Hey,
im using Vaultwarden behind a Traefik rp but after the newest Vaultwarden update im getting a 502 Error.
In the Logs of Traefik i get:
172.68.245.60 - - [17/Nov/2024:12:46:46 +0000] “GET / HTTP/2.0” 502 11 “-” “-” 705 “bitwarden@docker” “http://172.28.0.2:80” 14310ms
The Traefik config on Vaultwarden is:
traefik.enable: true
traefik.http.routers.bitwarden.entrypoints: websecure-external
traefik.http.routers.bitwarden.rule: Host(`vaultwarden.xxx.com`)
traefik.http.routers.bitwarden.service: bitwarden-service
traefik.http.services.bitwarden-service.loadbalancer.server.port: 80
traefik.http.routers.bitwarden.tls: true
traefik.http.routers.bitwarden.tls.certresolver: cloudflare
traefik.http.routers.bitwarden-ws.entrypoints: websecure-external
traefik.http.routers.bitwarden-ws.rule: Host(`vaultwarden.xxx.com`) && Path(`/notifications/hub`)
traefik.http.routers.bitwarden-ws.service: bitwarden-ws-service
traefik.http.services.bitwarden-ws-service.loadbalancer.server.port: 3012
traefik.http.routers.bitwarden-ws.tls.certresolver: cloudflare
traefik.http.routers.bitwarden-ws.tls: true
traefik.docker.network: proxy
traefik.http.routers.bitwarden-admin.entrypoints: websecure-external
traefik.http.routers.bitwarden-admin.rule: Host(`vaultwarden.xxx.com`) && Path(`/admin`)
traefik.http.routers.bitwarden-admin.service: bitwarden-admin-service
traefik.http.services.bitwarden-admin-service.loadbalancer.server.port: 80
traefik.http.routers.bitwarden-admin.middlewares: local-ipwhitelist@file
Does anyone experience the same issue ?
I’m seeing the same issue after going from 1.32.5 → 1.32.6 - I reverted, and everything is working OK - i"m using HAPROXY
I can does not get the docker version upgraded from 1.32.5 → 1.32.6 to work. I get 502 Bad Gateway with the 1.32.6 version every time, it does not matter how I upgrade the docker.
I followed the procedure described here → Updating the vaultwarden image · dani-garcia/vaultwarden Wiki
I used exactly the same docker command for both, only going back and forcing the 1.32.5 (bottom) version I do not get the 502 bad gateway error. I try incognito/cleaning cache in browser but nothing.
sudo docker pull vaultwarden/server:latest
sudo docker stop vaultwarden
sudo docker rm vaultwarden
sudo docker run --detach --name vaultwarden \
--env DOMAIN="https://vault.xxxxxx.com" \
--volume /mnt/vault/:/data/ \
--restart unless-stopped \
--publish 7000:80 \
-e TZ=America/Los_Angeles \
-e TRASH_AUTO_DELETE_DAYS=7 \
-e ADMIN_TOKEN='xxxxx' \
-e SIGNUPS_ALLOWED=false \
-e SMTP_HOST=smtp.gmail.com \
-e SMTP_FROM=vaultwarden@xxxxxx.com \
-e SMTP_PORT=587 \
-e SMTP_SECURITY=starttls \
-e SMTP_USERNAME=xxxxxx@gmail.com \
-e SMTP_PASSWORD=xxxxxx \
-e SHOW_PASSWORD_HINT=false \
-e PUSH_ENABLED=true \
-e PUSH_INSTALLATION_ID=xxxxx \
-e PUSH_INSTALLATION_KEY=xxxxxxx \
vaultwarden/server:lastest
sudo docker run --detach --name vaultwarden \
--env DOMAIN="https://vault.xxxxxx.com" \
--volume /mnt/vault/:/data/ \
--restart unless-stopped \
--publish 7000:80 \
-e TZ=America/Los_Angeles \
-e TRASH_AUTO_DELETE_DAYS=7 \
-e ADMIN_TOKEN='xxxxx' \
-e SIGNUPS_ALLOWED=false \
-e SMTP_HOST=smtp.gmail.com \
-e SMTP_FROM=vaultwarden@xxxxxx.com \
-e SMTP_PORT=587 \
-e SMTP_SECURITY=starttls \
-e SMTP_USERNAME=xxxxxx@gmail.com \
-e SMTP_PASSWORD=xxxxxx \
-e SHOW_PASSWORD_HINT=false \
-e PUSH_ENABLED=true \
-e PUSH_INSTALLATION_ID=xxxxx \
-e PUSH_INSTALLATION_KEY=xxxxxxx \
vaultwarden/server:1.32.5
Well, in order to get 1.32.6 or 1.32.7 working again I have to modify the setting on HAPROXY to disable HTTP/2 (proto h2). Nowhere in the release notes it mention anything about http protocols fix/update/change.
Vaultwarden never supported http/2.
So maybe your reverse proxy got an update too and have this enabled, or maybe even a bug?