HTTPS Configuration error help

Help
1

This is my command to run bitwarden_rs:

docker run -d --name bitwarden \
  -e ROCKET_TLS='{certs="/ssl/fullchain.pem",key="/ssl/privkey.pem"}' \
  -v /etc/letsencrypt/live/cloud.domain.dev/:/ssl/ \
  -v /bw-data/:/data/ \
  -p 7443:80 \
  bitwardenrs/server:latest

But I’m getting I/O error while setting tls.certs.

The files in /etc/letsencrypt/live/cloud.domain.dev/ are:
cert.pem
chain.pem
fullchain.pem
privkey.pem

2

Hi,

Simlink no working
Please change to:

docker run -d --name bitwarden
-e ROCKET_TLS=‘{certs=“ssl/cert1.pem”,key=“ssl/privkey1.pem”}’
-v /etc/letsencrypt/archive/cloud.domain.dev/:/ssl/
-v /bw-data/:/data/
-p 7443:80
bitwardenrs/server:latest

3

Thanks for the reply @Nag

These are the files under /etc/letsencrypt/live/cloud.domain.dev/

drwxr-xr-x 2 root root 4096 Aug  3 05:16 .
drwxr-xr-x 3 root root 4096 Apr 22 01:36 ..
lrwxrwxrwx 1 root root   43 Aug  3 05:16 cert.pem -> ../../archive/cloud.domain.dev/cert3.pem
lrwxrwxrwx 1 root root   44 Aug  3 05:16 chain.pem -> ../../archive/cloud.domain.dev/chain3.pem
lrwxrwxrwx 1 root root   48 Aug  3 05:16 fullchain.pem -> ../../archive/cloud.domain.dev/fullchain3.pem
lrwxrwxrwx 1 root root   46 Aug  3 05:16 privkey.pem -> ../../archive/cloud.domain.dev/privkey3.pem

Using this command:

docker run -d --name bitwarden \
-e ROCKET_TLS='{certs="/ssl/fullchain3.pem",key="/ssl/privkey3.pem"}' \
-v /etc/letsencrypt/archive/cloud.domain.dev/:/ssl/ \
-v /bw-data/:/data/ \
-p 7443:80 \
bitwardenrs/server:latest

I’m getting the error:

Logger failed to initialize: attempted to set a logger after the logging system was already initialized
[2020-09-17 16:29:06.995][rocket::config::error][ERROR] environment variable ROCKET_TLS={certs="/ssl/fullchain3.pem",key="/ssl/privkey3.pem"} could not be parsed
4

Are you using ECC certs? See https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-HTTPS. Also, as mentioned there, life will probably be easier and better if you use a reverse proxy to handle TLS.

5

I’m not sure, the current certificate is generated via nextcloudpi which I’m just reusing for bitwarden as they are under the same domain.

For reverse proxy, I did look in to it but as my current nextcloud configuration is handled via nextcloudpi, I’m trying to separate them so ncp scripts won’t be affected.