Closed jokerigno closed 2 years ago
Define not working
Sorry.
The container is working as expected. But is the reverse proxy for specific instance of Bitwarden that NOW stopped working.
Other proxies (Nextcloud, home assistant) continue to working.
That's why I opened this issue.
I meant, what are you seeing? What error are you getting?
I see error 522 ( I use cloudfare)
I see error 522 ( I use cloudfare)
This doesn't look like it's going to have anything to do with the bitwarden proxy. It's possible that a configuration in one of your other proxy config files may be the issue. Can you post your container logs? The container logs should tell you if any of the other config files are not up to date with our latest samples.
I have this message in logs:
The following reverse proxy confs have different version dates than the samples that are shipped.
This may be due to user customization or an update to the samples. You should compare them to the samples in the same folder to make sure you have the latest updates. /config/nginx/proxy-confs/sonarr.subdomain.conf /config/nginx/proxy-confs/radarr.subdomain.conf /config/nginx/proxy-confs/plex.subdomain.conf /config/nginx/proxy-confs/organizr.subdomain.conf /config/nginx/proxy-confs/nextcloud.subdomain.conf /config/nginx/proxy-confs/homeassistant.subdomain.conf /config/nginx/proxy-confs/freshrss.subdomain.conf
Those service are working btw. I will update those template and see if the error persist.
In the meantime thank you!
Ok I updated all the conf files and the issue persist. Here's the full log:
-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/
Brought to you by linuxserver.io
-------------------------------------
To support the app dev(s) visit:
Certbot: https://supporters.eff.org/donate/support-work-on-certbot
To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------
User uid: 99
User gid: 100
-------------------------------------
[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=Europe/Berlin
URL=xxxxxxxxxxx.it
SUBDOMAINS=wildcard
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
VALIDATION=dns
CERTPROVIDER=
DNSPLUGIN=cloudflare
EMAIL=xxxxxxxxxxxxxxx.it
STAGING=false
Using Let's Encrypt as the cert provider
SUBDOMAINS entered, processing
Wildcard cert for only the subdomains of xxxxxxxxxxxx.it will be requested
E-mail address entered: xxxxxxxxxxxx.it
dns validation via cloudflare plugin is selected
Certificate exists; parameters unchanged; starting nginx
Starting 2019/12/30, GeoIP2 databases require personal license key to download. Please retrieve a free license key from MaxMind,
and add a new env variable "MAXMINDDB_LICENSE_KEY", set to your license key.
Using Let's Encrypt as the cert provider
SUBDOMAINS entered, processing
Wildcard cert for only the subdomains of xxxxxxxxxxxxx.it will be requested
E-mail address entered: xxxxxxxxxxxxx.it
dns validation via cloudflare plugin is selected
Certificate exists; parameters unchanged; starting nginx
Starting 2019/12/30, GeoIP2 databases require personal license key to download. Please retrieve a free license key from MaxMind,
and add a new env variable "MAXMINDDB_LICENSE_KEY", set to your license key.
[cont-init.d] 50-config: exited 0.
[cont-init.d] 60-renew: executing...
The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am).
[cont-init.d] 60-renew: exited 0.
[cont-init.d] 70-templates: executing...
[cont-init.d] 70-templates: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Server ready
any update on it?
Have you confirmed bitwarden is on the same docker network? what's the actual error you're getting?
Yes bitwarden uses same docker network than other containers (called proxynet). The error is 522 (I think specific for cloudfare maybe?)
I already asked support in cloudfare forum, they linked me to this page https://community.cloudflare.com/t/community-tip-fixing-error-522-connection-timed-out/42325
I'm quite sure that this is not useful in my case because I didn't changed any setting in firewall or container so far and other containers are using swag without issue (deluge, sonarr, radarr, home assistant )
Turn off cloudflare proxy
That's brutal. Also because as says before it worked till 20days ago and still works for other web apps
That's brutal. Also because as says before it worked till 20days ago and still works for other web apps
Turning off the CF proxy may only need to be done temporarily. We want to make sure it works without it.
Ok. Just to be sure. Do you want me to remove CF in my registrar dns right (I have a domain that I use from outside lan). So I need to change DNS from the one cloudflare gave me to regular one. Right?
Ok. Just to be sure. Do you want me to remove CF in my registrar dns right (I have a domain that I use from outside lan). So I need to change DNS from the one cloudflare gave me to regular one. Right?
No.
All you need to do is make sure the CF proxy is disabled for the domain or subdomain you're using to access bitwarden.
Ok I guess I made the right thing asking ....
I made the simple change
and now :
Same error. Different page
ERR_CONNECTION_TIMED_OUT
I rebooted container and looked at logs. No message.
Can you run:
docker exec swag ping bitwarden -c2
And confirm that it does not say bad address
?
Confirm:
root@Joshua:~# docker exec swag ping bitwarden -c2
PING bitwarden (172.18.0.2): 56 data bytes
64 bytes from 172.18.0.2: seq=0 ttl=64 time=0.073 ms
64 bytes from 172.18.0.2: seq=1 ttl=64 time=0.060 ms
--- bitwarden ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.060/0.066/0.073 ms
If it can be useful mobile apps and chrome ext (all of them are setup with external url) are still ok.
Everything points to this being a issue with your portforward, or DNS setup.
Everything points to this being a issue with your portforward, or DNS setup.
But it happens ONLY with this container. Not with all the others.
Yet there is not a shred of evidence pointing to the fact that your browser even tries to connect. A faulty proxy-conf would most likely end up with a 502 error. A faulty nginx config would present itself in the docker logs. Are you able to post some nginx logs saying that your browser is reaching it?
This is the only error that I found in error.log in nginx
`2021/04/23 10:54:36 [error] 476#476: 740 bitwarden could not be resolved (3: Host not found), client: 141.101.104.118, server: bitwarden., request: "POST /identity/connect/token HTTP/1.1", host: "bitwarden.casaconcordia.it"
It was this morning before disabling proxy in CF `
So your log agrees with my suspicion of your browser not even connecting.
Assuming you are using chrome, can you visit chrome://settings/help and tell us the version you see?
Ex: Version 90.0.4430.85 (Official Build) (64-bit)
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Expected Behavior
Bitwarden simply works
Current Behavior
Bitwarden reverse proxy does not work.
Steps to Reproduce
Environment
OS: Unraid CPU architecture: x86_64/arm32/arm64 How docker service was installed:
via community applications
Command used to create docker container (run/create/compose/screenshot)
Docker logs
Hi, I updated Swag container and now my bitwarden instance is not working anymore. Checking swag log I found a message asking me to update nginx conf files so I update conf file inside nginx folder with new template, renamed container as requested in that file from bitwardenrs to bitwarden and set true to WEBSOCKET_ENABLED in bitwarden container. Still can't access from outside. Any hint?
Previous conf file
New Conf file