I have been having trouble getting vaultwarden to work on docker swarm for a couple days now. It appeared to work at first but now i just get 404 error.
I’ve tried this config among many others
version: '3.8'
services:
vaultwarden:
image: vaultwarden/server:latest
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: on-failure
networks:
- swarm_proxy1
environment:
- LOG_LEVEL=debug
volumes:
- ./home/good/vaultwarden/bwdata-bak2:/data
labels:
- "traefik.enable=true"
- "traefik.http.routers.vaultwarden.rule=Host(`vaultwarden.local.mydomain.com`)"
- "traefik.http.routers.vaultwarden.entrypoints=https"
- "traefik.http.routers.vaultwarden.tls=true"
- "traefik.http.services.vaultwarden.loadbalancer.server.port=80"
- "traefik.http.routers.vaultwarden-secure.tls.certresolver=cloudflare"
- "homepage.group=Security"
- "homepage.name=Vaultwarden"
- "homepage.icon=vaultwarden.png"
- "homepage.href=https://vaultwarden.local.mydomain.com"
- "homepage.description=Password management"
- "traefik.docker.network=swarm_proxy1"
networks:
swarm_proxy1:
external: true
version: '3.8'
services:
vaultwarden:
container_name: vaultwarden
image: vaultwarden/server:latest
networks:
- swarm_proxy1
environment:
- LOG_LEVEL=debug
volumes:
- /home/good/vaultwarden/bwdata-bak2:/data
ports:
- "80:89"
labels:
- "traefik.enable=true"
- "traefik.http.routers.vaultwarden.entrypoints=http"
- "traefik.http.routers.vaultwarden.rule=Host(`vaultwarden.local.mydomain.com`)"
- "traefik.http.middlewares.vaultwarden-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.vaultwarden.middlewares=vaultwarden-https-redirect"
- "traefik.http.routers.vaultwarden-secure.entrypoints=https"
- "traefik.http.routers.vaultwarden-secure.rule=Host(`vaultwarden.local.mydomain.com`)"
- "traefik.http.routers.vaultwarden-secure.tls=true"
- "traefik.http.routers.vaultwarden-secure.service=vaultwarden"
- "traefik.http.services.vaultwarden.loadbalancer.server.port=89"
- "traefik.http.routers.vaultwarden-secure.tls.certresolver=cloudflare"
- "traefik.docker.network=swarm_proxy1"
- "homepage.group=Security"
- "homepage.name=Vaultwarden"
- "homepage.icon=vaultwarden.png"
- "homepage.href=https://vaultwarden.local.mydomain.com"
- "homepage.description=Password management"
networks:
swarm_proxy1:
external: true
The only output i get is:
/--------------------------------------------------------------------\
| Starting Vaultwarden |
| Version 1.30.5 |
|--------------------------------------------------------------------|
| This is an *unofficial* Bitwarden implementation, DO NOT use the |
| official channels to report bugs/features, regardless of client. |
| Send usage/configuration questions or feature requests to: |
| https://github.com/dani-garcia/vaultwarden/discussions or |
| https://vaultwarden.discourse.group/ |
| Report suspected bugs/issues in the software itself at: |
| https://github.com/dani-garcia/vaultwarden/issues/new |
\--------------------------------------------------------------------/
[2024-03-13 14:13:59.786][start][INFO] Rocket has launched from http://0.0.0.0:80
i let it sit over night and it hangs at the “Rocket has launched…”. My config has the proper domain name in it, for this post i replaced it with “mydomain.com”. I am using the command line, but i do have portainer installed. I set it up with
docker stack deploy -c vaultwarden.yml vaultwarden
I have also tried adding it as a stack in portainer, which is what worked in the past and does not seem to now. When I check my networks, i do not see that vaultwarden is adding itself to any network, whether it is the swarm_proxy1, or if i leave it blank and it tries to create its own network, the network gets created but vaultwarden is not added to it. I also have other services running on the swarm just fine (as far as i can tell) that automatically added themselves to the “ingress” network and the “swarm_proxy1” network, but vaultwarden does not appear on those network lists. I am certain i am doing something wrong considering I dont have a vast amount of experience in this, but these configs worked in the past so I am very confused. Any advise would be greatly appreciated.
docker service inspect vaultwarden_vaultwarden [ set to expire from pastebin in 2 months]:
[ { "ID": "mvjfbr8vgxmd3kkatb830jcfw", "Version": { - Pastebin.com
Update a few minutes later:
I tried the compose below and now it shows up in the “ingress” network when looking at the vaultwarden page in portainer, but i still get a 404 when trying to access the page. I also check the networking pages and the vaultwarden container does not show up in the network page.
version: "3.3"
services:
vaultwarden:
image: vaultwarden/server:latest
restart: always
deploy:
replicas: 1
ports:
- 8000:80
volumes:
- vaultwarden-data:/data
- /home/good/vaultwarden/vaultwarden.log:/home/good/vaultwarden/vaultwarden.log
environment:
- ROCKET_ENV=production
- ROCKET_PORT=80
- DOMAIN=https://vaultwarden.local.mydomain.com
- WEBSOCKET_ENABLED=true
- SIGNUPS_ALLOWED=true
# - ADMIN_TOKEN=your_admin_token
- LOG_FILE=/home/good/vaultwarden/vaultwarden.log
labels:
- "traefik.enable=true"
- "traefik.http.routers.vaultwarden.entrypoints=http"
- "traefik.http.routers.vaultwarden.rule=Host(`vaultwarden.local.mydomain.com`)"
- "traefik.http.middlewares.vaultwarden-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.vaultwarden.middlewares=vaultwarden-https-redirect"
- "traefik.http.routers.vaultwarden-secure.entrypoints=https"
- "traefik.http.routers.vaultwarden-secure.rule=Host(`vaultwarden.local.mydomain.com`)"
- "traefik.http.routers.vaultwarden-secure.tls=true"
- "traefik.http.routers.vaultwarden-secure.service=vaultwarden"
- "traefik.http.services.vaultwarden.loadbalancer.server.port=80"
- "traefik.http.routers.vaultwarden-secure.tls.certresolver=cloudflare"
- "traefik.docker.network=swarm_proxy1"
- "homepage.group=Security"
- "homepage.name=Vaultwarden"
- "homepage.icon=vaultwarden.png"
- "homepage.href=https://vaultwarden.local.mydomain.com"
- "homepage.description=Password management"
volumes:
vaultwarden-data:
external: true
networks:
swarm_proxy1:
external: true
screenshots:
logs from the rocket logs:
/--------------------------------------------------------------------\
| Starting Vaultwarden |
| Version 1.30.5 |
|--------------------------------------------------------------------|
| This is an *unofficial* Bitwarden implementation, DO NOT use the |
| official channels to report bugs/features, regardless of client. |
| Send usage/configuration questions or feature requests to: |
| https://github.com/dani-garcia/vaultwarden/discussions or |
| https://vaultwarden.discourse.group/ |
| Report suspected bugs/issues in the software itself at: |
| https://github.com/dani-garcia/vaultwarden/issues/new |
\--------------------------------------------------------------------/
[2024-03-13 16:25:14.304][vaultwarden::api::notifications][INFO] Starting WebSockets server on 0.0.0.0:3012
[2024-03-13 16:25:14.306][start][INFO] Rocket has launched from http://0.0.0.0:80
I’m able to get to the vaultwarden login screen with 192.168.1.95:8000. I feel like traefik is causing a conflict somehow, traefik is using 80:80 and 443:443 so i set vaultwarden to 8000:80. When i try to log in it wants HTTPS. I’m so confused and clearly missing something to make the traefik work with bitwarden. 