Setting up a fresh install my instance no matter how many docker rm and relaunches I do seems to be trying to redirect to the internal port instead of the external SSL port.
globalSettingsmailreplyToEmail=me@domain.com
globalSettingsmailsmtphost=smtp.domain.com
globalSettingsmailsmtpport=465
globalSettingsmailsmtpssl=true
globalSettingsmailsmtpusername=emailuser
globalSettingsmailsmtp__password='randomly generated password in marks due to symbols requirement'
Setting up a fresh install my instance no matter how many docker rm and relaunches I do seems to be trying to redirect to the internal port instead of the external SSL port.
Looks to be https://github.com/bitwarden/self-host/blame/master/docker-unified/hbs/nginx-config.hbs on line 7 thats causing the issue.
CLI tests (easier to show):
curl -I http://mybitwardendomain.tld
HTTP/1.1 301 Moved Permanently Server: nginx Date: Sat, 12 Aug 2023 11:06:11 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://mybitwardendomain.tld:8443/
curl -I https://mybitwardendomain.tld
curl: (7) Failed to connect to mybitwardendomain.tld port 8443 after 15 ms: Couldn't connect to server
curl -I https://mybitwardendomain.tld
HTTP/2 200 server: nginx date: Sat, 12 Aug 2023 11:19:31 GMT content-type: text/html content-length: 1238 last-modified: Tue, 25 Jul 2023 20:03:38 GMT vary: Accept-Encoding etag: "64c02a9a-4d6" strict-transport-security: max-age=15768000 referrer-policy: same-origin x-content-type-options: nosniff x-xss-protection: 1; mode=block content-security-policy: default-src 'self'; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://haveibeenpwned.com; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory; object-src 'self' blob:; x-frame-options: SAMEORIGIN x-robots-tag: noindex, nofollow accept-ranges: bytes
settings.env: `#####################
Required Settings
#####################
Server hostname
BW_DOMAIN=mybitwardendomain.tld
Database
Available providers are sqlserver, postgresql, mysql/mariadb, or sqlite
BW_DB_PROVIDER=postgresql BW_DB_SERVER=10.8.96.3 BW_DB_DATABASE=bitwarden_vault BW_DB_USERNAME=bitwarden BW_DB_PASSWORD=postgres-password
Installation information
Get your ID and key from https://bitwarden.com/host/
BW_INSTALLATION_ID=generated-install-id BW_INSTALLATION_KEY=generated-install-key
#####################
Optional Settings
#####################
Learn more here: https://bitwarden.com/help/environment-variables/
Container user ID/group ID
PUID=1000
PGID=1000
Webserver ports
BW_PORT_HTTP=8080 BW_PORT_HTTPS=8443
SSL
BW_ENABLE_SSL=true
BW_ENABLE_SSL_CA=true
BW_SSL_CERT=letsencrypt/live/mybitwardendomain.tld/fullchain.pem BW_SSL_KEY=letsencrypt/live/mybitwardendomain.tld/privkey.pem
BW_SSL_CA_CERT=ca.crt
Services
Some services, namely for enterprise use cases, are disabled by default. Defaults shown below.
BW_ENABLE_ADMIN=true BW_ENABLE_API=true BW_ENABLE_EVENTS=false BW_ENABLE_ICONS=true BW_ENABLE_IDENTITY=true BW_ENABLE_NOTIFICATIONS=true BW_ENABLE_SCIM=false BW_ENABLE_SSO=false
BW_ICONS_PROXY_TO_CLOUD=false
Mail
globalSettingsmailreplyToEmail=me@domain.com globalSettingsmailsmtphost=smtp.domain.com globalSettingsmailsmtpport=465 globalSettingsmailsmtpssl=true globalSettingsmailsmtpusername=emailuser globalSettingsmailsmtp__password='randomly generated password in marks due to symbols requirement'
Yubikey
globalSettingsyubicoclientId=REPLACE
globalSettingsyubicokey=REPLACE
Other
globalSettings__disableUserRegistration=false
globalSettings__hibpApiKey=REPLACE
adminSettings__admins=admin1@email.com,admin2@email.com`