Can't get websockets to work #2088

New Issue

OVERLORD · 2025-10-09T17:45:05+03:00

OVERLORD commented

2025-10-09 17:45:05 +03:00

Originally created by @poblabs on GitHub.

I'm using the latest version of bitwarden_rs (Version: 1.9.1-3fb63bbe) and my vault is working but I've noticed the instant sync from browser to browser is not working. I know mobile is not in scope.

I've followed the Wiki entry for enabling websockets. I've followed the Wiki entry for the Proxy examples (my use case is nginx). I have the proxy headers in place:

    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

In my Synology Docker instance I have port 3012 mapped, and WEBSOCKET_ENABLED set to true.

All the endpoints within the reverse proxy are working except /notifications/hub. This returns an NGINX error 502 Bad Gateway, which is coming from my proxy.

So perhaps it's not listening to HTTP requests, which led me to check my Chrome console and I get these errors.

If I GET that HTTP location, /notifications/hub/negotiate I see something although the image doesn't load. I think this tells me that my proxy rules for this endpoint are working.

I'm not quite sure where to go from here. Thoughts?

Originally created by @poblabs on GitHub. I'm using the latest version of bitwarden_rs (Version: 1.9.1-3fb63bbe) and my vault is working but I've noticed the instant sync from browser to browser is not working. I know mobile is not in scope. I've followed the [Wiki entry for enabling websockets](https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-WebSocket-notifications). I've followed the [Wiki entry for the Proxy examples (my use case is nginx)](https://github.com/dani-garcia/bitwarden_rs/wiki/Proxy-examples#nginx-by-shauder). I have the proxy headers in place: ``` proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; ``` In my Synology Docker instance I have port 3012 mapped, and `WEBSOCKET_ENABLED` set to `true`. ![image](https://user-images.githubusercontent.com/3484775/60391367-dc2c5c00-9aba-11e9-92c4-16be25cc165f.png) All the endpoints within the reverse proxy are working except `/notifications/hub`. This returns an NGINX error `502 Bad Gateway`, which is coming from my proxy. So perhaps it's not listening to HTTP requests, which led me to check my Chrome console and I get these errors. ![image](https://user-images.githubusercontent.com/3484775/60391426-11857980-9abc-11e9-86c1-57c5b0700066.png) If I GET that HTTP location, `/notifications/hub/negotiate` I see *something* although the image doesn't load. I think this tells me that my proxy rules for this endpoint are working. ![image](https://user-images.githubusercontent.com/3484775/60391434-3bd73700-9abc-11e9-9bd3-5fe27428db2b.png) I'm not quite sure where to go from here. Thoughts?

OVERLORD closed this issue

2025-10-09 17:45:06 +03:00

OVERLORD commented

2025-10-09 17:45:08 +03:00

@tanst commented on GitHub:

Your answer is here: https://github.com/dani-garcia/bitwarden_rs/issues/500#issuecomment-498805138

@tanst commented on GitHub: Your answer is here: https://github.com/dani-garcia/bitwarden_rs/issues/500#issuecomment-498805138

OVERLORD commented

2025-10-09 17:45:08 +03:00

@poblabs commented on GitHub:

Your answer is here: #500 (comment)

@tanst I'm not so sure that's my answer (I had said upfront that I knew mobile was out of scope)

@mprasil Here you go. I've truncated out all 80 to 443 forwarding and SSL Let's Encrypt stuff. That's pretty standard. If you want to see it I can add it.

  location / {
    proxy_pass http://192.168.0.10:8083;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
  
  location /notifications/hub {
    proxy_pass http://192.168.0.10:3012/;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }
  
  location /notifications/hub/negotiate {
    proxy_pass http://192.168.0.10:8083/;
  }

One thing I've noticed is that I need the trailing slash on the proxy_pass if the location is not /. Which is why you see that. I'm open to trying anything that's suggested.

Does the order of the locations matter within the proxy config?

EDIT: For giggles I moved the location for /notifications/hub/negotiate upwards in the list and it made no difference.

@poblabs commented on GitHub: > Your answer is here: #500 (comment) @tanst I'm not so sure that's my answer (I had said upfront that I knew mobile was out of scope) --- @mprasil Here you go. I've truncated out all 80 to 443 forwarding and SSL Let's Encrypt stuff. That's pretty standard. If you want to see it I can add it. ``` location / { proxy_pass http://192.168.0.10:8083; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /notifications/hub { proxy_pass http://192.168.0.10:3012/; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /notifications/hub/negotiate { proxy_pass http://192.168.0.10:8083/; } ``` One thing I've noticed is that I need the trailing slash on the `proxy_pass` if the location is not `/`. Which is why you see that. I'm open to trying anything that's suggested. Does the order of the locations matter within the proxy config? **EDIT**: For giggles I moved the location for `/notifications/hub/negotiate` upwards in the list and it made no difference.

OVERLORD commented

2025-10-09 17:45:09 +03:00

@mprasil commented on GitHub:

Can you share relevant parts of nginx config? It seems like there is some issue routing /notifications/hub/negotiate or something around that.

@mprasil commented on GitHub: Can you share relevant parts of nginx config? It seems like there is some issue routing `/notifications/hub/negotiate` or something around that.

OVERLORD commented

2025-10-09 17:45:10 +03:00

@mprasil commented on GitHub:

I think you have extra slash at the end in the proxy_pass for the /notifications/hub/negotiate endpoint?

@mprasil commented on GitHub: I think you have extra slash at the end in the `proxy_pass` for the `/notifications/hub/negotiate` endpoint?

OVERLORD commented

2025-10-09 17:45:10 +03:00

@poblabs commented on GitHub:

That was the fix. I could have sworn I tried it without that trailing slash. A bunch of my other proxy locations actually require the trailing slash otherwise the endpoints get concatenated (there's some nginx documentation on the trailing slash).

Anyways, thanks for the sanity check. Initial tests are working.

@poblabs commented on GitHub: That was the fix. I could have sworn I tried it without that trailing slash. A bunch of my other proxy `locations` actually require the trailing slash otherwise the endpoints get concatenated (there's some [nginx documentation](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass) on the [trailing slash](https://stackoverflow.com/a/22759570/1177153)). Anyways, thanks for the sanity check. Initial tests are working.

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#2088