Nginx reverse proxy not loading resources

dennis · January 24, 2023, 1:30am

I am running nginx and vaultwarden within docker. Navigating my browser to the vaultwarden address and port directly does work. However, my attempt at getting nginx to act as a reverse proxy is not working. Valultwarden’s page resources (css, js, etc) are not getting loaded by nginx.

`

2023/01/24 00:44:42 [error] 113#113: *98 open() “/etc/nginx/sites/homepage/vaultwarden/app/main.82096a4e78d5d3f7b01b. css” failed (2: No such file or directory), client: xxx.xxx.xxx.xxx, server: pi.mydomain. com, request: “GET /vaultwarden/app/main.82096a4e78d5d3f7b01b. css HTTP/1.1”, host: “pi.mydomain. com”, referrer: “http://pi.mydomain. com/vaultwarden/”

`

I know the basics of docker and have some minimal experience with nginx. I did take a look at Proxy examples · dani-garcia/vaultwarden Wiki · GitHub and apologize that I was not able to get this working based on the examples provided.

I have not tried adding vaultwarden as an upstream service yet because I don’t believe I need to (maybe I am wrong?) and want to keep it as simple as possible to get it working. Also, no https yet either.

Here are the relevant parts of my nginx.conf

server_name pi.mydomain.com; 
root /etc/nginx/sites/homepage;

location /vaultwarden {
			proxy_redirect off;
			proxy_bind $server_addr;
			proxy_set_header Host $host;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header Forwarded $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header X-Forwarded-Proto $scheme;

			proxy_pass "http://vaultwarden/";

		}

And the relevant parts of my docker-compose.yml

nginx:
    image: arm32v7/nginx
    container_name: nginx
    restart: always
    volumes:
      - /home/pi/docker_volumes/nginx:/etc/nginx
      - /home/pi/docker_volumes/nginx/logs:/var/log/nginx #just keep a copy of all the logs
    ports:
      - 80:80

vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: always
    #environment:
      #WEBSOCKET_ENABLED: "true"
    env_file: 
      - vaultwarden.env
    #ports:
      #- 8062:80
    volumes:
      - /home/pi/docker_volumes/vaultwarden_data:/data

What do I need to do to tell nginx to forward the resource requests to vaultwarden?

stefan0xC · January 25, 2023, 4:44am

First of all, I think you don’t need root /etc/nginx/sites/homepage; as everything will be served by the vaultwarden container. (Neither do you need quotes around "http://vaultwarden/" but that might not be an issue.)

Also I believe you don’t need to turn proxy_redirect off; when you set DOMAIN correctly but not sure (I have not tested your setup so it might not be an issue).

And lastly, you probably want to enable HTTPS.

FireAmpersand · January 25, 2023, 6:26am

So just wanted to add this here. I have had Vaultwarden running behind a NGINX reverse proxy for the last year with no issue and then last week started to have the same issue as Dennis. Nothing changed on the NGINX side at all yet resources like JS/CSS on the web page stopped working. I was able to pull up the Firefox debugger and could see 3 Content Security Policy errors.

My Headers are setup the same as Dennis and Nginx is taking HTTPS in, and http to VW.

dennis · January 25, 2023, 6:40am

Thanks @stefan0xC ,

I commented out the root line from the server context, pulled out the quotes, and removed the proxy_redirect off directive.

Still getting the same issue. I have not yet implemented https for nginx. Do you think that could be causing an issue or was that an unrelated issue that you wanted to point out?

Thanks

stefan0xC · January 25, 2023, 6:43am

Did you restart nginx? Because at least the error message should have changed (as it should not try to serve /etc/nginx/sites/homepage/vaultwarden/app/main.82096a4e78d5d3f7b01b.css anymore).

dennis · January 25, 2023, 6:49am

Good point. It did change but it is still looking for the file in it’s own default directory now.

2023/01/25 06:44:46 [error] 46#46: *28 open() "/etc/nginx/html/app/main.82096a4e78d5d3f7b01b.css" failed (2: No such file or directory), client: xxx.xxx.xx.xxx, server: pi.mydomain.com, request: "GET /app/main.82096a4e78d5d3f7b01b.css HTTP/1.1", host: "localhost:39497", referrer: "http://localhost:39497/vaultwarden"

dennis · January 25, 2023, 6:52am

Looks like my docker image of nginx is nginx/1.23.3

dennis · January 25, 2023, 7:01am

@FireAmpersand

I am getting 404 on my resources. I am not sure but it appears to be a different issue to yours. Regardless, would you mind posting your relevant snippets of your nginx.conf for setting up the reverse proxy?

Thanks

dennis · January 25, 2023, 7:48pm

OK I have found a solution to my problem. When I navigate to the url I have to append a trailing forward slash.

I say a solution because I don’t feel like I should need to include this slash. I am curious if everyone else has the same requirement.

stefan0xC · January 25, 2023, 8:05pm

According to the Nginx with sub-path (by BlackDex) proxy example from the wiki setting the trailing slash in location /vaultwarden/ { is important (as well as in the DOMAIN).

dennis · January 25, 2023, 8:49pm

I did try the trailing slash on the location but that did not make a difference for me. Can you explain the DOMAIN variable that is declared? Is that a nginx variable being set? Because I don’t see it listed at Alphabetical index of variables and it is not referenced again in the example.

Update: It turns out I do need the trailing slash but I could only see the fix when I used the browser on the actual machine hosting nginx itself. For most of the other time I have been using my browser and a forwarded port from my pi. That was throwing a wrench in the works. Also, I found that my initial nginx config had some settings in it from a class I had taken while learning the basics of nginx.
Between the missing trailing slash, the snippet in the config, my use of a port forwarded browser, and my newness to nginx I ended up chasing my tail.

Thank you @stefan0xC, I believe this issue is sorted now.

FireAmpersand · January 26, 2023, 2:14am

So some times i would get 404 on the Firefox debug. But strangely everything is working fine now. Nothing was changed in the last 12 hours or so but now its fine… The wonders of being in tech lol.

dennis · January 30, 2023, 7:10am

Some additional data for others that get a 404. See Using an alternate base dir · dani-garcia/vaultwarden Wiki · GitHub

And note step #3. The DOMAIN variable I was not sure about above is an environment variable that must be set. I did get vw to load without it but then ran into 404 issues when navigating to the admin page.

So my docker-compose has the DOMAIN variable set, and nginx.conf has a trailing slash after the sub path in its location and the proxy_pass does not have the trailing slash. Just as is stated in the “Nginx with sub-path (by BlackDex)” example.

Topic		Replies	Views
Using Nginx as reverse proxy Third Party Help	10	4874	May 19, 2021
Using Nginx to reverse proxy but Admin Panel no styling Help	2	521	July 12, 2022
Vaultwarden and Nginx Proxy Manager Help	34	39827	May 18, 2024
Vaultwarden not working Help	1	732	August 15, 2021
Can't access VaultWarden from Nginx Proxy Manager on the same host	7	1813	May 18, 2024

Nginx reverse proxy not loading resources

Related topics