Websocket fails behind apache proxy

Ask the Community Password Manager
1

Hello,
I run a self hosted bitwarden server (using docker) behind an apache2 proxy. Everything is working fine except for websockets.

The error I get in the browser console is:
`Firefox can’t establish a connection to the server at wss://passwords.tld/notifications/hub?id=removed WebSocketTransport.js:70

Error: Failed to start the transport 'WebSockets': undefined
E</e.prototype.log [Utils.js:190](webpack:///node_modules/@aspnet/signalr/dist/esm/Utils.js)
V</e.prototype.createTransport/</< [HttpConnection.js:283](webpack:///node_modules/@aspnet/signalr/dist/esm/HttpConnection.js)
s/</< [HttpConnection.js:33](webpack:///node_modules/@aspnet/signalr/dist/esm/HttpConnection.js)
s/< [HttpConnection.js:15](webpack:///node_modules/@aspnet/signalr/dist/esm/HttpConnection.js)
s [HttpConnection.js:6:40](webpack:///node_modules/@aspnet/signalr/dist/esm/HttpConnection.js)
u</t.prototype.invoke [zone.js:388](webpack:///node_modules/zone.js/dist/zone.js)
onInvoke [core.js:3824](webpack:///node_modules/@angular/core/fesm5/core.js)
u</t.prototype.invoke [zone.js:387](webpack:///node_modules/zone.js/dist/zone.js)
i</e.prototype.run [zone.js:138](webpack:///node_modules/zone.js/dist/zone.js)
F/< [zone.js:872](webpack:///node_modules/zone.js/dist/zone.js)
u</t.prototype.invokeTask [zone.js:421](webpack:///node_modules/zone.js/dist/zone.js)
onInvokeTask [core.js:3815](webpack:///node_modules/@angular/core/fesm5/core.js)
u</t.prototype.invokeTask [zone.js:420](webpack:///node_modules/zone.js/dist/zone.js)
i</e.prototype.runTask [zone.js:188](webpack:///node_modules/zone.js/dist/zone.js)
d [zone.js:595](webpack:///node_modules/zone.js/dist/zone.js)
c</e.invokeTask [zone.js:500](webpack:///node_modules/zone.js/dist/zone.js)
m [zone.js:1540](webpack:///node_modules/zone.js/dist/zone.js)
b [zone.js:1566](webpack:///node_modules/zone.js/dist/zone.js)`

I tried multiple different apache configs but the result is always the same. I use websockets with other servers behind the same proxy without issue so not sure what I’m doing wrong.

Has anyone managed to get websockets working in a self hosted docker environment?

Thanks,
Uli

2

Make sure you are passing through the Upgrade and Connection headers for the /notifications/hub endpoint.

3

Hi Kyle,
Thanks for the super fast answer, much appreciated. I checked the logs and the headers were actually passed through just fine. So I spent a couple of hours yesterday to try a lot of different configs and finally found one that works (I should probably switch to nginx at one point).
In case anyone else has this issue here’s what worked for me in the end:

  RewriteEngine On
  ProxyPreserveHost On
  ProxyRequests Off

  # allow for upgrading to websockets
  RewriteEngine On
  RewriteCond %{HTTP:Upgrade} =websocket [NC]
  RewriteRule /(.*)           ws://127.0.0.1:8098/$1 [P,L]
  RewriteCond %{HTTP:Upgrade} !=websocket [NC]
  RewriteRule /(.*)           http://127.0.0.1:8098/$1 [P,L]

  ProxyPass / http://127.0.0.1:8098/
  ProxyPassReverse / http://127.0.0.1:8098/

  ProxyPass /notifications/hub ws://127.0.0.1:8098/notifications/hub
  ProxyPassReverse /notifications/hub ws://127.0.0.1:8098/notifications/hub

Not sure if this is the most elegant config but at least it works.

Thanks again, Kyle and also thank you for this amazing password manager.

1 Like
4

Hi Uli_Koeth,

do you have a short step-by-step list for successfull installation (apache - docker)? For me this do not work, i am also use a apache2 reverse proxy and would like to have a selfhosting bitwarden at https://bitwarden.MyFQDN.

Esp. the apache2 reverse conf will be helpfull or is the screenshot above all i have to setup?

Thanks in advance!

5

Sorry, take a look at the fantastic docs and your last entry helps - everythings works at the first look. Really really great stuff…

6

Since this is a top hit on Google for this kind of problem, I’d like to add another important prerequisite which is often forgotten: For Apache2 to be able to rewrite any websockets, it needs proxy_wstunnel mod enabled!

So make sure to run:
a2enmod proxy_http proxy_wstunnel