Docker container fails - First time user

ctm · January 6, 2023, 9:41pm

Hello, I am attempting to migrate from LP to VW and am having issues getting the VW docker container to successfully start and stay running. below is my docker config code. I have compared this to my other docker/traefik containers and I dont see anything standing out as being an issue.

LOG:


/--------------------------------------------------------------------\
|                        Starting Vaultwarden                        |
|                           Version 1.27.0                           |
|--------------------------------------------------------------------|
| This is an *unofficial* Bitwarden implementation, DO NOT use the   |
| official channels to report bugs/features, regardless of client.   |
| Send usage/configuration questions or feature requests to:         |
|   https://vaultwarden.discourse.group/                             |
| Report suspected bugs/issues in the software itself at:            |
|   https://github.com/dani-garcia/vaultwarden/issues/new            |
\--------------------------------------------------------------------/

FO] No .env file found.

Docker Compose Lines:

# Password Manager
  vaultwarden:
    container_name: Vaultwarden
    image: vaultwarden/server:latest
    restart: always
    volumes:
      - $USERDIR/vaultwarden/Data:/data
      - $USERDIR/vaultwarden/SSL:/ssl
      - $USERDIR/vaultwarden/Logs:/logs
      - /etc/localtime:/etc/localtime:ro
    networks:
      - traefik
    ports:
      - "$VAULTWARDEN_PORT:8443"
      - "$VAULTWARDEN_WEBSOCKET_PORT:3012"
    user: $PUID:$PGID
    environment:
      - LOG_FILE=/logs/vaultwarden.log
      - LOG_LEVEL=trace
      - ADMIN_TOKEN=$VAULTWARDEN_ADMIN_TOKEN
      # - WEBSOCKET_ENABLED=true
      - ORG_EVENTS_ENABLED=true
      - EVENTS_DAYS_RETAIN=120
      - PASSWORD_ITERATIONS=500000
      - DOMAIN=https://vaultw.$DOMAINNAME:8444
    # logging:
    #   driver: "local"
    #   options:
    #     max-size: 10m
    #     max-file: "3"
    labels: 
      # - autoheal=true
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.vaultwarden-rtr.entrypoints=https"
      - "traefik.http.routers.vaultwarden-websocket.entrypoints=https"
      - "traefik.http.routers.vaultwarden-admin.entrypoints=https"
      - "traefik.http.routers.vaultwarden-rtr.rule=HostHeader(`vaultw.$DOMAINNAME`)"
      - "traefik.http.routers.vaultwarden-websocket.rule=HostHeader(`vaultw.$DOMAINNAME`) && Path(`/notifications/hub`)"
      - "traefik.http.routers.vaultwarden-admin.rule=HostHeader(`vaultw.$DOMAINNAME`) && Path(`/admin`)"
      # - "traefik.http.routers.vaultwarden-rtr.tls=true"
      # - "traefik.http.routers.vaultwarden-admin.tls=true"
      # - "traefik.http.routers.vaultwarden-websocket.tls=true"
            ## Middlewares
      # - "traefik.http.routers.vaultwarden-rtr.middlewares=chain-oauth@file"
      # - "traefik.http.routers.vaultwarden-rtr.middlewares=chain-authelia@file"
      # - "traefik.http.routers.vaultwarden-admin.middlewares=chain-authelia@file" # Authelia for Admin
      # - "traefik.http.routers.vaultwarden-rtr.middlewares=chain-no-auth@file" #No auth for dashboard
      # - "traefik.http.routers.vaultwarden-websocket.middlewares=chain-no-auth@file" #No auth for websocket
      - "traefik.http.routers.vaultwarden-admin.middlewares=chain-authelia@file" # Authelia for Admin
      - "traefik.http.routers.vaultwarden-rtr.middlewares=chain-no-auth@file" #No auth for dashboard
      - "traefik.http.routers.vaultwarden-websocket.middlewares=chain-no-auth@file" #No auth for websocket
      ## HTTP Services
      - "traefik.http.routers.vaultwarden-rtr.service=vaultwarden-svc"
      - "traefik.http.routers.vaultwarden-websocket.service=vaultwarden-websocket-svc"
      - "traefik.http.routers.vaultwarden-admin.service=vaultwarden-admin-svc"
      - "traefik.http.services.vaultwarden-svc.loadbalancer.server.port=8089"
      - "traefik.http.services.vaultwarden-admin-svc.loadbalancer.server.port=8089"
      - "traefik.http.services.vaultwarden-websocket-svc.loadbalancer.server.port=3012"
    # depends_on: 
    #   - traefik

Any help is appreciated!

BlackDex · January 6, 2023, 9:58pm

Isn’t there any more logs from Vaultwarden??
You even have log level on trace, so i would expect to see a bit more. overall it looks ok indeed.

ctm · January 6, 2023, 10:08pm

I was expecting more logs as well. I started with logging level set to info and lowered it expecting to see something more. I am assuming the line FO] No .env file found. in the log shouldn’t prevent the container from starting properly, is that correct? In Portainer, I see the container health status listed as unhealthy and it seems like the container is in a boot loop.

BlackDex · January 6, 2023, 10:24pm

Ah, i think it is the port. It looks like you are using 8443 as port, but that is not configured. You need to set ROCKET_PORT so that it will run on the correct port.

ctm · January 6, 2023, 10:44pm

I added the ROCKET_PORT environment variable and still have the same results. I also noticed that the traefik ports were different so I attempted to update those too. nothing has changed. here is my most recent docker config:

  vaultwarden:
    container_name: Vaultwarden
    image: vaultwarden/server:latest
    restart: always
    volumes:
      - $USERDIR/vaultwarden/Data:/data
      - $USERDIR/vaultwarden/SSL:/ssl
      - $USERDIR/vaultwarden/Logs:/logs
      - /etc/localtime:/etc/localtime:ro
    networks:
      - t2_proxy
    ports:
      - "$VAULTWARDEN_PORT:8089"
      - "$VAULTWARDEN_WEBSOCKET_PORT:3012"
    user: $PUID:$PGID
    environment:
      - LOG_FILE=/logs/vaultwarden.log
      - LOG_LEVEL=trace
      - ADMIN_TOKEN=$VAULTWARDEN_ADMIN_TOKEN
      # - WEBSOCKET_ENABLED=true
      - ORG_EVENTS_ENABLED=true
      - EVENTS_DAYS_RETAIN=120
      - PASSWORD_ITERATIONS=500000
      - DOMAIN=https://vaultw.$DOMAINNAME
      - ROCKET_PORT=8089
    # logging:
    #   driver: "local"
    #   options:
    #     max-size: 10m
    #     max-file: "3"
    labels: 
      # - autoheal=true
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.vaultwarden-rtr.entrypoints=https"
      - "traefik.http.routers.vaultwarden-websocket.entrypoints=https"
      - "traefik.http.routers.vaultwarden-admin.entrypoints=https"
      - "traefik.http.routers.vaultwarden-rtr.rule=HostHeader(`vaultw.$DOMAINNAME`)"
      - "traefik.http.routers.vaultwarden-websocket.rule=HostHeader(`vaultw.$DOMAINNAME`) && Path(`/notifications/hub`)"
      - "traefik.http.routers.vaultwarden-admin.rule=HostHeader(`vaultw.$DOMAINNAME`) && Path(`/admin`)"
      # - "traefik.http.routers.vaultwarden-rtr.tls=true"
      # - "traefik.http.routers.vaultwarden-admin.tls=true"
      # - "traefik.http.routers.vaultwarden-websocket.tls=true"
            ## Middlewares
      # - "traefik.http.routers.vaultwarden-rtr.middlewares=chain-oauth@file"
      # - "traefik.http.routers.vaultwarden-rtr.middlewares=chain-authelia@file"
      # - "traefik.http.routers.vaultwarden-admin.middlewares=chain-authelia@file" # Authelia for Admin
      # - "traefik.http.routers.vaultwarden-rtr.middlewares=chain-no-auth@file" #No auth for dashboard
      # - "traefik.http.routers.vaultwarden-websocket.middlewares=chain-no-auth@file" #No auth for websocket
      - "traefik.http.routers.vaultwarden-admin.middlewares=chain-authelia@file" # Authelia for Admin
      - "traefik.http.routers.vaultwarden-rtr.middlewares=chain-no-auth@file" #No auth for dashboard
      - "traefik.http.routers.vaultwarden-websocket.middlewares=chain-no-auth@file" #No auth for websocket
      ## HTTP Services
      - "traefik.http.routers.vaultwarden-rtr.service=vaultwarden-svc"
      - "traefik.http.routers.vaultwarden-websocket.service=vaultwarden-websocket-svc"
      - "traefik.http.routers.vaultwarden-admin.service=vaultwarden-admin-svc"
      - "traefik.http.services.vaultwarden-svc.loadbalancer.server.port=8089"
      - "traefik.http.services.vaultwarden-admin-svc.loadbalancer.server.port=8089"
      - "traefik.http.services.vaultwarden-websocket-svc.loadbalancer.server.port=3012"
    # depends_on: 
    #   - traefik

BlackDex · January 6, 2023, 10:59pm

Not sure if the DOMAIN env needs to be quoted?

ctm · January 6, 2023, 11:15pm

adding ' or " around the domain variable like this DOMAIN='https://vaultw.$DOMAINNAME' generated these log entries:


Error validating domain: relative URL without a base
Error loading config:
	DOMAIN variable needs to contain the protocol (http, https). Use 'http[s]://bw.example.com' instead of 'bw.example.com'

stefan0xC · January 6, 2023, 11:53pm

Sounds like vaultwarden silently fails if LOG_FILE is defined but has no permission to write there · Issue #3055 · dani-garcia/vaultwarden · GitHub

ctm · January 7, 2023, 12:43am

Removing the LOG_FILE line from the config now gets me the below error, indicating that I likely did have a permissions issue with the log. Thanks for the tip. I’ll work to resolve my volume permissions and report back if I have additional issues. Thank you.

[2023-01-07 00:40:11.112][vaultwarden::util][ERROR] Can't create 'data/rsa_key.pem': Permission denied
[2023-01-07 00:40:11.112][vaultwarden][ERROR] Error creating keys, exiting...

Topic		Replies	Views
Problem with Docker + bind mounted data volume: Can't connect to database, retrying: Failed to create pool Help	2	611	July 11, 2022
Vaultwarden wont start	1	1304	October 15, 2022
Problem with db Help	0	95	November 15, 2023
Integrate VW in exisiting mariadb container Third Party Help	7	976	January 10, 2023
Error loading config: Unable to write to log file. /data/vaultwarden.log Help	1	1084	May 25, 2023

Docker container fails - First time user

Related Topics