Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gateway timeout when used behind reverse proxy #2552

Closed
1 task done
Tracked by #2480
danepowell opened this issue Jan 8, 2023 · 3 comments
Closed
1 task done
Tracked by #2480

Gateway timeout when used behind reverse proxy #2552

danepowell opened this issue Jan 8, 2023 · 3 comments
Labels
bug bw-unified-deploy An Issue related to Bitwarden unified deployment

Comments

@danepowell
Copy link
Contributor

danepowell commented Jan 8, 2023
edited
Loading

Steps To Reproduce

Install Bitwarden Unified according to the instructions for Docker Compose. I'm using essentially the example docker-compose.yml file, plus a few labels to expose 8080 to Traefik. Traefik terminates SSL and serves content on 443.

Everything works fine initially. But wait some period of time (I haven't found a clear trigger, other than "wait"), then try to access any domain served by the container (https://{your-bitwarden-domain}, https://{your-bitwarden-domain}/api/config, etc...)

Expected Result

Bitwarden is available on the specified admin domain.

Actual Result

Accessing the admin domain results in 504 gateway timeouts from Traefik and no associated errors (or any entries at all) in /var/log/ in the Bitwarden container, even with a 100 s timeout.

Screenshots or Videos

No response

Additional Context

I'm wondering how to debug this further. Traefik shows the incoming request and 504 timeout, so the problem must lie with Bitwarden. But no logs I can find in the Bitwarden container even show a request being made, much less an error.

Clearing the Bitwarden data directories "fixes" the problem temporarily but it always comes back after a few minutes.

Githash Version

Can't access API, the Docker digest is sha256:20421b822cf77c7187f60485fd0ddd08b187dfa1892840c6e26c847199078485

Environment Details

Ubuntu, Docker

Database Image

mariadb:10

Issue-Link

#2480

Issue Tracking Info

  • I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
@danepowell danepowell added bug bw-unified-deploy An Issue related to Bitwarden unified deployment labels Jan 8, 2023
@kspearrin
Copy link
Member

Can you wget or curl the bitwarden endpoints from your Traefik instance? Can you just expose Bitwarden to the host and try to hit the endpoints directly to see what they return when things go down?

@kspearrin
Copy link
Member

Also, you can check to see if the services are still running on the Bitwarden container. Check docker exec -it bitwarden supervisorctl status

@danepowell
Copy link
Contributor Author

danepowell commented Jan 8, 2023
edited
Loading

I figured it out! Thanks, your tip to try pinging Bitwarden from Traefik got me on the right track.

The problem is that I had the Bitwarden container on two networks, one for web access and one internal to keep the db off the web. This requires setting traefik.docker.network: web, which is what I had neglected. This became apparent when I pinged Bitwarden from within Traefik and noticed the IP was different than what Traefik listed for the service.

This is entirely a PEBCAK / Traefik issue, I don't think Bitwarden could do anything to help here.

@justindbaur justindbaur mentioned this issue Jan 12, 2023
Open
54 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug bw-unified-deploy An Issue related to Bitwarden unified deployment
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kspearrin @danepowell