Hello,
I just installed bitwarden in a hosted car but I can’t access the web interface. It seems that nginx doesn’t want to go for it.
root@BW:/home/gudbes# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a1899aca50a2 bitwarden/web:2.3.0 “/entrypoint.sh” 2 minutes ago Up 2 minutes 5000/tcp bitwarden-web
e964b71f098a bitwarden/admin:1.24.0 “/entrypoint.sh” 2 minutes ago Up 2 minutes 5000/tcp bitwarden-admin
31fae77e4361 bitwarden/attachments:1.24.0 “/entrypoint.sh” 2 minutes ago Up 2 minutes 5000/tcp bitwarden-attachments
f3d912109bf5 bitwarden/nginx:1.24.0 “/entrypoint.sh” 2 minutes ago Restarting (1) 28 seconds ago bitwarden-nginx
559f9d16f467 bitwarden/api:1.24.0 “/entrypoint.sh” 2 minutes ago Up 2 minutes 5000/tcp bitwarden-api
78c1039ae89a bitwarden/notifications:1.24.0 “/entrypoint.sh” 2 minutes ago Up 2 minutes 5000/tcp bitwarden-notifications
c7d3a885eaec bitwarden/icons:1.24.0 “/entrypoint.sh” 2 minutes ago Up 2 minutes 5000/tcp bitwarden-icons
92cf8a5f568d bitwarden/identity:1.24.0 “/entrypoint.sh” 2 minutes ago Up 2 minutes 5000/tcp bitwarden-identity
6b6c0c9fc60d bitwarden/mssql:1.24.0 “/entrypoint.sh” 2 minutes ago Up 2 minutes 1433/tcp bitwarden-mssql
Here are the logs:
root@BW:/home/gudbes# cat bwdata/logs/nginx/error.log
2018/09/28 12:37:36 [emerg] 1#1: BIO_new_file(“/home/gudbes/bwdata/ssl/bitwarden.tynux.fr/certificate.crt”) failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(‘/home/gudbes/bwdata/ssl/bitwarden.tynux.fr/certificate.crt’,‘r’) error:2006D080:BIO routines:BIO_new_file:no such file)
root@BW:/home/gudbes# ls -l bwdata/ssl/bw.skl.de/
total 12
-rw-r--r-- 1 nobody nogroup 3655 sept. 28 13:32 certificate.crt
-rw-r--r-- 1 nobody nogroup 424 sept. 28 13:38 dhparam.pem
-rw-r--r-- 1 nobody nogroup 1674 sept. 28 13:31 private.key
Here are my config file :
root@BTW:/home/gudbes# cat bwdata/config.yml
#
# Note: After making changes to this file you need to run the `rebuild` or `update`
# command for them to be applied.
#
# Full URL for accessing the installation from a browser. (Required)
url: https://bw.skl.de
#
# Auto-generate the `./docker/docker-compose.yml` config file.
# WARNING: Disabling generated config files can break future updates. You will be
# responsible for maintaining this config file.
# Template: https://github.com/bitwarden/core/blob/master/util/Setup/Templates/DockerCompose.hbs
generate_compose_config: true
#
# Auto-generate the `./nginx/default.conf` file.
# WARNING: Disabling generated config files can break future updates. You will be
# responsible for maintaining this config file.
# Template: https://github.com/bitwarden/core/blob/master/util/Setup/Templates/NginxConfig.hbs
generate_nginx_config: true
#
# Docker compose file port mapping for HTTP. Leave empty to remove the port mapping.
# Learn more: https://docs.docker.com/compose/compose-file/#ports
http_port: 80
#
# Docker compose file port mapping for HTTPS. Leave empty to remove the port mapping.
# Learn more: https://docs.docker.com/compose/compose-file/#ports
https_port: 443
#
# Docker compose file version. Leave empty for default.
# Learn more: https://docs.docker.com/compose/compose-file/compose-versioning/
compose_version:
#
# Configure Nginx for SSL.
ssl: true
#
# SSL versions used by Nginx (ssl_protocols). Leave empty for recommended default.
# Learn more: https://wiki.mozilla.org/Security/Server_Side_TLS
ssl_versions:
#
# SSL ciphersuites used by Nginx (ssl_ciphers). Leave empty for recommended default.
# Learn more: https://wiki.mozilla.org/Security/Server_Side_TLS
ssl_ciphersuites:
#
# Installation uses a managed Let's Encrypt certificate.
ssl_managed_lets_encrypt: false
#
# The actual certificate. (Required if using SSL without managed Let's Encrypt)
# Note: Path uses the container's ssl directory. The `./ssl` host directory is mapped to
# `/etc/ssl` within the container.
ssl_certificate_path: /home/gudbes/bwdata/ssl/bw.skl.de/certificate.crt
#
# The certificate's private key. (Required if using SSL without managed Let's Encrypt)
# Note: Path uses the container's ssl directory. The `./ssl` host directory is mapped to
# `/etc/ssl` within the container.
ssl_key_path: /home/gudbes/bwdata/ssl/bw.skl.de/private.key
#
# If the certificate is trusted by a CA, you should provide the CA's certificate.
# Note: Path uses the container's ssl directory. The `./ssl` host directory is mapped to
# `/etc/ssl` within the container.
ssl_ca_path:
#
# Diffie Hellman ephemeral parameters
# Learn more: https://security.stackexchange.com/q/94390/79072
# Note: Path uses the container's ssl directory. The `./ssl` host directory is mapped to
# `/etc/ssl` within the container.
ssl_diffie_hellman_path: /home/gudbes/bwdata/ssl/bw.skl.de/dhparam.pem
#
# Communicate with the Bitwarden push relay service (push.bitwarden.com) for mobile
# app live sync.
push_notifications: true
#
# Use a docker volume (`mssql_data`) instead of a host-mapped volume for the persisted database.
# WARNING: Changing this value will cause you to lose access to the existing persisted database.
# Learn more: https://docs.docker.com/storage/volumes/
database_docker_volume: false
do you have any idea ?
N.B. why port 5000 is used. I thought he was annoyed with port 443
Errors seem to indicate that it cannot find your ssl cert. Is it available at /home/gudbes/bwdata/ssl/bw.skl.de/certificate.crt as defined in your config?
Hi all,
I have this same issue with the new installation and I added wild card private.key and certificate.crt files BEFORE starting bitwarden and no luck.
`2019/06/27 10:02:12 [emerg] 1#1: cannot load certificate "/opt/bitwarden/bwdata/ssl/pass.risefx.com/certificate.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/opt/bitwarden/bwdata/ssl/pass.risefx.com/certificate.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)`
root@pass:/opt/bitwarden/bwdata/logs/nginx# ll "/opt/bitwarden/bwdata/ssl/pass.risefx.com/certificate.crt"
-rw-r--r-- 1 nobody nogroup 2408 Jun 27 12:04 /opt/bitwarden/bwdata/ssl/pass.risefx.com/certificate.crt
I tried to change the permissions for the path and the files but no luck…