Vaultwarden not working with HAProxy after Updates

shivamg42 · April 29, 2024, 8:57pm

Hello,

I recently updated my PFsense with HAProxy and my Vaultwarden Docker container. After updating both, I am getting a 503 Service Unavailable message. Prior to the update everything was working as intended. I was able to reach the server via the local IP(but not login due to no HTTPS) and from the domain. I believe I was running v.1.27 of Vaultwarden on docker. For HAProxy on my pfsense I upgraded to 2.9.1.

I tried reissuing the certificate and restarting all the services that are attached. Is there anything that changed in the recent versions on Vaultwarden that would break the previous configuration? I am attaching my HAProxy configuration below to see if anything looks off for the latest version of HAProxy

global
	maxconn			100
	log			127.0.0.1:5140	syslog	debug
	stats socket /tmp/haproxy.socket level admin  expose-fd listeners
	uid			80
	gid			80
	nbthread			1
	hard-stop-after		15m
	chroot				/tmp/haproxy_chroot
	daemon
	tune.ssl.default-dh-param	2048
	server-state-file /tmp/haproxy_server_state

listen HAProxyLocalStats
	bind 127.0.0.1:2200 name localstats
	mode http
	stats enable
	stats admin if TRUE
	stats show-legends
	stats uri /haproxy/haproxy_stats.php?haproxystats=1
	timeout client 5000
	timeout connect 5000
	timeout server 5000

frontend Synology
	bind			WAN:443 name WAN:443   ssl crt-list /var/etc/haproxy/Synology.crt_list  
	mode			http
	log			global
	option			http-keep-alive
	option			forwardfor
	acl https ssl_fc
	http-request set-header		X-Forwarded-Proto http if !https
	http-request set-header		X-Forwarded-Proto https if https
	timeout client		30000
	acl			vaultwarden	var(txn.txnhost) -m str -i custom.domain.dev
	acl			aclcrt_Synology	var(txn.txnhost) -m reg -i ^([^\.]*)\.domain\.dev(:([0-9]){1,5})?$
	http-request set-var(txn.txnhost) hdr(host)
	use_backend Synology_Vaultwarden_ipvANY  if  vaultwarden aclcrt_Synology
	use_backend Synology_Vaultwarden_ipvANY  if   aclcrt_Synology

backend Synology_Vaultwarden_ipvANY
	mode			http
	id			100
	log			global
	option			log-health-checks
	timeout connect		30000
	timeout server		30000
	retries			3
	load-server-state-from-file	global
server			Synology Docker_IP:5151 id 101 ssl  verify none

BlackDex · May 5, 2024, 8:00am

I would suggest to read the proxy examples Proxy examples · dani-garcia/vaultwarden Wiki · GitHub and compare

shivamg42 · May 8, 2024, 8:42pm

I have looked at it and tried to copy it and have not had any luck. The weird thing is that everything was working fine between my HAProxy and Vaultwarden before updating both. I am not sure if the issue is coming from the HAProxy side or the Vaultwarden side. Would you have any insight on where I should look to troubleshoot?

shivamg42 · May 10, 2024, 8:50pm

I fixed this issue. When I was running 23.09, I had my backed “Encrypt(SSL)” option checked and everything was working as expected. When I upgraded to 24.03, I had to UNCHECK “Encrypt(SSL)” and my services stopped showing the error.

dirtmerchant · November 28, 2024, 7:13am

I created an account here to simply say “Thank you”. I’m so happy I found your resolution, even after ripping some hair out …

Topic		Replies	Views
Vaultwarden-web no longer working after update to 2022.9.2 Help	1	747	May 2, 2024
HAProxy Configuration Assistance Third Party Help	10	3873	February 11, 2023
OPNSense with HAProxy and Websocket support - Need help :( Third Party Help	0	1247	November 13, 2022
[ERROR] No matching routes for OPTIONS / Help	0	236	February 20, 2023
Vaultwarden not reachable after update to latest version	1	380	March 5, 2024

Vaultwarden not working with HAProxy after Updates

Related topics