My self-hosted vault is on docker/ubuntu 20.04.6 LTS fully patched to todays date.

Server is behind a squid proxy - using this for all updates etc.

I get the following error

bitwarden.sh version 2023.7.0
Docker version 24.0.5, build ced0996
Docker Compose version v2.20.2

Unable to download run script from https://func.bitwarden.com/api/dl/?app=self-host&platform=linux&variant=run. Received status code: 520
http response:

520 Origin Error

Researched the Cloudflare 520 error and no joy.

Any way to manually update bitwarden / docker ?

Thanks

Hi @masterpfsense, welcome to community!

This seems to line up with the timing of our maintenance window - can you please try again?

I have delved deeper into what was going on yesterday and with capturing firewall & squid proxy logs was able to determine that there was some bad behaviour ignoring the use of the configured proxy and direct attempts over port 443 were being made to a number of IP addresses.

In an attempt to diagnose this also fails on a clean install on a fresh Ubuntu VM on Hyper-V - I had to allow direct TCP 443 connects to the same IP addresses, so this was not just the update.

List of direct IP calls -
3.216.34.172
34.205.13.154
44.205.64.79
104.18.122.25
104.18.124.25
162.213.33.50

despite having the proxy settings defined in -

/etc/profile.d/proxy.sh
/etc/environment
/etc/apt/apt.conf.d/80proxy
/etc/systemd/system/docker.service.d/http-proxy.conf

So half the updates came via proxy & the rest by TCP-443 direct connects.

I created an alias to allow these connections before the firewall rule for the proxy so that all would work correctly.

Should be properly tested & validated as this is not a server anyone wishes to have compromised which is why it is locked down.

For inbound web it is proxied via HA-Proxy and for its own outbound use proxied via Squid with SSL/TLS

It is readily reproduceable.

Thanks