search

jlesage / docker-nginx-proxy-manager

Docker container for Nginx Proxy Manager
MIT License
770 stars 173 forks source link

Unable to get NPM to work with Bitwarden #167

Closed evakq8r closed 3 years ago

evakq8r commented 3 years ago

Host: Unraid 6.9.1 Containers affected: NginxProxyManager and bitwarden-nginx

Hi there,

I've recently migrated my reverse proxy from linuxserver/swag to jlesage/nginx-proxy-manager, and have managed to get all existing containers to work... except Bitwarden.

I'm using the official Bitwarden install rather than bitwardenrs as I had several issues setting up the rs version. I've used the Protected Endpoint.conf file in the ibracorp/authelia setup instructions and populated the relevant fields. I can get to Authelia, authenticate, then redirected to the Bitwarden instance, but trying to log in just throws 'unexpected error'. If I move the proxy manager from NPM back to SWAG, Bitwarden works fine... which makes me think it's a config setting in NPM that's causing Bitwarden to fail.

linuxserver/swag file for Bitwarden:

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name bitwarden.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 128M;

    location / {

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app bitwarden_nginx;
        set $upstream_port 8080;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

    location /admin {
        return 404;
    }

    location /notifications/hub {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app bitwarden_nginx/;
        set $upstream_port 8080;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }

    location /notifications/hub/negotiate {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app bitwarden_nginx;
        set $upstream_port 8080;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

}

jlesage/nginx-proxy-manager file for NPM:

location /authelia {
internal;
set $upstream_authelia http://<unraid_host_ip:9091/api/verify;
proxy_pass_request_body off;
proxy_pass $upstream_authelia;    
proxy_set_header Content-Length "";

# Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
client_body_buffer_size 128k;
proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr; 
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect  http://  $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 4 32k;

send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
}

location / {
set $upstream_bitwarden_nginx $forward_scheme://$server:$port;
proxy_pass $upstream_bitwarden_nginx;

auth_request /authelia;
auth_request_set $target_url https://$http_host$request_uri;
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
error_page 401 =302 https://auth.<mydomain>.<mydomain>/?rd=$target_url;

client_body_buffer_size 128k;

proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

send_timeout 5m;
proxy_read_timeout 360;
proxy_send_timeout 360;
proxy_connect_timeout 360;

proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_set_header Accept-Encoding gzip;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect  http://  $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 64 256k;

set_real_ip_from 192.168.1.0/24;
real_ip_header X-Forwarded-For;
real_ip_recursive on;

}

I've also tried posting the same issue here: https://forums.unraid.net/topic/76460-support-djoss-nginx-proxy-manager/?do=findComment&comment=961466, but haven't got any bites as yet.

I'm hoping it's something obvious, but I cannot for the life of me work out why this works with SWAG and not with NPM with identical configs. I've even transplanted the SWAG config into NPM under the Advanced Tab, as well as stripping down the config to the bare minimum (without Authelia) and it still fails.

Any help would be appreciated. Thanks!

evakq8r commented 3 years ago

Fixed myself... turns out the configs between SWAG and NPM are defined slightly differently.

In SWAG, the bitwarden-nginx port is pointed to 8080, however in NPM it needed to be pointed to my custom port that was defined during the docker-compose...

Now it works without issue!