Nginx reverse proxy not loading resources

I am running nginx and vaultwarden within docker. Navigating my browser to the vaultwarden address and port directly does work. However, my attempt at getting nginx to act as a reverse proxy is not working. Valultwarden’s page resources (css, js, etc) are not getting loaded by nginx.


2023/01/24 00:44:42 [error] 113#113: *98 open() “/etc/nginx/sites/homepage/vaultwarden/app/main.82096a4e78d5d3f7b01b. css” failed (2: No such file or directory), client:, server: pi.mydomain. com, request: “GET /vaultwarden/app/main.82096a4e78d5d3f7b01b. css HTTP/1.1”, host: “pi.mydomain. com”, referrer: “http://pi.mydomain. com/vaultwarden/”


I know the basics of docker and have some minimal experience with nginx. I did take a look at Proxy examples · dani-garcia/vaultwarden Wiki · GitHub and apologize that I was not able to get this working based on the examples provided.

I have not tried adding vaultwarden as an upstream service yet because I don’t believe I need to (maybe I am wrong?) and want to keep it as simple as possible to get it working. Also, no https yet either.

Here are the relevant parts of my nginx.conf

root /etc/nginx/sites/homepage;

location /vaultwarden {
			proxy_redirect off;
			proxy_bind $server_addr;
			proxy_set_header Host $host;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header Forwarded $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header X-Forwarded-Proto $scheme;

			proxy_pass "http://vaultwarden/";


And the relevant parts of my docker-compose.yml

    image: arm32v7/nginx
    container_name: nginx
    restart: always
      - /home/pi/docker_volumes/nginx:/etc/nginx
      - /home/pi/docker_volumes/nginx/logs:/var/log/nginx #just keep a copy of all the logs
      - 80:80

    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: always
      #WEBSOCKET_ENABLED: "true"
      - vaultwarden.env
      #- 8062:80
      - /home/pi/docker_volumes/vaultwarden_data:/data

What do I need to do to tell nginx to forward the resource requests to vaultwarden?

First of all, I think you don’t need root /etc/nginx/sites/homepage; as everything will be served by the vaultwarden container. (Neither do you need quotes around "http://vaultwarden/" but that might not be an issue.)

Also I believe you don’t need to turn proxy_redirect off; when you set DOMAIN correctly but not sure (I have not tested your setup so it might not be an issue).

And lastly, you probably want to enable HTTPS.

So just wanted to add this here. I have had Vaultwarden running behind a NGINX reverse proxy for the last year with no issue and then last week started to have the same issue as Dennis. Nothing changed on the NGINX side at all yet resources like JS/CSS on the web page stopped working. I was able to pull up the Firefox debugger and could see 3 Content Security Policy errors.

My Headers are setup the same as Dennis and Nginx is taking HTTPS in, and http to VW.

Thanks @stefan0xC ,

I commented out the root line from the server context, pulled out the quotes, and removed the proxy_redirect off directive.

Still getting the same issue. I have not yet implemented https for nginx. Do you think that could be causing an issue or was that an unrelated issue that you wanted to point out?


Did you restart nginx? Because at least the error message should have changed (as it should not try to serve /etc/nginx/sites/homepage/vaultwarden/app/main.82096a4e78d5d3f7b01b.css anymore).

Good point. It did change but it is still looking for the file in it’s own default directory now.

2023/01/25 06:44:46 [error] 46#46: *28 open() "/etc/nginx/html/app/main.82096a4e78d5d3f7b01b.css" failed (2: No such file or directory), client:, server:, request: "GET /app/main.82096a4e78d5d3f7b01b.css HTTP/1.1", host: "localhost:39497", referrer: "http://localhost:39497/vaultwarden"

Looks like my docker image of nginx is nginx/1.23.3


I am getting 404 on my resources. I am not sure but it appears to be a different issue to yours. Regardless, would you mind posting your relevant snippets of your nginx.conf for setting up the reverse proxy?


OK I have found a solution to my problem. When I navigate to the url I have to append a trailing forward slash.

I say a solution because I don’t feel like I should need to include this slash. I am curious if everyone else has the same requirement.

According to the Nginx with sub-path (by BlackDex) proxy example from the wiki setting the trailing slash in location /vaultwarden/ { is important (as well as in the DOMAIN).

I did try the trailing slash on the location but that did not make a difference for me. Can you explain the DOMAIN variable that is declared? Is that a nginx variable being set? Because I don’t see it listed at Alphabetical index of variables and it is not referenced again in the example.

Update: It turns out I do need the trailing slash but I could only see the fix when I used the browser on the actual machine hosting nginx itself. For most of the other time I have been using my browser and a forwarded port from my pi. That was throwing a wrench in the works. Also, I found that my initial nginx config had some settings in it from a class I had taken while learning the basics of nginx.
Between the missing trailing slash, the snippet in the config, my use of a port forwarded browser, and my newness to nginx I ended up chasing my tail.

Thank you @stefan0xC, I believe this issue is sorted now.

So some times i would get 404 on the Firefox debug. But strangely everything is working fine now. Nothing was changed in the last 12 hours or so but now its fine… The wonders of being in tech lol.

1 Like

Some additional data for others that get a 404. See Using an alternate base dir · dani-garcia/vaultwarden Wiki · GitHub

And note step #3. The DOMAIN variable I was not sure about above is an environment variable that must be set. I did get vw to load without it but then ran into 404 issues when navigating to the admin page.

So my docker-compose has the DOMAIN variable set, and nginx.conf has a trailing slash after the sub path in its location and the proxy_pass does not have the trailing slash. Just as is stated in the “Nginx with sub-path (by BlackDex)” example.