Help needed - 502 error behind nginx reverse proxy #1522

New Issue

OVERLORD · 2025-10-09T17:18:05+03:00

OVERLORD commented

2025-10-09 17:18:05 +03:00

Originally created by @Jannomag on GitHub.

Hi,
I'm currently trying to get bitwarden_rs to run on a raspberry pi which already runs nginx.
So I set up a reverse proxy, like I did on my homeserver running Ubuntu 20.04 (x85_64 system).
But I get 502 error and couldn't find a fix for this.
I'm not very good in such things, so I'm sorry when something is completely wrong...

My nginx config for bitwarden using a wildcard ssl certificate with letsencrypt:
`server {
listen 80;
server_name bw.example.de;
return 301 https://$server_name$request_uri;
}

server {
listen 443 ssl http2;
server_name bw.example.de;
index index.html index.php;
ssl_certificate /etc/letsencrypt/live/example.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.de/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

client_max_body_size 128M;

location / {
    proxy_pass http://localhost:8083/;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    client_max_body_size 0;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
    add_header Referrer-Policy "same-origin";
}

location /notifications/hub {
    proxy_pass http://localhost:3012/;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}

location /notifications/hub/negotiate {
    proxy_pass http://localhost:8083/;
}

}`

And this is how I start the docker container:
docker run -d --name bitwarden \ -e ROCKET_TLS='{certs="/ssl/archive/example.de/fullchain2.pem",key="/ssl/archive/example.de/privkey2.pem"}' \ -e LOG_FILE=/data/bitwarden.log \ -e 'SIGNUPS_ALLOWED'='true' \ -e 'DOMAIN'='https://bw.example.de/' \ -v /etc/letsencrypt/:/ssl/ \ -v /bw-data/:/data/:rw \ -p 8083:80/tcp \ -p 3012:3012/tcp \ --restart always \ bitwardenrs/server:raspberry

The certificate works, the web browser shows the site a secure. But I get the 502 nginx error.

Any solution for this?

Originally created by @Jannomag on GitHub. Hi, I'm currently trying to get bitwarden_rs to run on a raspberry pi which already runs nginx. So I set up a reverse proxy, like I did on my homeserver running Ubuntu 20.04 (x85_64 system). But I get 502 error and couldn't find a fix for this. I'm not very good in such things, so I'm sorry when something is completely wrong... My nginx config for bitwarden using a wildcard ssl certificate with letsencrypt: `server { listen 80; server_name bw.example.de; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; server_name bw.example.de; index index.html index.php; ssl_certificate /etc/letsencrypt/live/example.de/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.de/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; client_max_body_size 128M; location / { proxy_pass http://localhost:8083/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; client_max_body_size 0; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; add_header Referrer-Policy "same-origin"; } location /notifications/hub { proxy_pass http://localhost:3012/; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /notifications/hub/negotiate { proxy_pass http://localhost:8083/; } }` And this is how I start the docker container: `docker run -d --name bitwarden \ -e ROCKET_TLS='{certs="/ssl/archive/example.de/fullchain2.pem",key="/ssl/archive/example.de/privkey2.pem"}' \ -e LOG_FILE=/data/bitwarden.log \ -e 'SIGNUPS_ALLOWED'='true' \ -e 'DOMAIN'='https://bw.example.de/' \ -v /etc/letsencrypt/:/ssl/ \ -v /bw-data/:/data/:rw \ -p 8083:80/tcp \ -p 3012:3012/tcp \ --restart always \ bitwardenrs/server:raspberry` The certificate works, the web browser shows the site a secure. But I get the 502 nginx error. Any solution for this?

OVERLORD added the better for forum Third party labels 2025-10-09 17:18:05 +03:00

OVERLORD closed this issue

2025-10-09 17:18:06 +03:00

OVERLORD commented

2025-10-09 17:18:09 +03:00

@cooling75 commented on GitHub:

Hi,
I could be wrong but from a quick look into the nginx documentation I miss the 'upstream' section?

@cooling75 commented on GitHub: Hi, I could be wrong but from a quick look into the [nginx documentation](https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-tcp/) I miss the 'upstream' section?

OVERLORD commented

2025-10-09 17:18:10 +03:00

@Jannomag commented on GitHub:

I got it to work with this tutorial and it's linked web-vault:
https://www.reddit.com/r/Bitwarden/comments/dg78bi/building_selfhosted_bitwarden_via_bitwarden_rs/?utm_source=amp&utm_medium=&utm_content=post_body

I just forgot to close this issue, sorry!

@Jannomag commented on GitHub: I got it to work with this tutorial and it's linked web-vault: https://www.reddit.com/r/Bitwarden/comments/dg78bi/building_selfhosted_bitwarden_via_bitwarden_rs/?utm_source=amp&utm_medium=&utm_content=post_body I just forgot to close this issue, sorry!

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#1522