Using Nginx as reverse proxy

Hey all, I am using Nginx on my VPS to serve my websites. I installed vaultwarden docker image and all is good. My problem is, I am trying to use Nginx (which is not in a Docker) to serve (as reverse proxy) my vaultwarden. I used the guide at the Wiki but I couldn’t make it work. Before wasting more time, is it actually possible to do that? Or is that guide aimed for that? I am using Nginx (by shauder) guide.

It’s all flawless if vaultwarden is with Caddy as Docker images. But I am trying to take more challenging path here I guess.


Im using that exact same configuration from the wiki.
What exactly isn’t working? What do the nginx logs and vaultwarden logs report?

This is my modified Nginx config (based on the one in wiki) : server { listen 443 ssl http2; server_name; # Specify -

If I try this firefox says page is not being redirected properly. domain is behind Cloudflare btw, not sure if it makes any difference. Nginx is not inside docker container, only vaultwarden is using docker.

I don’t really know what fields to change, so I played with different options, like typing to proxypass section and then it shows welcome to nginx page.

I tried http://localhost for the variables, then I get 404 Not found error page. And this is what nginx access.log shows

- - [18/May/2021:16:05:22 -0400] “GET / HTTP/1.1” 404 118 “-” “Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0” “visitor ip” “vw.domain. com” sn=“vw.domain. com” rt=0.001 ua=“” us=“404” ut=“0.000” ul=“146” cs=-

Thanks for the help by the way

Are nginx and vaultwarden on the same host? I think there is something wrong in the nginx config.

In my configuration I use the port 8083 for webvault and 3012 for websocket .

So I set in my nginx settings the lines with “proxy_pass” to “proxy_pass” and for the location /notifications/hub to “proxy_pass”.

My domain name is only set as the server_name for SNI and in the certificate path. But not as the proxy target. When its needed I can upload my nginx config to pastebin aswell.

Yes but nginx is not in docker, I installed nginx to server via apt-get (as I host personal website also).

So Nginx should serve vaultwarden in docker container (ideally).

I tried, localhost, serverip and domain name for replacement and best I get is incorrect redirect and worst case is welcome to nginx or 404 page of nginx.

My nginx is also not in the docker container. But that doesnt matter. You have to map the ports from the docker container to the host itself. Can you maybe post your vaultwarden docker parameters?

It’s the defaults, I haven’t changed anything. I didn’t do any port mapping either I am using docker composer. Edit: I tried port mapping as 80:8083 but docker said the port is already binded (because nginx is using it naturally) so not sure how can I bind vaultwarden to a different port.

version: '3'

        image: vaultwarden/server:latest
        container_name: vaultwarden
        restart: always
          - WEBSOCKET_ENABLED=true  # Enable WebSocket notifications.
          - ./vw-data:/data

Ok, I dont use docker-compose. Sorry. Dont know if you have to map the ports there. Maybe you can post the output of “docker ps”?

Edit as I can only post 3 posts as a new user…

Oh I saw you’re edit now. The port mapping was in the wrong direction.

It must be: host-port:80

This means port 80 is used inside the container. For the host-port choose a free port on your host i.e. 8081 etc. and edit your proxy_pass in the nginx config.

You have to also map the 3012:3012 for websocket. But like I said before, I dont use docker compose.

Edit 2: My output of docker ps:>3012/tcp, :::3012->3012/tcp, 80/tcp,>8083/tcp, :::8083->8083/tcp

1 Like

ports: 80/tcp 3012/tcp

Thank you very much KingCartman, I actually asked a devops friend of mine and he did port mapping (just at same time you wrote the comment). Apparently I don’t know how to do port mapping in Docker properly.

Thank you very much again!

You’re welcome. I am glad that I could help you!

1 Like