Apache2 Reverse Proxy of Vaultwarden Problems

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
Post Reply
Parkour_Lama
Posts: 36
Joined: Sat Sep 12, 2020 2:02 pm

Apache2 Reverse Proxy of Vaultwarden Problems

Post by Parkour_Lama »

Hello,
This topic is quite similar to viewtopic.php?f=9&t=9478 but different problem and web server.

Installation and configuring vaultwarden was a breeze. I now have a fully functioning password manager ready to go. The problem arises when trying to use the app.

I've disabled the certificates in the vaultwarden config file, so works on `http:`.
Now, using the example config. with sub-location shown in the wiki https://github.com/dani-garcia/vaultwar ... y-examples it seemed to be interfering with my nextcloud server.

I've realized that I don't actually need to create a new website for it, simply using the Location part, I've added this to my apache2.conf file :

Code: Select all

<Location /bitwarden/>
    RewriteEngine On
    RewriteCond %{HTTP:Upgrade} =websocket [NC]
    RewriteRule /notifications/hub(.*) ws://localhost:8001/$1 [P,L]
    ProxyPass http://localhost:8001/

    ProxyPreserveHost On
    RequestHeader set X-Real-IP %{REMOTE_ADDR}s
</Location>

Two things are different here, I've used the port dietpi uses while setting up vaultwarden and, replaced the last line,

Code: Select all

ProxyPass http://<SERVER>:80/$sublocation/
with

Code: Select all

ProxyPass http://localhost:8001/
as adding bitwarden for sub-location results in a Error 404, Not Found.

Now, with the above config, I can access Bitwarden from

Code: Select all

https://[Domain].com/bitwarden/
The final forward slash is necessary as using just

Code: Select all

https://[Domain].com/bitwarden
results in a Not Found Error.

Now the conclusion of this story (Apologies for the long winded explanation),
When entering the Server URL of a Self-Hosted Sever in the Bitwarden App, it automatically removes the final forward slash whenever I click save, and thus cannot reach my sever resulting in an error.
What can I do to fix this?

P.S. Following the wiki, I have the websocket proxy module loaded, but, modifying the docker start-up to include the sub-location is beyond me as docker doesn't even seem to be running?
Parkour_Lama
Posts: 36
Joined: Sat Sep 12, 2020 2:02 pm

Re: Apache2 Reverse Proxy of Vaultwarden Problems

Post by Parkour_Lama »

Alright, I've found a hacky solution solution to this simply by adding a backslash to the URL, which seems to later convert into a forward slash.
i.e.

Code: Select all

https://[DOMAIN].com/bitwarden\
I'm not going to mark it as a solution just yet, hopefully someone's got a better method, until then...
User avatar
Joulinar
Posts: 5996
Joined: Sat Nov 16, 2019 12:49 am

Re: Apache2 Reverse Proxy of Vaultwarden Problems

Post by Joulinar »

basically your configuration is correct.

I guess you did a2enmod proxy_wstunnel and a2enmod proxy_http. As well you set DOMAIN=https://your.ddns.com/vault/ in Vaultwarden configuration.

I did a test using following apache2 config /etc/apache2/sites-enabled/000-default-le-ssl.conf

Code: Select all

<IfModule mod_ssl.c>
<VirtualHost *:443>
        DocumentRoot /var/www
        ErrorLog ${APACHE_LOG_DIR}/error.log
        #CustomLog ${APACHE_LOG_DIR}/access.log combined

ServerName your.ddns.com
SSLCertificateFile /etc/letsencrypt/live/your.ddns.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/your.ddns.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

#vault
    <Location /vault>
        RewriteEngine On
        RewriteCond %{HTTP:Upgrade} =websocket [NC]
        RewriteRule /notifications/hub(.*) ws://192.168.0.17:3012/$1 [P,L]
        ProxyPass http://192.168.0.17:8001/vault/

        ProxyPreserveHost On
#      RequestHeader set X-Real-IP %{REMOTE_ADDR}s
    </Location>

</VirtualHost>
</IfModule>
At least for me it's needed to disable RequestHeader and I adjusted Location.

Once apache2 has been restarted. I'm able to access Vaultwarden using sub path

Code: Select all

https://your.ddns.com/vault
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Post Reply