Getting 502 after new Update

dreptschar · November 17, 2024, 12:50pm

Hey,
im using Vaultwarden behind a Traefik rp but after the newest Vaultwarden update im getting a 502 Error.
In the Logs of Traefik i get:
172.68.245.60 - - [17/Nov/2024:12:46:46 +0000] “GET / HTTP/2.0” 502 11 “-” “-” 705 “bitwarden@docker” “http://172.28.0.2:80” 14310ms

The Traefik config on Vaultwarden is:

      traefik.enable: true
      traefik.http.routers.bitwarden.entrypoints: websecure-external
      traefik.http.routers.bitwarden.rule: Host(`vaultwarden.xxx.com`)
      traefik.http.routers.bitwarden.service: bitwarden-service
      traefik.http.services.bitwarden-service.loadbalancer.server.port: 80
      traefik.http.routers.bitwarden.tls: true
      traefik.http.routers.bitwarden.tls.certresolver: cloudflare
      traefik.http.routers.bitwarden-ws.entrypoints: websecure-external
      traefik.http.routers.bitwarden-ws.rule: Host(`vaultwarden.xxx.com`) && Path(`/notifications/hub`)
      traefik.http.routers.bitwarden-ws.service: bitwarden-ws-service
      traefik.http.services.bitwarden-ws-service.loadbalancer.server.port: 3012
      traefik.http.routers.bitwarden-ws.tls.certresolver: cloudflare
      traefik.http.routers.bitwarden-ws.tls: true
      traefik.docker.network: proxy
      traefik.http.routers.bitwarden-admin.entrypoints: websecure-external
      traefik.http.routers.bitwarden-admin.rule: Host(`vaultwarden.xxx.com`) && Path(`/admin`)
      traefik.http.routers.bitwarden-admin.service: bitwarden-admin-service
      traefik.http.services.bitwarden-admin-service.loadbalancer.server.port: 80
      traefik.http.routers.bitwarden-admin.middlewares: local-ipwhitelist@file

Does anyone experience the same issue ?

elordude · December 11, 2024, 3:07am

I’m seeing the same issue after going from 1.32.5 → 1.32.6 - I reverted, and everything is working OK - i"m using HAPROXY

elordude · December 13, 2024, 5:37pm

I can does not get the docker version upgraded from 1.32.5 → 1.32.6 to work. I get 502 Bad Gateway with the 1.32.6 version every time, it does not matter how I upgrade the docker.

I followed the procedure described here → Updating the vaultwarden image · dani-garcia/vaultwarden Wiki

I used exactly the same docker command for both, only going back and forcing the 1.32.5 (bottom) version I do not get the 502 bad gateway error. I try incognito/cleaning cache in browser but nothing.

sudo docker pull vaultwarden/server:latest
sudo docker stop vaultwarden
sudo docker rm vaultwarden
sudo docker run --detach --name vaultwarden \
  --env DOMAIN="https://vault.xxxxxx.com" \
  --volume /mnt/vault/:/data/ \
  --restart unless-stopped \
  --publish 7000:80 \
 -e TZ=America/Los_Angeles  \
-e TRASH_AUTO_DELETE_DAYS=7 \
 -e ADMIN_TOKEN='xxxxx' \
-e SIGNUPS_ALLOWED=false \
 -e SMTP_HOST=smtp.gmail.com \
 -e SMTP_FROM=vaultwarden@xxxxxx.com \
 -e SMTP_PORT=587 \
 -e SMTP_SECURITY=starttls \
 -e SMTP_USERNAME=xxxxxx@gmail.com \
 -e SMTP_PASSWORD=xxxxxx  \
 -e SHOW_PASSWORD_HINT=false \
 -e PUSH_ENABLED=true \
 -e PUSH_INSTALLATION_ID=xxxxx \
 -e PUSH_INSTALLATION_KEY=xxxxxxx \
vaultwarden/server:lastest

sudo docker run --detach --name vaultwarden \
  --env DOMAIN="https://vault.xxxxxx.com" \
  --volume /mnt/vault/:/data/ \
  --restart unless-stopped \
  --publish 7000:80 \
 -e TZ=America/Los_Angeles  \
-e TRASH_AUTO_DELETE_DAYS=7 \
 -e ADMIN_TOKEN='xxxxx' \
-e SIGNUPS_ALLOWED=false \
 -e SMTP_HOST=smtp.gmail.com \
 -e SMTP_FROM=vaultwarden@xxxxxx.com \
 -e SMTP_PORT=587 \
 -e SMTP_SECURITY=starttls \
 -e SMTP_USERNAME=xxxxxx@gmail.com \
 -e SMTP_PASSWORD=xxxxxx  \
 -e SHOW_PASSWORD_HINT=false \
 -e PUSH_ENABLED=true \
 -e PUSH_INSTALLATION_ID=xxxxx \
 -e PUSH_INSTALLATION_KEY=xxxxxxx \
vaultwarden/server:1.32.5

elordude · January 2, 2025, 9:26pm

Well, in order to get 1.32.6 or 1.32.7 working again I have to modify the setting on HAPROXY to disable HTTP/2 (proto h2). Nowhere in the release notes it mention anything about http protocols fix/update/change.

BlackDex · January 2, 2025, 11:33pm

Vaultwarden never supported http/2.
So maybe your reverse proxy got an update too and have this enabled, or maybe even a bug?

Topic		Replies	Views
Vaultwarden with Traefik on Docker swarm Help	1	731	March 20, 2024
Vaultwarden not reachable after update to latest version	1	415	March 5, 2024
Migrating from passbolt and traefik to bitwarden and traefik Help	0	28	January 30, 2025
Vaultwarden + ModSecurity websockets 502 Bad Gateway	1	1153	March 9, 2023
Running a private vaultwarden instance with Traefik	1	825	April 17, 2024

Getting 502 after new Update

Related topics