apache reverse proxy configuration needs more headers? #331

New Issue

OVERLORD · 2026-02-04T19:39:49+03:00

OVERLORD commented

2026-02-04 19:39:49 +03:00

Originally created by @Alixerid on GitHub (Jul 11, 2019).

I am running bitwarden_rs behind an apache reverse proxy and used the example configuration from the wiki. Still, the websocket requests didn't work and produced errors such as the following in the apache error log:

AH01144: No protocol handler was valid for the URL /notifications/hub. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.

After searching and reading a bit it seemed to me that bitwarden_rs needed to get the headers Connection and Upgrade forwarded by the proxy as well. That's actually stated on the wiki page for enabling websockets:

...making sure to pass the Connection and Upgrade headers...

Then I found how to do this with apache and added this to my configuration:

RequestHeader setifempty Connection "Upgrade"
RequestHeader setifempty Upgrade "websocket"

Now my setup works with websocket.

Should these 2 lines be added to the example config? Or does someone know better and can explain why it only worked for me when adding these lines?

Originally created by @Alixerid on GitHub (Jul 11, 2019). I am running bitwarden_rs behind an apache reverse proxy and used the [example configuration from the wiki](https://github.com/dani-garcia/bitwarden_rs/wiki/Proxy-examples#apache-by-fbartels). Still, the websocket requests didn't work and produced errors such as the following in the apache error log: > AH01144: No protocol handler was valid for the URL /notifications/hub. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule. After searching and reading a bit it seemed to me that bitwarden_rs needed to get the headers ```Connection``` and ```Upgrade``` forwarded by the proxy as well. That's actually stated on the [wiki page for enabling websockets](https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-WebSocket-notifications): > ...making sure to pass the Connection and Upgrade headers... Then I found how to do this with apache and added this to my configuration: ``` RequestHeader setifempty Connection "Upgrade" RequestHeader setifempty Upgrade "websocket" ``` Now my setup works with websocket. Should these 2 lines be added to the example config? Or does someone know better and can explain why it only worked for me when adding these lines?

OVERLORD closed this issue

2026-02-04 19:39:58 +03:00

OVERLORD commented

2026-02-04 19:40:03 +03:00

@fbartels commented on GitHub (Jul 11, 2019):

Hi,

normally these headers are already set by the browser when he wants to make a websocket connection. Do you have the websocket proxy module of Apache activated? Do you have another reverse proxy Infront of this one?

@fbartels commented on GitHub (Jul 11, 2019): Hi, normally these headers are already set by the browser when he wants to make a websocket connection. Do you have the websocket proxy module of Apache activated? Do you have another reverse proxy Infront of this one?

OVERLORD commented

2026-02-04 19:40:09 +03:00

@Alixerid commented on GitHub (Jul 12, 2019):

Yes, proxy_wstunnel is enabled and I do not have another proxy in front of this apache.
The client (browser) should set the header, but does the apache proxy forward these headers to the backend by default? I'm no expert but I thought that I was fixing that part of forwarding the headers to bitwarden_rs.

@Alixerid commented on GitHub (Jul 12, 2019): Yes, `proxy_wstunnel` is enabled and I do not have another proxy in front of this apache. The client (browser) should set the header, but does the apache proxy forward these headers to the backend by default? I'm no expert but I thought that I was fixing that part of forwarding the headers to bitwarden_rs.

OVERLORD commented

2026-02-04 19:40:19 +03:00

@fbartels commented on GitHub (Jul 12, 2019):

Strange.. well I don't think it hurts for you to force these headers, but it feels like something is wrong with your browser.

While I don't know the code behind this in bitwarden_rs I don't think that these headers actually need to get to the backend. The important part is that the connection is once upgraded to a websocket and this is what happens within the (apache) webserver.

@fbartels commented on GitHub (Jul 12, 2019): Strange.. well I don't think it hurts for you to force these headers, but it feels like something is wrong with your browser. While I don't know the code behind this in bitwarden_rs I don't think that these headers actually need to get to the backend. The important part is that the connection is once upgraded to a websocket and this is what happens within the (apache) webserver.

OVERLORD commented

2026-02-04 19:40:30 +03:00

@Alixerid commented on GitHub (Jul 18, 2019):

Well, my setup is running fine with these header directives for now. Maybe someone who knows more about the code can shed some light on what is required by the backend (i.e. bitwarden_rs).

@Alixerid commented on GitHub (Jul 18, 2019): Well, my setup is running fine with these header directives for now. Maybe someone who knows more about the code can shed some light on what is required by the backend (i.e. bitwarden_rs).

OVERLORD commented

2026-02-04 19:40:43 +03:00

@dani-garcia commented on GitHub (May 14, 2020):

Closed due to inactivity.

@dani-garcia commented on GitHub (May 14, 2020): Closed due to inactivity.

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#331