Hi guys,
First of all I want to say that I really enjoy the project and this community has educated me a lot over the past weeks!
I’ve set up my bitwarden_rs docker container using traefik v2 reverse proxy. Everything works fine but when I go to the diagnostics page it tells me that I’m not using a proxy, which makes me anxious.
### Your environment (Generated via diagnostics page)
* Bitwarden_rs version: v1.19.0
* Web-vault version: v2.18.1
* Running within Docker: true
* Internet access: true
* Uses a proxy: false
* DNS Check: true
* Time Check: true
* Domain Configuration Check: true
* HTTPS Check: true
* Database type: SQLite
* Clients used:
* Reverse proxy and version:
* Other relevant information:
}
My question is: how is the “Uses a proxy”-check determined? Is my bitwarden_rs server unsafe now?
Traefik v2 labels used in docker-compose file:
labels:
- "traefik.enable=true"
## HTTP-to-HTTPS Redirect
- "traefik.http.routers.http-catchall.entrypoints=http"
- "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https@file"
## HTTP Routers (Main)
- "traefik.http.routers.bitwarden-rtr.entrypoints=https"
- "traefik.http.routers.bitwarden-rtr.rule=Host(`vault.$DOMAIN_NAME`)"
- "traefik.http.routers.bitwarden-rtr.priority=10"
- "traefik.http.routers.bitwarden-rtr.tls=true"
- "traefik.http.routers.bitwarden-rtr.service=bitwarden-svc"
- "traefik.http.services.bitwarden-svc.loadbalancer.server.port=80"
- "traefik.http.routers.bitwarden-rtr.middlewares=chain-oauth@file"
## HTTP Routers (Websocket)
- "traefik.http.routers.bitwarden-websocket-rtr.entrypoints=https"
- "traefik.http.routers.bitwarden-websocket-rtr.rule=Host(`vault.$DOMAIN_NAME`) && Path(`/notifications/hub`)"
- "traefik.http.routers.bitwarden-websocket-rtr.priority=20"
- "traefik.http.routers.bitwarden-websocket-rtr.tls=true"
- "traefik.http.routers.bitwarden-websocket-rtr.service=bitwarden-websocket-svc"
- "traefik.http.services.bitwarden-websocket-svc.loadbalancer.server.port=3012"
- "traefik.http.routers.bitwarden-websocket-rtr.middlewares=chain-oauth@file"
## HTTP Routers (Admin)
- "traefik.http.routers.bitwarden-admin-rtr.entrypoints=https"
- "traefik.http.routers.bitwarden-admin-rtr.rule=Host(`vault.$DOMAIN_NAME`) && Path(`/admin`)"
- "traefik.http.routers.bitwarden-admin-rtr.priority=20"
- "traefik.http.routers.bitwarden-admin-rtr.tls=true"
- "traefik.http.routers.bitwarden-admin-rtr.service=bitwarden-svc"
- "traefik.http.routers.bitwarden-admin-rtr.middlewares=chain-oauth@file"
Thanks in advance,
Thomasolicious
edit: added traefik v2 labels