I am using docker on Ubuntu 20.04 and used docker-compose built a bitwardenrs container.
The web vault was ok , but the wss connect was notworking.
This is my docker-compose
version: '3'
services:
bitwarden:
image: bitwardenrs/server
container_name: bitwarden
restart: always
volumes:
- ./data:/data
environment:
WEBSOCKET_ENABLE: 'true'
SIGNUPS_ALLOWED: 'false'
WEB_VAULT_ENABLE: 'true'
#ADMIN_TOKEN: ''
ports:
- "127.0.0.1:33687:80"
- "127.0.0.1:33688:3012"
labels:
- "traefik.frontend.headers.frameDeny=true"
my nginx config
upstream docker_bw {
server 127.0.0.1:33687;
}
upstream docker_bw_socket {
server 127.0.0.1:33688;
}
...
location /notifications/hub {
proxy_pass http://docker_bw_socket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
proxy_pass http://docker_bw;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /notifications/hub/negotiate {
proxy_pass http://docker_bw;
}
....
but the wss connections always return 502 , and this is the nginx error log
2020/10/10 19:43:43 [error] 210875#210875: *47 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 192.168.2.2, server: xxxxxxxx, request: "GET /notifications/hub?access_token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx HTTP/1.1", upstream: "http://127.0.0.1:33688/notifications/hub?access_token=xxxxxxxxxxxxxxxxxxxxx
how to resolve that , help please, and does the wss is required ?
I’m not sure but what does the traefik label do?
Could that manipulate the http?
What happens if you remove that?
yeah, that traefik not working so i removed that. but wss still error
On the host where nginx is installed could you try to run the following?
curl -i -N -H "Connection: Upgrade" -H "Upgrade: websocket" "http://127.0.0.1:33688/notifications/hub"
This will not work, but you should get something like this:
HTTP/1.1 400 Bad Request
WebSocket Protocol Error: Unable to parse WebSocket key.
➜ curl -i -N -H "Connection: Upgrade" -H "Upgrade: websocket" "http://127.0.0.1:33688/notifications/hub"
curl: (52) Empty reply from server
and i use docker exec command into the contain
docker exec -i -t bitwarden curl 127.0.0.1:3012
# curl: (7) Failed to connect to 127.0.0.1 port 3012: Connection refused
that seem like contain does not start wss server , i do not know what happened
Could you check your bitwarden.log file?
It should state that it started both web and websocket ports.
thanks a lot. but i can not find logs file at /data or /var/log, and i use find / -name bitwarden*
just found a bitwarden_rs, i think that is a executable binary
That should be in your /data folder where the sqlite database is stored also.
So in your case ./data
if i’m correct. Else try docker logs bitwarden | less
at the top you should see which version there is running, but also a few lines like this.
[2020-10-10 21:49:31.507][ws][INFO] Listening for new connections on 0.0.0.0:3012.
[2020-10-10 21:49:31.507][start][INFO] Rocket has launched from http://0.0.0.0:80
Could you check that?
yeah , but just only running port 80
[start][INFO] Rocket has launched from http://0.0.0.0:80
[2020-10-11 11:12:17.419][request][INFO] POST /api/accounts/prelogin
i do not know why do not start wss server
@ytbforpre, it’s a very nasty one why it doesn’t start ;).
That variable has to be with a D
in the end.
WEBSOCKET_ENABLED=true
The same for
WEB_VAULT_ENABLED=true
btw.
1 Like
yep, i read the bitwarden_rs github wiki and i saw that, WEBSOCKET_ENABLED , lol
that things tell me do not copy something from unofficial articles.
at last, thanks a lot for helping