Hello community,
as I haven’t been able to find anything specific and support refused my request, I would like to discuss my topic over here.
My self-hosted Bitwarden instance is quite old and gets outdated soon. This is the reason I want to migrate it to another server. On this machine I am already running a Traefik 3 installation with some other docker compose containers.
My question now is, is it possible to run Bitwarden behind Traefik? I only could find outdated instructions which didn’t work anymore.
I would really appreciate some instructions on how to do this.
Thanks.
I did a search and there are more than a few videos out there that would help get this done. Some of them reference Vaultwarden but are still informative for your desired setup:
https://www.youtube.com/results?search_query=bitwarden+and+traefik
I’ve already been walking through these videos. But unfortunately, I haven’t got it up and running.
Dang that’s frustrating. I’m an Nginix guy myself so I’m not going to be much direct help unfortunately.
unlucky me I would say… What did you do in your environment to get it running? I think that I got the compose.override.yml in place and the basics, I guess. What steps did you follow to get it running with nginx? Maybe I am missing out something.
I have zero experience of self-hosting – but I could imagine it would help to know details about your configuration for anyone to look out for something you might be missing…
Well well well, I made it. If someone ever comes across this as well, this is my solution. The key was the nginx container. I just used official config files so far, so it shouldn’t break during monthly updates:
create or edit ./bwdata/docker/docker-compose.override.yml
version: "3"
services:
nginx:
ports: [] # remove exposed ports so only Traefik can reach it
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.bitwarden.rule=Host(`your domain`)"
- "traefik.http.routers.bitwarden.entrypoints=websecure"
- "traefik.http.routers.bitwarden.tls.certresolver=le"
- "traefik.http.services.bitwarden.loadbalancer.server.port=8080"
networks:
proxy:
external: true
in ./bwdata/config.yml change these values
ssl: false
http_port: 8080
https_port: 8443
in ./bwdata/env/global.override.env make sure you set https in your URL:
globalSettings__baseServiceUri__vault=https://bitwarden.example.com
rebuild and start Bitwarden
./bitwarden.sh rebuild
./bitwarden.sh restart
Hope this helps others with same issues.
Have to add one more thing. If I transfer my existing data from the old system, it’s still not running:
After ./bitwarden.sh rebuild and restart it tells me:
service “certbot” has neither an image nor a build context specified: invalid compose project
I reviewed the configs I mentioned above, and everything fits.
So I digged a bit deeper and found out that I also had to remove the old bwdata/letsencrypt folder. Now the instance is up and running.
@Satirical2354 Very nice, that you found it out yourself! – And out of curiosity: are you on the latest server version 2026.2.0 now?
I am affraid, I’m not 100% there. I’m stuck at the migration process. My version is 2026.1.1. It seems this is the latest available version for a selfhosted instance
1 Like
2026.2.0 was released only a few hours ago. Honestly, I don’t know if it should be available as soon as it was released. 
It was available through GitHub as soon as I got notification of the new version right after it was released. @Satirical2354, I did a quick dive on your issue with the dreaded AI and it came up with your exact .yml edits. Glad to hear you got it working. I’d like to try out Traefik, but I really love the Nginix interface so I’m probably stuck here for the short term.
1 Like