Server: Nginx Reverse Proxy Config

Created on 13 Jul 2018  路  8Comments  路  Source: bitwarden/server

Hello,
I am looking to setup a reverse proxy to my Bitwarden install. I specified port 444 in the installation process but what IP address should I use in my Nginx reverse proxy config? Is there a sample Nginx reverse proxy config for Bitwarden that I could take a look at?

Thanks in advance.

Most helpful comment

Here is an example that works for me:

server {
 listen 443 ssl http2;

 server_name bitwarden.domain.name;
 server_tokens off;

 access_log /var/log/nginx/bitwarden.domain.name.access.log;
 error_log /var/log/nginx/bitwarden.domain.name.error.log error;

 ssl on;

 ssl_certificate /etc/letsencrypt/live/bitwarden.domain.name/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/bitwarden.domain.name/privkey.pem;

 location /{
  proxy_pass https://your_local_host:444;
  proxy_redirect off;
  proxy_set_header Host $http_host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header X-Forwarded-Protocol $scheme;
  proxy_set_header X-Url-Scheme $scheme;
 }
}

All 8 comments

It should be available at localhost or whatever IP your docker installation is bound to.

Should this be enough? I keep getting a 502 error from nginx.

  location / {
    try_files $uri $uri/ =404;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass https://localhost;
  }

Well, you would need to specify the port, right?

Oh, well yeah. I've tried with and without.

I'm getting:

*1 connect() failed (111: Connection refused) while connecting to upstream, client: SERVERIP, server: SERVERDOMAIN, request: "GET / HTTP/2.0", upstream: "https://[::1]:444/"

Here is an example that works for me:

server {
 listen 443 ssl http2;

 server_name bitwarden.domain.name;
 server_tokens off;

 access_log /var/log/nginx/bitwarden.domain.name.access.log;
 error_log /var/log/nginx/bitwarden.domain.name.error.log error;

 ssl on;

 ssl_certificate /etc/letsencrypt/live/bitwarden.domain.name/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/bitwarden.domain.name/privkey.pem;

 location /{
  proxy_pass https://your_local_host:444;
  proxy_redirect off;
  proxy_set_header Host $http_host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header X-Forwarded-Protocol $scheme;
  proxy_set_header X-Url-Scheme $scheme;
 }
}

You might be having trouble with an ipv4/ipv6 bind.

just verify if the service is running
netstat -lntp || ss -lntp
and if it is, try to exchange the localhost with an 127.0.0.1 -- or, if its bound to another IP address (should be shown in the stdout of the previous command), use that one.

Thanks everyone for your help. Turns out I skipped the line about copying SSL certs to the right place. Found the errors in the log and fixed it. All good now!

Was this page helpful?
0 / 5 - 0 ratings