ssl_diffie_hellman_path:
push_notifications: true
database_docker_volume: false
All docker containers seem to be working fine. Executing docker ps
returns:
CONTAINER ID | IMAGE | COMMAND | CREATED | STATUS | PORTS | NAMES |
---|---|---|---|---|---|---|
b35b87338f5a | bitwarden/identity:1.26.0 | “/entrypoint.sh” | 18 hours ago | Up 18 hours | 5000/tcp | bitwarden-identity |
b9d66d419a5a | bitwarden/web:2.5.0 | “/entrypoint.sh” | 18 hours ago | Up 18 hours | 5000/tcp | bitwarden-web |
54754869d258 | bitwarden/nginx:1.26.0 | “/entrypoint.sh” | 18 hours ago | Up 18 hours | 80/tcp, 0.0.0.0:81->8080/tcp, 0.0.0.0:444->8443/tcp | bitwarden-nginx |
fc89d667df39 | bitwarden/icons:1.26.0 | “/entrypoint.sh” | 18 hours ago | Up 18 hours | 5000/tcp | bitwarden-icons |
f67a89c8ec36 | bitwarden/attachments:1.26.0 | “/entrypoint.sh” | 18 hours ago | Up 18 hours | 5000/tcp | bitwarden-attachments |
566f4abe6c78 | bitwarden/notifications:1.26.0 | “/entrypoint.sh” | 18 hours ago | Up 18 hours | 5000/tcp | bitwarden-notifications |
5ad1beb2f085 | bitwarden/api:1.26.0 | “/entrypoint.sh” | 18 hours ago | Up 18 hours | 5000/tcp | bitwarden-api |
17dfefc272af | bitwarden/admin:1.26.0 | “/entrypoint.sh” | 18 hours ago | Up 18 hours | 5000/tcp | bitwarden-admin |
8c713f2ba043 | bitwarden/mssql:1.26.0 | “/entrypoint.sh” | 18 hours ago | Up 18 hours | 1433/tcp | bitwarden-mssql |
Since my VPS runs Apache it is acting as a reverse proxy to the docker container. The corresponding configuration file looks like this:
<VirtualHost *:*>
ServerName vault.domain.com
<Proxy *>
Allow from localhost
</Proxy>
ProxyPreserveHost On
ProxyPass / http://0.0.0.0:81
ProxyPassReverse / http://0.0.0.0:81
SSLEngine on
SSLCertificateFile /etc/ssl/certs/domain.com.crt
SSLCertificateKeyFile /etc/ssl/private/domain.com.key
</Virtualhost>
Cloudflare is responsible for the domain SSL certificate and https redirections. I have disabled all the available speed optimizations and added the following DNS entry:
Type | Name | Value |
---|---|---|
CNAME | vault | domain.com |
When accessing vault.domain.com I get the following blank page:
and my browser (all content filtering add-ons are disabled) console outputs:
Content Security Policy: Directive ‘child-src’ has been deprecated. Please use directive ‘worker-src’ to control workers, or directive ‘frame-src’ to control frames respectively.
Loading failed for the <script> with source “https://vault.domain.com/app/polyfills.abd6e16c35330d64a03d.js”. vault.domain.com:29:1
Loading failed for the <script> with source “https://vault.domain.com/app/vendor.abd6e16c35330d64a03d.js”. vault.domain.com:29:1
Loading failed for the <script> with source “https://vault.domain.com/app/main.abd6e16c35330d64a03d.js”. vault.domain.com:29:1
Any ideas?
Thank you in advance
Solution
Apache was giving DNS lookup failures because of the missing trailing slash to ProxyPass
and ProxyPassReverse
directives:
ProxyPass / http://0.0.0.0:81/
ProxyPassReverse / http://0.0.0.0:81/