Traefik 1.7 doesn't proxy right

I’m trying to get my bitwarden_rs container accessible from outside. On my computer there is traefik installed as a proxy and that runs the way I like. My other docker-containers are accessible from outsite, on the containers that I included for Traefik. The problem is that for the bitwarden_rs container, I’m not able to get the connection working. In my local network the bitwarden container is accessible through port 808 (manual defined), but outside there is nothing to find. I’ve tested a lot of configuration options in my docker-compose file, also compared to for example my home assistant container which is internally accessible at port 8123.

My current docker-compose file looks as follow:

version: "3.3"
services:
  bitwarden:
    image: bitwardenrs/server
    env_file: /home/rogier/docker/bitwarden/bitwarden.env
    restart: unless-stopped
    ports:
      - 808:808
      - 3012:3012
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /home/rogier/docker/bitwarden:/data/:rw
    environment:
      WEBSOCKET_ENABLED: 'true' # Required to use websockets
      SIGNUPS_ALLOWED: 'true'   # set to false to disable signups
      SMTP_HOST: 'smtp.host.tld'
      SMTP_FROM: 'geheim@host.tld'
      SMTP_PORT: '25'
      SMTP_SSL: 'true'
      DOMAIN: 'https://bitwarden.host.tld'
      LOG_FILE: '/data/log'
      EXTENDED_LOGGING: 'true'
      ROCKET_PORT: '808'
      WEBSOCKET_PORT: '3012'
    labels:
      - "traefik.enable=true"
      - "traefik.web.frontend.rule=Host:bitwarden.host.tld"
      - "traefik.web.port=808"
      - "traefik.port=808"
      - "traefik.hub.frontend.rule=Host:bitwarden.host.tld;Path:/notifications/hub"
      - "traefik.hub.port=3012"
      - "traefik.hub.protocol=ws"
      - "traefik.frontend.headers.SSLRedirect=true"
      - "traefik.frontend.headers.STSSeconds=315360000"
      - "traefik.frontend.headers.browserXSSFilter=true"
      - "traefik.frontend.headers.contentTypeNosniff=true"
      - "traefik.frontend.headers.forceSTSHeader=true"
      - "traefik.frontend.headers.SSLHost=bitwarden.host.tld"
      - "traefik.frontend.headers.SSLForceHost=true"
      - "traefik.frontend.headers.STSIncludeSubdomains=true"
      - "traefik.frontend.headers.STSPreload=true"
      - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex"
      - "traefik.frontend.headers.frameDeny=true"
    networks:
      - traefik_proxy      
      
networks:
  traefik_proxy:
    external:
      name: traefik_proxy

When looking in the traefik logging, it is clear that the container is marked up, because of the ACME (let’s encrypt) error. All other container do receive a ACME certificate.

The ACME certificate is called by a http-challenge.
Also when trying myself on the https of http port from outside I get a time-out. The dns settings are correct, when I check these, I receive the right IP back.

Is there anyone who can help me? Google didn’t.

Maybe you try to let bitwardenrs use it’s internal standard port 80? You may instruct docker-compose to expose it on port 808 nonetheless. I did not find in the documentation that you may redefine the port inside of the container (but did not look thoroughly).

Thanks for your reply, I thought I tried that allready, but not to oversee an option, I tried again, by edititing the env. variable ROCKET_PORT to 80 and the docker-compose port to 808:80

Unfortunately this didn’t work out. For me it is not an option to expose the container at port 80, because the Traefik container uses that port and can’t be changed due to compatilbility and access rules.