Skip to content

NGINX proxy config hostname collision #5692

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
1 task done
vipergts450 opened this issue Apr 22, 2025 · 2 comments
Open
1 task done

NGINX proxy config hostname collision #5692

vipergts450 opened this issue Apr 22, 2025 · 2 comments
Labels
bug

Comments

@vipergts450
Copy link

vipergts450 commented Apr 22, 2025
edited
Loading

Steps To Reproduce

  1. Deploy another docker container or stack outside of Bitwarden which has a container named "web"
  2. Deploy standard configuration via ./bitwarden.sh start
  3. Attempt to access vault via browser

Expected Result

Vault login website should appear.

Actual Result

Browser responds with 502 error page from nginx.

Screenshots or Videos

No response

Additional Context

Searching the nginx error logs within bwdata folder shows

[warn] 48#48: *210 upstream server temporarily disabled while connecting to upstream ...
[error] 48#48: *210 connect() failed (111: Connection refused) while connecting to upstream ...

Upstream server in the logs is listed with IP address of the other, already running docker container with the name web despite that container being in another Docker network.

It seems to be caused by the following line in nginx's default.conf file:

 location / {
    proxy_pass http://web:5000/;
    ...
  }

I believe this could be remedied by having bitwarden.sh generate the file and appending the bitwarden_internal network domain to all of the hosts in default.conf rather than relying on Docker's DNS system to resolve the correct IP with only the hostname.

ex:

 location / {
    proxy_pass http://web.bitwarden_internal:5000/;
    ...
  }

Build Version

2025.4.1

Environment

Self-Hosted

Environment Details

  • Operating System: Debian 12 (bookworm)
  • Environment: Docker

Issue Tracking Info

  • I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
@jtodddd
Copy link

jtodddd commented Apr 23, 2025

Hi there,

I am unable to reproduce this issue, it has been escalated for further investigation. If you have more information that can help us, please add it below.

Thanks!

@vipergts450
Copy link
Author

vipergts450 commented Apr 23, 2025
edited
Loading

For more context, I have a shared overlay network for NGINX Proxy Manager called npm, and both the Bitwarden stack's bitwarden-nginx container and the separate stack's web container are members of this overlay network so that NPM can direct traffic to each without either stack needing to expose ports to the host. Maybe this can help you replicate the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vipergts450 @jtodddd