[RESOLVE] Error nginx : No such file or directory

gudbes · September 28, 2018, 12:48pm

Hello,
I just installed bitwarden in a hosted car but I can’t access the web interface. It seems that nginx doesn’t want to go for it.

root@BW:/home/gudbes# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a1899aca50a2 bitwarden/web:2.3.0 “/entrypoint.sh” 2 minutes ago Up 2 minutes 5000/tcp bitwarden-web
e964b71f098a bitwarden/admin:1.24.0 “/entrypoint.sh” 2 minutes ago Up 2 minutes 5000/tcp bitwarden-admin
31fae77e4361 bitwarden/attachments:1.24.0 “/entrypoint.sh” 2 minutes ago Up 2 minutes 5000/tcp bitwarden-attachments
f3d912109bf5 bitwarden/nginx:1.24.0 “/entrypoint.sh” 2 minutes ago Restarting (1) 28 seconds ago bitwarden-nginx
559f9d16f467 bitwarden/api:1.24.0 “/entrypoint.sh” 2 minutes ago Up 2 minutes 5000/tcp bitwarden-api
78c1039ae89a bitwarden/notifications:1.24.0 “/entrypoint.sh” 2 minutes ago Up 2 minutes 5000/tcp bitwarden-notifications
c7d3a885eaec bitwarden/icons:1.24.0 “/entrypoint.sh” 2 minutes ago Up 2 minutes 5000/tcp bitwarden-icons
92cf8a5f568d bitwarden/identity:1.24.0 “/entrypoint.sh” 2 minutes ago Up 2 minutes 5000/tcp bitwarden-identity
6b6c0c9fc60d bitwarden/mssql:1.24.0 “/entrypoint.sh” 2 minutes ago Up 2 minutes 1433/tcp bitwarden-mssql

Here are the logs:
root@BW:/home/gudbes# cat bwdata/logs/nginx/error.log
2018/09/28 12:37:36 [emerg] 1#1: BIO_new_file(“/home/gudbes/bwdata/ssl/bitwarden.tynux.fr/certificate.crt”) failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(‘/home/gudbes/bwdata/ssl/bitwarden.tynux.fr/certificate.crt’,‘r’) error:2006D080:BIO routines:BIO_new_file:no such file)

gudbes · September 28, 2018, 1:03pm

The rights seem correct to me too:

    root@BW:/home/gudbes# ls -l bwdata/ssl/bw.skl.de/
    total 12
    -rw-r--r-- 1 nobody nogroup 3655 sept. 28 13:32 certificate.crt
    -rw-r--r-- 1 nobody nogroup  424 sept. 28 13:38 dhparam.pem
    -rw-r--r-- 1 nobody nogroup 1674 sept. 28 13:31 private.key

Here are my config file : 
    root@BTW:/home/gudbes# cat bwdata/config.yml 
    # 
    # Note: After making changes to this file you need to run the `rebuild` or `update`
    # command for them to be applied.
    # 
    # Full URL for accessing the installation from a browser. (Required)
    url: https://bw.skl.de
    # 
    # Auto-generate the `./docker/docker-compose.yml` config file.
    # WARNING: Disabling generated config files can break future updates. You will be
    # responsible for maintaining this config file.
    # Template: https://github.com/bitwarden/core/blob/master/util/Setup/Templates/DockerCompose.hbs
    generate_compose_config: true
    # 
    # Auto-generate the `./nginx/default.conf` file.
    # WARNING: Disabling generated config files can break future updates. You will be
    # responsible for maintaining this config file.
    # Template: https://github.com/bitwarden/core/blob/master/util/Setup/Templates/NginxConfig.hbs
    generate_nginx_config: true
    # 
    # Docker compose file port mapping for HTTP. Leave empty to remove the port mapping.
    # Learn more: https://docs.docker.com/compose/compose-file/#ports
    http_port: 80
    # 
    # Docker compose file port mapping for HTTPS. Leave empty to remove the port mapping.
    # Learn more: https://docs.docker.com/compose/compose-file/#ports
    https_port: 443
    # 
    # Docker compose file version. Leave empty for default.
    # Learn more: https://docs.docker.com/compose/compose-file/compose-versioning/
    compose_version: 
    # 
    # Configure Nginx for SSL.
    ssl: true
    # 
    # SSL versions used by Nginx (ssl_protocols). Leave empty for recommended default.
    # Learn more: https://wiki.mozilla.org/Security/Server_Side_TLS
    ssl_versions: 
    # 
    # SSL ciphersuites used by Nginx (ssl_ciphers). Leave empty for recommended default.
    # Learn more: https://wiki.mozilla.org/Security/Server_Side_TLS
    ssl_ciphersuites: 
    # 
    # Installation uses a managed Let's Encrypt certificate.
    ssl_managed_lets_encrypt: false
    # 
    # The actual certificate. (Required if using SSL without managed Let's Encrypt)
    # Note: Path uses the container's ssl directory. The `./ssl` host directory is mapped to
    # `/etc/ssl` within the container.
    ssl_certificate_path: /home/gudbes/bwdata/ssl/bw.skl.de/certificate.crt
    # 
    # The certificate's private key. (Required if using SSL without managed Let's Encrypt)
    # Note: Path uses the container's ssl directory. The `./ssl` host directory is mapped to
    # `/etc/ssl` within the container.
    ssl_key_path: /home/gudbes/bwdata/ssl/bw.skl.de/private.key
    # 
    # If the certificate is trusted by a CA, you should provide the CA's certificate.
    # Note: Path uses the container's ssl directory. The `./ssl` host directory is mapped to
    # `/etc/ssl` within the container.
    ssl_ca_path: 
    # 
    # Diffie Hellman ephemeral parameters
    # Learn more: https://security.stackexchange.com/q/94390/79072
    # Note: Path uses the container's ssl directory. The `./ssl` host directory is mapped to
    # `/etc/ssl` within the container.
    ssl_diffie_hellman_path: /home/gudbes/bwdata/ssl/bw.skl.de/dhparam.pem
    # 
    # Communicate with the Bitwarden push relay service (push.bitwarden.com) for mobile
    # app live sync.
    push_notifications: true
    # 
    # Use a docker volume (`mssql_data`) instead of a host-mapped volume for the persisted database.
    # WARNING: Changing this value will cause you to lose access to the existing persisted database.
    # Learn more: https://docs.docker.com/storage/volumes/
    database_docker_volume: false

do you have any idea ?

N.B. why port 5000 is used. I thought he was annoyed with port 443

Thank you in advance

kspearrin · September 28, 2018, 1:04pm

Errors seem to indicate that it cannot find your ssl cert. Is it available at /home/gudbes/bwdata/ssl/bw.skl.de/certificate.crt as defined in your config?

gudbes · September 28, 2018, 1:05pm

 root@BW:/home/gudbes# ls -l bwdata/ssl/bw.skl.de/
    total 12
    -rw-r--r-- 1 nobody nogroup 3655 sept. 28 13:32 certificate.crt
    -rw-r--r-- 1 nobody nogroup  424 sept. 28 13:38 dhparam.pem
    -rw-r--r-- 1 nobody nogroup 1674 sept. 28 13:31 private.key

when I make a “cat” with the link given in the log, it opens my certificate

kspearrin · September 28, 2018, 1:06pm

Maybe there is a permission issue then?

gudbes · September 28, 2018, 1:08pm

the certificate is in 644 (read mode)

gudbes · September 28, 2018, 1:17pm

Do I have to do something when I modify the config.json file?

gudbes · September 28, 2018, 2:03pm

I’m trying a new installation

gudbes · September 29, 2018, 8:54am

I answer my own question:

I re-installed a new installation and followed this note that I hadn’t read:

!!! NOTE!!!
Make sure "certificate.crt’ and "private.key’ are provided in the
appropriate directory before running’start’ (see docs for info).

and it worked without a problem.

Thank you for your help and hopefully it will help others

Good continuation

JariRise · June 27, 2019, 2:04pm

Hi all,
I have this same issue with the new installation and I added wild card private.key and certificate.crt files BEFORE starting bitwarden and no luck.

`2019/06/27 10:02:12 [emerg] 1#1: cannot load certificate "/opt/bitwarden/bwdata/ssl/pass.risefx.com/certificate.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/opt/bitwarden/bwdata/ssl/pass.risefx.com/certificate.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)`

root@pass:/opt/bitwarden/bwdata/logs/nginx# ll "/opt/bitwarden/bwdata/ssl/pass.risefx.com/certificate.crt"
-rw-r--r-- 1 nobody nogroup 2408 Jun 27 12:04 /opt/bitwarden/bwdata/ssl/pass.risefx.com/certificate.crt

I tried to change the permissions for the path and the files but no luck…

Thank You advanced…

t:-j