Vaultwarden and Nginx Proxy Manager

Help
1

Hi!
I set up the Nginx Proxy Manager with Docker and use it as reverse proxy. It already works with other docker images (i.e. Firefly III docker image).

Now I try to get Vaultwarden to work with the Nginx Proxy Manager.

The non-SSL connection already works and I can access Vaultwarden with http://vaultwarden.mywebsite.com

2

I also set up a Letsencrypt certificate for vaultwarden.mywebsite.com. However as soon as I try to access Vaultwarden with https://vaultwarden.mywebsite.com I get a 504 error (504 Gateway Timeout: remote server did not respond to the proxy).

3

I have following docker setup:

image
image1382Ă—737 36.8 KB

The port 8060 is mapped to 80 and the port 3012 to 3012. I can access both ports with SERVER_IP:8060 or SERVER_IP:3012. The server ip is 192.168.178.75 (thus http://192.168.178.75:8060 and http://192.168.178.75:3012).

4

Now I’ve read multiple tutorials how to set up the Nginx Proxy Manager but all tutorials do not work for me (i.e. Bitwarden (Vaultwarden) Passwort Manager installieren - ubiquiti - Deutsches Fan Forum or NGINX: Proxy examples · dani-garcia/vaultwarden Wiki · GitHub ).

5

My current Nginx Proxy Manager configuration is:

image
image502Ă—544 14.7 KB

6

image
image502Ă—673 14.6 KB

7

image
image491Ă—507 11.1 KB

8

image
image499Ă—598 11.5 KB

9

image

10

image
image497Ă—579 14.8 KB

11

The tutorial Bitwarden (Vaultwarden) Passwort Manager installieren - ubiquiti - Deutsches Fan Forum and https://www.reddit.com/r/Bitwarden/comments/k4wn1y/502_bad_gateway_nginx_proxy_manager/gnseu4g/?utm_source=reddit&utm_medium=web2x&context=3 suggest, that I need to add the configuration to the “Custom Nginx Configuration” settings field (see last screenshot), however because of the hint below the field I think the configuration is wrong. I’ve already tried to follow the instructions and it didn’t work.

Can someone provide useful hints? Thank you!

12

This my config:

location /admin {
  return 404;
  }

  location / {
    proxy_pass http://192.168.3.35:8060;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
  
  location /notifications/hub {
    proxy_pass http://192.168.3.35:3012;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }
  
  location /notifications/hub/negotiate {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass http://192.168.3.35:8060;
  }
13

Thank you! Where did you add these rules? To the custom NGINX config field (screenshot: Vaultwarden and Nginx Proxy Manager - #10 by hannesfrater )?

1 Like
14

Yes, correct. I add this stuff in the custim NGINX config field. Just add you ip and ports and it should work.

15

vaultwarden1
vaultwarden1496Ă—544 14.8 KB

vaultwarden2
vaultwarden3
vaultwarden3498Ă—605 18.1 KB

16

I have the same configuration, I just start the vaultwarden docker, my ports are 8888:80 and 3012:3012.
No I am trying to do the configuration that you just posted but it didn’t work for me. (I’m kinda of sure I just did it wrong but still)

17

You just need to put your ports and ip in and it should work. post your code and we can check if anything is wrong.

18

Ok, lol I have it, I was following the tutorial on pimylifeup.com and when they publish port, they put 127.0.0.1:8888:80 and 127.0.0.1:3012 so I just had to remove the IP address and now it is working.
Just a question now, I can access my bitwarden anywhere, I have my own domain name that is proxied by cloudflare, do I have any extra steps that I need to do to improve security ?

19

You could deny new Users and use 2FA.

1 Like
20

I did it, I’m glad there’s not extra steps to do