Please excuse my ignorance if this is something I have fundamentally understood, I am new to reverse proxies and docker.
I have installed bitwarden and tested it locally and I am very impressed.
I decided to run it so it is accessible outside my local network, I have a single IP at home and so use HaProxy on pfSense as a reverse proxy.
My issue is that I get a 301 on my backends, and a 'to many redirects' in the browser.
I have a https certificate from letsencrypt, which https://cryptoreport.websecurity.symantec.com/checker/ says is installed fine.
My config for HA Proxy is as follows:
frontend httpsshared-merged
bind redactedip:443 name redactedip:443 ssl crt /var/etc/haproxy/pm.pem crt /var/etc/haproxy/httpsshared.pem
mode http
log global
option http-keep-alive
option forwardfor
acl https ssl_fc
http-request set-header X-Forwarded-Proto http if !https
http-request set-header X-Forwarded-Proto https if https
timeout client 30000
acl pm hdr(host) -i pm.redacteddomain.com
use_backend pm.redacteddomain.com_http_ipvANY if pm
backend pm.redacteddomain.com_http_ipvANY
mode http
log global
timeout connect 30000
timeout server 30000
retries 3
option httpchk OPTIONS /
server pm 10.0.0.72:80 check inter 1000
Has anyone any idea of what I am doing wrong?
Sorry, but I don't have any experience with HaProxy. Somewhere you are likely creating an endless loop of redirects.
I got rid of the redirect but still no dice at the moment.
I think I am getting a bit closer, it would appear the bitwarden forwards the user to https://mydomain.com/#/, I believe this is what is causing the issue
@davegrix That is only done client side. It shouldn't have any effect on the server request/response.
@kspearrin Then I am utterly at a loss!
It must be me doing something wrong, hopefully someone will come along and see this that has it working in nginx or something.
frontend sharedhttps-merged
bind redactedip:443 name redactedip:443 ssl crt /var/etc/haproxy/sharedhttps.pem
mode http
log global
option http-keep-alive
timeout client 30000
acl pm hdr(host) -i pm.redacteddomain.com
acl aclcrt_sharedhttps hdr_reg(host) -i ^pm\.redacteddomain\.com(:([0-9]){1,5})?$
use_backend pm.redacteddomain.com_http_ipvANY if pm
backend pm.redacteddomain.com_http_ipvANY
mode http
log global
option log-health-checks
timeout connect 30000
timeout server 30000
retries 3
option httpchk OPTIONS /
server pm 10.0.0.72:80 check inter 1000
L7OK/301 in 1ms
The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
Sorry, I do not know.
After many many many hours of head scratching I finally worked it out!
The 301 redirects where being caused by the line in bitwarden/nginx/default.conf
return 301 https://$server_name$request_uri;
This led me thinking that I actually want to run on port 443 on my backend, as obviously everytime I hit my domain on https, it was calling http on the backend which was calling the https again, and so we go around in a loop!
Changing my backend config to this does the trick for anyone else that has this issue.
backend pm.mydomain.com_http_ipvANY
mode http
log global
timeout connect 30000
timeout server 30000
retries 3
option httpchk HEAD /
server pm 10.0.0.72:443 ssl check inter 1000 verify none crt /var/etc/haproxy/server_clientcert_59d3ca756a8bf.pem
Most helpful comment
After many many many hours of head scratching I finally worked it out!
The 301 redirects where being caused by the line in bitwarden/nginx/default.conf
return 301 https://$server_name$request_uri;This led me thinking that I actually want to run on port 443 on my backend, as obviously everytime I hit my domain on https, it was calling http on the backend which was calling the https again, and so we go around in a loop!
Changing my backend config to this does the trick for anyone else that has this issue.