Is my proxy setup correctly or not?

Hi guys,

First of all I want to say that I really enjoy the project and this community has educated me a lot over the past weeks!

I’ve set up my bitwarden_rs docker container using traefik v2 reverse proxy. Everything works fine but when I go to the diagnostics page it tells me that I’m not using a proxy, which makes me anxious.

### Your environment (Generated via diagnostics page)
* Bitwarden_rs version: v1.19.0
* Web-vault version: v2.18.1
* Running within Docker: true
* Internet access: true
* Uses a proxy: false
* DNS Check: true
* Time Check: true
* Domain Configuration Check: true
* HTTPS Check: true
* Database type: SQLite
* Clients used: 
* Reverse proxy and version: 
* Other relevant information: 
}

My question is: how is the “Uses a proxy”-check determined? Is my bitwarden_rs server unsafe now?


Traefik v2 labels used in docker-compose file:

    labels:
      - "traefik.enable=true"
      ## HTTP-to-HTTPS Redirect
      - "traefik.http.routers.http-catchall.entrypoints=http"
      - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https@file"
      ## HTTP Routers (Main)
      - "traefik.http.routers.bitwarden-rtr.entrypoints=https"
      - "traefik.http.routers.bitwarden-rtr.rule=Host(`vault.$DOMAIN_NAME`)"
      - "traefik.http.routers.bitwarden-rtr.priority=10"
      - "traefik.http.routers.bitwarden-rtr.tls=true"
      - "traefik.http.routers.bitwarden-rtr.service=bitwarden-svc"
      - "traefik.http.services.bitwarden-svc.loadbalancer.server.port=80"
      - "traefik.http.routers.bitwarden-rtr.middlewares=chain-oauth@file"
      ## HTTP Routers (Websocket)
      - "traefik.http.routers.bitwarden-websocket-rtr.entrypoints=https"
      - "traefik.http.routers.bitwarden-websocket-rtr.rule=Host(`vault.$DOMAIN_NAME`) && Path(`/notifications/hub`)"
      - "traefik.http.routers.bitwarden-websocket-rtr.priority=20"
      - "traefik.http.routers.bitwarden-websocket-rtr.tls=true"
      - "traefik.http.routers.bitwarden-websocket-rtr.service=bitwarden-websocket-svc"
      - "traefik.http.services.bitwarden-websocket-svc.loadbalancer.server.port=3012"
      - "traefik.http.routers.bitwarden-websocket-rtr.middlewares=chain-oauth@file"
      ## HTTP Routers (Admin)
      - "traefik.http.routers.bitwarden-admin-rtr.entrypoints=https"
      - "traefik.http.routers.bitwarden-admin-rtr.rule=Host(`vault.$DOMAIN_NAME`) && Path(`/admin`)"
      - "traefik.http.routers.bitwarden-admin-rtr.priority=20"
      - "traefik.http.routers.bitwarden-admin-rtr.tls=true"
      - "traefik.http.routers.bitwarden-admin-rtr.service=bitwarden-svc"
      - "traefik.http.routers.bitwarden-admin-rtr.middlewares=chain-oauth@file"

Thanks in advance,

Thomasolicious

edit: added traefik v2 labels

“Uses a proxy” refers to whether an HTTP/HTTPS proxy environment variable is set:

I wouldn’t think people use this configuration much, but it would probably be better to at least label it “Uses a forward proxy” for clarity.

I found that part in the source code too, but couldn’t find if it was related to a forward or reverse proxy setting. Thanks for clarifying!