Vaultwarden no longer works, gives 502 Bad Gateway

I have Vaultwarden installed on a shared hosting account with Dreamhost following these instructions: GitHub - jjlin/vaultwarden-shared-hosting: Sample config for running Vaultwarden (formerly bitwarden_rs) on a shared hosting service. It has been running for almost a year without problems. I have a hourly cron job running that updates the installation and fixes the “502 Bad Gateway” that very rarely raises its ugly head. But since this morning, it keeps on giving this error. The output of the job does not show any errors, so it should work but it doesn’t.

[aumsville]$ pkill vaultwarden
[aumsville]$ rm -rf vaultwarden web-vault
[aumsville]$ ./docker-image-extract vaultwarden/server:alpine
Getting API token...
Getting image manifest for vaultwarden/server:alpine...
Fetching and extracting layer df9b9388f04ad6279a7410b85cedfdcb2208c0a003da7ab5613af71079148139...
Fetching and extracting layer e4988b8ce82614e4487f0722e65d1a4d2b0e4953b768b7db883941c5ef43edbf...
Fetching and extracting layer 71e9d7bc4b1bf828969d1bb1b8dcc5daa1c36df8119c692460b5207bcc2c7502...
Fetching and extracting layer 780a6d390db6862fdfd0915504565c4b75f450e68be5ed5ee946b28f59043f41...
Fetching and extracting layer 3cb34073528373d5216bf59f1edc3a8f8b791148cb3f6b84724cc061433602dd...
Fetching and extracting layer 80518a92a05733cd8d348cdb249cf4bc2b98cfe0ee84c30eafc37f8a7216de4d...
Image contents extracted into ./output.
[aumsville]$ mv output/vaultwarden output/web-vault .
[aumsville]$ rm -rf output
[aumsville]$ ./start.sh
Started vaultwarden.

Is anyone else experiencing this? What am I doing wrong?

Not sure, but i think it never starts vaultwarden it self actually.
Can you verify that the vaultwarden binary is located in the same folder as the start.sh and the same goes for the web-vault directory?

And also, what happens if you run ./vaultwarden instead of ./start.sh

If I run ./vaultwarden I see this:

[aumsville]$ ./vaultwarden
/--------------------------------------------------------------------\
|                        Starting Vaultwarden                        |
|                           Version 1.25.0                           |
|--------------------------------------------------------------------|
| This is an *unofficial* Bitwarden implementation, DO NOT use the   |
| official channels to report bugs/features, regardless of client.   |
| Send usage/configuration questions or feature requests to:         |
|   https://vaultwarden.discourse.group/                             |
| Report suspected bugs/issues in the software itself at:            |
|   https://github.com/dani-garcia/vaultwarden/issues/new            |
\--------------------------------------------------------------------/

[INFO] No .env file found.

[DEPRECATED]: `SMTP_SSL` or `SMTP_EXPLICIT_TLS` is set. Please use `SMTP_SECURITY` instead.
[2022-05-24 09:31:38.186][start][INFO] Rocket has launched from http://127.0.0.1:8000

But the page still shows " 502 Bad Gateway"

The container is started using 127.0.0.1 as its address. This is probably the issue and causes the reverse proxy to not being able to connect to the container.

Please remove any ROCKET_ADDRESS you configured manually or maybe ROCKET_ENV. or set the address to 0.0.0.0. that should probably fix your issues.

I think you are right. This is in the vaultwarden.log from the last time it worked:

[2022-05-23 08:00:16.994][start][INFO] Rocket has launched from http://localhost:28973
[2022-05-23 08:28:22.751][request][INFO] POST /identity/connect/token
[2022-05-23 08:28:22.756][response][INFO] POST /identity/connect/token (login) => 200 OK

Now I see this:

[2022-05-23 10:00:14.165][start][INFO] Rocket has launched from http://localhost:28973
[2022-05-23 10:29:02.262][request][INFO] POST /identity/connect/token
[2022-05-23 10:29:02.604][response][INFO] POST /identity/connect/token (login) => 200 OK
Error: Rocket configuration extraction from provider failed.
   >> invalid IP address syntax
   >> for key ADDRESS
   >> in `ROCKET_` environment variable(s)
thread 'main' panicked at 'aborting due to configuration error(s)', /root/.cargo/registry/src/github.com-1ecc6299db9ec823/rocket-0.5.0-rc.2/src/config/config.rs:293:13
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

I am not sure how to fix this, or even if I can. I am fairly new at this, but it seems to me something changed in the docker image that broke my poarticular setup.

As I said, I am new at this. :wink: I found “ROCKET_ADDRESS=localhost” in env.sh and changed it to “ROCKET_ADDRESS=0.0.0.0” and now it works again.

Thank you for your help and suggestions, would not have been able to fix it without it!

1 Like

The new Rocket apparently no longer accepts localhost for ROCKET_ADDRESS. This should be changed to 127.0.0.1 instead, not 0.0.0.0.

That is a good consideration. I did not even know about it before. Thanks!