starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-02-05 00:29:40 +03:00
Code Issues 32 Packages Projects Releases 10 Wiki Activity

Move bitwarden_rs to docker swarm vaultwarden with traefik: gateway timeout #1094

New Issue
Closed
opened 2026-02-04 23:53:49 +03:00 by OVERLORD · 0 comments
OVERLORD commented 2026-02-04 23:53:49 +03:00
Owner
Copy Link

Originally created by @maddin79 on GitHub (Aug 12, 2021).

Subject of the issue

Hi, first things first ... many thanks for you work on this. Great job :)

My problem is, that i want to migrate to Vaultwarden and at the same time deploy the docker container on docker swarm. I copied all the database and data to the new environment. Vaultwarden and MariaDB are starting correctly but I always get an gateway timeout if I want to connect to Vaultwarden. The whole thing is behind a Traefik instance and is listening on port 23443. No errors in Traefik so far.

Deployment environment

  • vaultwarden version: 1.22.2

  • Install method: Docker image on docker swarm

  • Clients used:

  • Reverse proxy and version: Traefik 2.4.8

  • MySQL/MariaDB or PostgreSQL version: MariaDB 10.6.4

  • Other relevant details:
    Old bitwarden_rs versions:

Bitwarden_RS: Version 1.15.1-a87646b8
MariaDB: 10.4.12

Steps to reproduce

See config and docker stack file.

Expected behaviour

Reach the web app

Actual behaviour

Gateway Timeout

Troubleshooting data

Stack file:

version: '3.8'

services:

  mariadb:
    image: mariadb
    networks:
      vault-net:
    environment:
      MARIADB_ROOT_PASSWORD: /run/secrets/vault-db-root-pw
      MARIADB_DATABASE: bitwarden
      MARIADB_USER: bitwarden
      MARIADB_PASSWORD_FILE: /run/secrets/vault-db-pw
    volumes: 
      - type: bind
        source: /gluster/volume1/mnt/vaultwarden/mysql
        target: /var/lib/mysql
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 5
      placement:
        constraints: [node.role == worker]
    secrets:
      - source: vault-db-pw 
        target: vault-db-pw 
        mode: 0440 
      - source: vault-db-root-pw
        target: vault-db-root-pw
        mode: 0440
        
  vaultwarden:
    image: vaultwarden/server
    networks:
      traefik_public:
      vault-net:
    environment:
      - WEBSOCKET_ENABLED=true # Required to use websockets
      - SIGNUPS_ALLOWED=false   # set to false to disable signups
      - INVITATIONS_ALLOWED=true
      - DATABASE_URL=mysql://bitwarden:<pw>@mariadb/bitwarden
      - ADMIN_TOKEN=<token>

    volumes:
      - type: bind
        source: /gluster/volume1/mnt/vaultwarden/data
        target: /data
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 5
      placement:
        constraints: [node.role == worker]
      labels:
        - traefik.enable=true
        - traefik.docker.network=traefik_public
        - traefik.constraint-label=traefik-public
        - traefik.http.routers.vaultwarden.rule=Host(`vault.swissrdl.unibe.ch`)
        - traefik.http.routers.vaultwarden.tls=true
        - traefik.http.routers.vaultwarden.entrypoints=httpsinternal
        - traefik.http.services.vaultwarden.loadbalancer.server.port=80
        - traefik.http.routers.vaultwarden.service=vaultwarden
        - traefik.http.routers.vaultwarden.tls.certresolver=swissrdlca
        
        - traefik.http.routers.vaultwarden-websocket.rule=Host(`vault.swissrdl.unibe.ch`) && Path(`/notifications/hub`)
        - traefik.http.routers.vaultwarden-websocket.entrypoints=httpsinternal
        - traefik.http.routers.vaultwarden-websocket.tls=true
        - traefik.http.routers.vaultwarden-websocket.service=vaultwarden-websocket
        - traefik.http.services.vaultwarden-websocket.loadbalancer.server.port=3012
        - traefik.http.routers.vaultwarden-websocket.tls.certresolver=swissrdlca
          
networks:
  traefik_public:
  vault-net:
    driver: overlay

secrets:
  vault-db-pw:
    external: true
  vault-db-root-pw:
    external: true

Vaultwarden config.json

{
  "domain": "https://vault.swissrdl.unibe.ch:23443",
  "disable_icon_download": true,
  "signups_allowed": false,
  "signups_verify": false,
  "signups_verify_resend_time": 3600,
  "signups_verify_resend_limit": 6,
  "invitations_allowed": true,
  "password_iterations": 100000,
  "show_password_hint": false,
  "admin_token": "<token>",
  "invitation_org_name": "Bitwarden_RS",
  "ip_header": "X-Real-IP",
  "icon_cache_ttl": 2592000,
  "icon_cache_negttl": 259200,
  "icon_download_timeout": 10,
  "icon_blacklist_non_global_ips": true,
  "disable_2fa_remember": false,
  "authenticator_disable_time_drift": false,
  "require_device_email": false,
  "reload_templates": false,
  "disable_admin_token": false,
  "_enable_yubico": true,
  "_enable_duo": false,
  "_enable_smtp": true,
  "smtp_host": "<url>",
  "smtp_ssl": false,
  "smtp_explicit_tls": false,
  "smtp_port": 25,
  "smtp_from": "bitwarden@swissrdl.unibe.ch",
  "smtp_from_name": "Bitwarden_RS",
  "smtp_username": "<user>",
  "smtp_password": "<pw>",
  "smtp_timeout": 15,
  "_enable_email_2fa": false,
  "email_token_size": 6,
  "email_expiration_time": 600,
  "email_attempts_limit": 3
}
Originally created by @maddin79 on GitHub (Aug 12, 2021). <!-- # ### NOTE: Please update to the latest version of vaultwarden before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/vaultwarden/issues/1180 * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue Hi, first things first ... many thanks for you work on this. Great job :) My problem is, that i want to migrate to Vaultwarden and at the same time deploy the docker container on docker swarm. I copied all the database and data to the new environment. Vaultwarden and MariaDB are starting correctly but I always get an gateway timeout if I want to connect to Vaultwarden. The whole thing is behind a Traefik instance and is listening on port 23443. No errors in Traefik so far. ### Deployment environment <!-- ========================================================================================= Preferably, use the `Generate Support String` button on the admin page's Diagnostics tab. That will auto-generate most of the info requested in this section. ========================================================================================= --> <!-- The version number, obtained from the logs (at startup) or the admin diagnostics page --> <!-- This is NOT the version number shown on the web vault, which is versioned separately from vaultwarden --> <!-- Remember to check if your issue exists on the latest version first! --> * vaultwarden version: 1.22.2 <!-- How the server was installed: Docker image, OS package, built from source, etc. --> * Install method: Docker image on docker swarm * Clients used: <!-- web vault, desktop, Android, iOS, etc. (if applicable) --> * Reverse proxy and version: Traefik 2.4.8<!-- if applicable --> * MySQL/MariaDB or PostgreSQL version: MariaDB 10.6.4<!-- if applicable --> * Other relevant details: Old bitwarden_rs versions: Bitwarden_RS: Version 1.15.1-a87646b8 MariaDB: 10.4.12 ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start vaultwarden? --> See config and docker stack file. ### Expected behaviour <!-- Tell us what you expected to happen --> Reach the web app ### Actual behaviour <!-- Tell us what actually happened --> Gateway Timeout ### Troubleshooting data <!-- Share any log files, screenshots, or other relevant troubleshooting data --> Stack file: ``` version: '3.8' services: mariadb: image: mariadb networks: vault-net: environment: MARIADB_ROOT_PASSWORD: /run/secrets/vault-db-root-pw MARIADB_DATABASE: bitwarden MARIADB_USER: bitwarden MARIADB_PASSWORD_FILE: /run/secrets/vault-db-pw volumes: - type: bind source: /gluster/volume1/mnt/vaultwarden/mysql target: /var/lib/mysql deploy: replicas: 1 restart_policy: condition: on-failure delay: 5s max_attempts: 5 placement: constraints: [node.role == worker] secrets: - source: vault-db-pw target: vault-db-pw mode: 0440 - source: vault-db-root-pw target: vault-db-root-pw mode: 0440 vaultwarden: image: vaultwarden/server networks: traefik_public: vault-net: environment: - WEBSOCKET_ENABLED=true # Required to use websockets - SIGNUPS_ALLOWED=false # set to false to disable signups - INVITATIONS_ALLOWED=true - DATABASE_URL=mysql://bitwarden:<pw>@mariadb/bitwarden - ADMIN_TOKEN=<token> volumes: - type: bind source: /gluster/volume1/mnt/vaultwarden/data target: /data deploy: replicas: 1 restart_policy: condition: on-failure delay: 5s max_attempts: 5 placement: constraints: [node.role == worker] labels: - traefik.enable=true - traefik.docker.network=traefik_public - traefik.constraint-label=traefik-public - traefik.http.routers.vaultwarden.rule=Host(`vault.swissrdl.unibe.ch`) - traefik.http.routers.vaultwarden.tls=true - traefik.http.routers.vaultwarden.entrypoints=httpsinternal - traefik.http.services.vaultwarden.loadbalancer.server.port=80 - traefik.http.routers.vaultwarden.service=vaultwarden - traefik.http.routers.vaultwarden.tls.certresolver=swissrdlca - traefik.http.routers.vaultwarden-websocket.rule=Host(`vault.swissrdl.unibe.ch`) && Path(`/notifications/hub`) - traefik.http.routers.vaultwarden-websocket.entrypoints=httpsinternal - traefik.http.routers.vaultwarden-websocket.tls=true - traefik.http.routers.vaultwarden-websocket.service=vaultwarden-websocket - traefik.http.services.vaultwarden-websocket.loadbalancer.server.port=3012 - traefik.http.routers.vaultwarden-websocket.tls.certresolver=swissrdlca networks: traefik_public: vault-net: driver: overlay secrets: vault-db-pw: external: true vault-db-root-pw: external: true ``` Vaultwarden config.json ``` { "domain": "https://vault.swissrdl.unibe.ch:23443", "disable_icon_download": true, "signups_allowed": false, "signups_verify": false, "signups_verify_resend_time": 3600, "signups_verify_resend_limit": 6, "invitations_allowed": true, "password_iterations": 100000, "show_password_hint": false, "admin_token": "<token>", "invitation_org_name": "Bitwarden_RS", "ip_header": "X-Real-IP", "icon_cache_ttl": 2592000, "icon_cache_negttl": 259200, "icon_download_timeout": 10, "icon_blacklist_non_global_ips": true, "disable_2fa_remember": false, "authenticator_disable_time_drift": false, "require_device_email": false, "reload_templates": false, "disable_admin_token": false, "_enable_yubico": true, "_enable_duo": false, "_enable_smtp": true, "smtp_host": "<url>", "smtp_ssl": false, "smtp_explicit_tls": false, "smtp_port": 25, "smtp_from": "bitwarden@swissrdl.unibe.ch", "smtp_from_name": "Bitwarden_RS", "smtp_username": "<user>", "smtp_password": "<pw>", "smtp_timeout": 15, "_enable_email_2fa": false, "email_token_size": 6, "email_expiration_time": 600, "email_attempts_limit": 3 } ```
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
troubleshooting
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#1094
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?