Docker install behind nginx reverse proxy

I found this open source project looking for alternatives to commercial implementations (currently LastPass). And that the project owners have a Docker deployment model for self-hosting.

On my Docker install, I currently use the jwilder\nginx-proxy reverse proxy with the companion letsencrypt-nginx-proxy container for automated Lets Encrypt certificate management. All I need to do is supply an extra Environment Variable (“VIRTUAL_HOST”) to the web server container of any solution.

This page has an architecture topology diagram to explain:
https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion

Essentially, how can I use the default installer to deploy this behind my reverse proxy and Lets Encrypt generator?
Do I need to customise anything?
I expect the script handles calls to Docker Hub to pull the appropriate images, and then deploy containers from these images - this restricts my ability to supply the VIRTUAL_HOST Environment Variable.

Did you find any solution to that? I am looking to do the same as well

apologies @hanneshier, I did resolve this but had another thread on this forum that had useful info.

Essentially, you keep the default / standard install methods & guides. But in the bwdata\docker subfolder, I added a new file named docker-compose.override.yml with:

version: ‘3’

services:
nginx:
environment:
- VIRTUAL_HOST=vault.domain.com
- VIRTUAL_PORT=8080
- LETSENCRYPT_HOST=vault.domain.com
- [email protected]

networks:
default:
external:
name: nginx-proxy-net

This should override the config of the front-end Nginx container, to incorporate the required Environment variables for the Nginx-proxy. Most notable though is that the final networks section is the “default” for ALL containers in this stack. I could only get it working with this configuration which isn’t my preferred topology when using this concept.

1 Like

Hi @monkeyguest, thanks a lot already!
Can you post a link to that other thread you mentioned? Just adding the docker-compose.override.yml didnt word for me yet.

Thats the error I got in the end, in case you have any idea what to do with it :slight_smile:

Creating bitwarden-nginx ... error

ERROR: for bitwarden-nginx  Cannot start service nginx: driver failed programming external connectivity on endpoint bitwarden-nginx (7988b60bd59ad7dc7176471c99f77713a783db646b723660b738c0cb0f4f523b): Bind for 0.0.0.0:443 failed: port is aCreating bitwarden-events ... done

ERROR: for nginx  Cannot start service nginx: driver failed programming external connectivity on endpoint bitwarden-nginx (7988b60bd59ad7dc7176471c99f77713a783db646b723660b738c0cb0f4f523b): Bind for 0.0.0.0:443 failed: port is already allocated
ERROR: Encountered errors while bringing up the project.

And also in the beginning, I got this warning

Removing network docker_public
WARNING: Network docker_public not found.

And one other question: did you generate a SSL cerificate or said to use one in the initial setup? Or did you skip this step since the letsencrypt-nginx-proxy is doing that?

I got it now :smiley:
So for any future reader: I forgot to change the port in the config.yml. So for http I used a random port that was not occupied, and entered no port at all for https (since my reverse proxy is handling that).

You dont have to generate a SSL, since the nginx is handling that again

Thank you for this post. I could install with this tips now Bitwarden on my Server pretty easy. I also use a Setup with the jwilder\nginx-proxy

I just added following docker-compose.overwrite.yml to the bwdata/docker folder:

version: '3'

services:
  nginx:
      environment:
        VIRTUAL_PORT: 8080
        VIRTUAL_HOST: vault.example.com
        LETSENCRYPT_HOST: vault.example.com
       LETSENCRYPT_EMAIL: [email protected]

networks:
  default:
    external:
      name: nginx-proxy

I then also removed in the `config.yml` the port mappings:
http_port:
https_port:

Afterwards i needed to run `.\bitwarden.sh rebuild` to generate the updated docker-compose.yml. Then i could run the `.\bitwarden.sh start` and everything worked.



Additional Notes
If you do not want to have the bwdata folder inside your homedir, you could just run the script, where the folder needs to be. I placed the script under /docker-containers/websites/bitwarden. Each website has in the folder /docker-containers/websites a seperate subfolder and a custom backup script will backup each subfolder invidually in a tar.gz and download it to my NAS at home.

It will not work.
I use nginx with dockergen, no letsencrypt.
My nginx conf “cat /etc/nginx/conf.d/default.conf”

# Cannot connect to network of this container
server 127.0.0.1 down;
# Cannot connect to network of this container
server 127.0.0.1 down;

The IP is wrong, when i inspect the bitwarden container i found 172.25.0.10

Anyone can help what i have made wrong?

@edit
got it, was wrong network

networks:
  default:
    external:
      name: nginx-proxy_default

Hello everybody,
in case someone needs a working example:

(it uses: jwilder\nginx-proxy)

cheers