I did the Safari Web Inspector and this is what it shows when I try to log in.
This is my docker-compose code for Bitwarden:
# Bitwarden - Password Manager
bitwarden:
image: bitwardenrs/server:latest
container_name: bitwarden
restart: unless-stopped
networks:
- t2_proxy
- bw-net
volumes:
- $DOCKERDIR/bitwarden:/data
- /var/log/docker:/var/log/docker
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
- SIGNUPS_ALLOWED=false
- WEBSOCKET_ENABLED=true
- DOMAIN=https://bitwarden.$DOMAINNAME
- LOG_FILE=/data/bitwarden.log
- LOG_LEVEL=info
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.bitwarden-rtr.entrypoints=https"
- "traefik.http.routers.bitwarden-rtr.rule=Host(`bitwarden.$DOMAINNAME`)"
- "traefik.http.routers.bitwarden-rtr.priority=10"
## Middlewares
- "traefik.http.routers.bitwarden-rtr.middlewares=middlewares-secure-headers@file"
## HTTP Services
- "traefik.http.routers.bitwarden-rtr.service=bitwarden-svc"
- "traefik.http.services.bitwarden-svc.loadbalancer.server.port=80"
## Bitwarden Websocket
- "traefik.http.routers.bitwardenHub-rtr.entrypoints=https"
- "traefik.http.routers.bitwardenHub-rtr.rule=Host(`bitwarden.$DOMAINNAME`) && Path(`/notifications/hub`)"
- "traefik.http.routers.bitwardenHub-rtr.priority=20"
- "traefik.http.routers.bitwardenHub-rtr.service=bitwardenHub-svc"
- "traefik.http.services.bitwardenHub-svc.loadbalancer.server.port=3012"
And this is the middleware from Traefik v2
[http.middlewares.middlewares-secure-headers]
[http.middlewares.middlewares-secure-headers.headers]
accessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
accessControlMaxAge = 100
hostsProxyHeaders = ["X-Forwarded-Host"]
sslRedirect = true
stsSeconds = 63072000
stsIncludeSubdomains = true
stsPreload = true
forceSTSHeader = true
# frameDeny = true #overwritten by customFrameOptionsValue
customFrameOptionsValue = "allow-from https:example.com" #CSP takes care of this but may be needed for organizr.
contentTypeNosniff = true
browserXssFilter = true
# sslForceHost = true # add sslHost to all of the services
# sslHost = "example.com"
referrerPolicy = "same-origin"
# Setting contentSecurityPolicy is more secure but it can break things. Proper auth will reduce the risk.
# the below line also breaks some apps due to 'none' - sonarr, radarr, etc.
# contentSecurityPolicy = "frame-ancestors '*.example.com:*';object-src 'none';script-src 'none';"
featurePolicy = "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none';"
[http.middlewares.middlewares-secure-headers.headers.customResponseHeaders]
X-Robots-Tag = "none,noarchive,nosnippet,notranslate,noimageindex,"
server = ""