Server Misbehaving with vaultwarden

Rainee · November 29, 2022, 11:51am

1. Output of `caddy version`:

v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=
rainee@viperhome:~$ caddy version
v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=

2. How I run Caddy:

built from xcaddy/from source with cloudflare and docker plugins

a. System environment:

Ubuntu 22.04.1 LTS x86_64

b. Command:

I run it through docker using a docker compose file using the latest version of the caddy image

Paste command here.

c. Service/unit/compose file:

version: "3"
services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    # line above must be uncommented to allow external containers to connect. See https://github.com/qdm12/gluetun/wiki/Connect-a-container-to-gluetun#external-container-to-gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
      - 6881:6881
      - 6881:6881/udp
      - 5801:5800
      - 8112:8112
      - 58846:58846
      - 58946:58946
    volumes:
      - /home/rainee/config/gluetun:/gluetun
    environment:
      # See https://github.com/qdm12/gluetun/wiki
      - VPN_SERVICE_PROVIDER=mullvad
      - VPN_TYPE=wireguard
      - SHADOWSOCKS=on
      - SHADOWSOCKS_LOG=on
      - SHADOWSOCKS_PASSWORD=n7ohc0euXF5X
  # Wireguard:
      - WIREGUARD_PRIVATE_KEY=2PRZ7aSR9WB3zoesG5jX14w/1S4zwb7RTR7MyiTbEVM=
      - WIREGUARD_ADDRESSES=10.66.232.25/32,fc00:bbbb:bbbb:bb01::3:e818/128
      - SERVER_HOSTNAMES=nl3-wireguard
      - TZ=America/Los_Angeles
    # Firewall
      - FIREWALL_OUTBOUND_SUBNETS=192.168.1.0/24
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
  jdownloader-2:
    image: jlesage/jdownloader-2
    container_name: jdownloader2
    network_mode: "service:gluetun"
    volumes:
      - "/home/rainee/config/jdownloader-2:/config:rw"
      - "/mnt/skycloud/downloads:/output:rw"
  fenrus:
    image: revenz/fenrus
    container_name: fenrus
    environment:
      - TZ=America/Los_Angeles
    volumes:
      - /home/rainee/config/fenrus:/app/data
      - /home/rainee/config/fenrus/images:/app/wwwroot/images
    ports:
      - 3000:3000
    restart: unless-stopped
  deluge:
    image: lscr.io/linuxserver/deluge:latest
    container_name: deluge
    network_mode: "service:gluetun"
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/Los_Angeles
      - DELUGE_LOGLEVEL=error
    volumes:
      - /home/rainee/config/deluge:/config
      - /mnt/skycloud/downloads:/downloads
      - /mnt/skycloud/data/torrent:/data/torrents
  metube:
    image: alexta69/metube
    container_name: metube
    restart: unless-stopped
    ports:
      - "8081:8081"
    volumes:
      - /mnt/skycloud/downloads:/downloads
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: always
    expose:
      - "3012"
      - "8080"
    environment:
      WEBSOCKET_ENABLED: "true"
      ADMIN_TOKEN: "2GrYOZ3nxUkj7T2upxN+qfQJu8NYEMyPOQb+55/CnwZQnhREbJhKEHdOwvFw8Qg9"
      YUBICO_CLIENT_ID: "77694"
      YUBICO_SECRET_KEY: "BOX4KvVg87DhuVa+qmwXXaiS81M="
      ROCKET_PORT: 8080
    volumes:
      - /home/rainee/config/bitwarden/bw-data:/data
  shoko_server:
    container_name: shokoserver
    image: shokoanime/server:latest
    restart: always
    environment:
      - "PUID=1000"
      - "PGID=1000"
      - "TZ=America/Los_Angeles"
    ports:
      - "8111:8111"
    volumes:
      - "/home/rainee/config/shoko-config:/home/shoko/.shoko"
      - "/mnt/skycloud/data/media/anime:/mnt/anime"
      - "/mnt/skycloud/downloads:/mnt/import"
  deemix:
    image: registry.gitlab.com/bockiii/deemix-docker
    container_name: Deemix
    volumes:
      - /mnt/skycloud/data/media/music:/downloads
      - /home/rainee/config/deemix:/config
    environment:
      - PUID=1000
      - PGID=1000
      - UMASK_SET=022
      - DEEMIX_SINGLE_USER=true
    ports:
      - 6595:6595
  caddy:
    image: caddy:2
    container_name: caddy
    restart: always
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./caddy:/usr/bin/caddy  # Your custom build of Caddy.
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - /home/rainee/config/caddyconfig/caddy-config:/config
      - /home/rainee/config/caddyconfig/caddy-data:/data
    environment:
      DOMAIN: "https://viperhome.skye.moe"  # Your domain.
      EMAIL: "raineeinguki@proton.me"                 # The email address to use for ACME registration.
      LOG_FILE: "/data/access.log"
    network_mode: "host"
  headscale:
    container_name: headscale
    image: headscale/headscale:latest-alpine
    restart: unless-stopped
  #  ports:
  #    - 8080:8080
    volumes:
      - /home/rainee/config/headscale/config:/etc/headscale
      - /home/rainee/config/headscale/data:/var/lib/headscale
    entrypoint: headscale serve
    networks:
      reverseproxy-nw:

  headscale-ui:
    container_name: headscale-ui
    image: ghcr.io/gurucomputing/headscale-ui:latest
    restart: unless-stopped
    networks:
      reverseproxy-nw:
  firezone:
    image: firezone/firezone
    ports:
      - 51820:51820/udp
    env_file:
      # This should contain a list of env vars for configuring Firezone.
      # See https://docs.firezone.dev/reference/env-vars for more info.
      - ${FZ_INSTALL_DIR:-.}/.env
    volumes:
      # IMPORTANT: Persists WireGuard private key and other data. If
      # /var/firezone/private_key exists when Firezone starts, it is
      # used as the WireGuard private. Otherwise, one is generated.
      - ${FZ_INSTALL_DIR:-.}/firezone:/var/firezone
    cap_add:
      # Needed for WireGuard and firewall support.
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      # Needed for masquerading and NAT.
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv4.ip_forward=1
      - net.ipv6.conf.all.forwarding=1
    depends_on:
      - postgres
    networks:
      firezone-network:
        ipv4_address: 172.25.0.100

  postgres:
    image: postgres:15
    volumes:
      - postgres-data:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: ${DATABASE_NAME:-firezone}
      POSTGRES_USER: ${DATABASE_USER:-postgres}
      POSTGRES_PASSWORD: ${DATABASE_PASSWORD:?err}
    networks:
      - firezone-network

# Postgres needs a named volume to prevent perms issues on non-linux platforms
volumes:
  postgres-data:

networks:
  reverseproxy-nw:
    external: true
  firezone-network:
    driver: bridge
    ipam:
      config:
        - subnet: 172.25.0.0/16

d. My complete Caddy config:

version: "3"
services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    # line above must be uncommented to allow external containers to connect. See https://github.com/qdm12/gluetun/wiki/Connect-a-container-to-gluetun#external-container-to-gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
      - 6881:6881
      - 6881:6881/udp
      - 5801:5800
      - 8112:8112
      - 58846:58846
      - 58946:58946
    volumes:
      - /home/rainee/config/gluetun:/gluetun
    environment:
      # See https://github.com/qdm12/gluetun/wiki
      - VPN_SERVICE_PROVIDER=mullvad
      - VPN_TYPE=wireguard
      - SHADOWSOCKS=on
      - SHADOWSOCKS_LOG=on
      - SHADOWSOCKS_PASSWORD=
  # Wireguard:
      - WIREGUARD_PRIVATE_KEY=
      - WIREGUARD_ADDRESSES=
      - SERVER_HOSTNAMES=
      - TZ=America/Los_Angeles
    # Firewall
      - FIREWALL_OUTBOUND_SUBNETS=192.168.1.0/24
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
  jdownloader-2:
    image: jlesage/jdownloader-2
    container_name: jdownloader2
    network_mode: "service:gluetun"
    volumes:
      - "/home/rainee/config/jdownloader-2:/config:rw"
      - "/mnt/skycloud/downloads:/output:rw"
  fenrus:
    image: revenz/fenrus
    container_name: fenrus
    environment:
      - TZ=America/Los_Angeles
    volumes:
      - /home/rainee/config/fenrus:/app/data
      - /home/rainee/config/fenrus/images:/app/wwwroot/images
    ports:
      - 3000:3000
    restart: unless-stopped
  deluge:
    image: lscr.io/linuxserver/deluge:latest
    container_name: deluge
    network_mode: "service:gluetun"
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/Los_Angeles
      - DELUGE_LOGLEVEL=error
    volumes:
      - /home/rainee/config/deluge:/config
      - /mnt/skycloud/downloads:/downloads
      - /mnt/skycloud/data/torrent:/data/torrents
  metube:
    image: alexta69/metube
    container_name: metube
    restart: unless-stopped
    ports:
      - "8081:8081"
    volumes:
      - /mnt/skycloud/downloads:/downloads
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: always
    environment:
      WEBSOCKET_ENABLED: "true"
      ADMIN_TOKEN: ""
      YUBICO_CLIENT_ID: ""
      YUBICO_SECRET_KEY: ""
      ROCKET_PORT: 8080
    volumes:
      - /home/rainee/config/bitwarden/bw-data:/data
  shoko_server:
    container_name: shokoserver
    image: shokoanime/server:latest
    restart: always
    environment:
      - "PUID=1000"
      - "PGID=1000"
      - "TZ=America/Los_Angeles"
    ports:
      - "8111:8111"
    volumes:
      - "/home/rainee/config/shoko-config:/home/shoko/.shoko"
      - "/mnt/skycloud/data/media/anime:/mnt/anime"
      - "/mnt/skycloud/downloads:/mnt/import"
  deemix:
    image: registry.gitlab.com/bockiii/deemix-docker
    container_name: Deemix
    volumes:
      - /mnt/skycloud/data/media/music:/downloads
      - /home/rainee/config/deemix:/config
    environment:
      - PUID=1000
      - PGID=1000
      - UMASK_SET=022
      - DEEMIX_SINGLE_USER=true
    ports:
      - 6595:6595
  caddy:
    image: caddy:2
    container_name: caddy
    restart: always
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./caddy:/usr/bin/caddy  # Your custom build of Caddy.
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - /home/rainee/config/caddyconfig/caddy-config:/config
      - /home/rainee/config/caddyconfig/caddy-data:/data
    environment:
      DOMAIN: ""  # Your domain.
      EMAIL: "@"                 # The email address to use for ACME registration.
      LOG_FILE: "/data/access.log"
    network_mode: "host"
  headscale:
    container_name: headscale
    image: headscale/headscale:latest-alpine
    restart: unless-stopped
  #  ports:
  #    - 8080:8080
    volumes:
      - /home/rainee/config/headscale/config:/etc/headscale
      - /home/rainee/config/headscale/data:/var/lib/headscale
    entrypoint: headscale serve
    networks:
      reverseproxy-nw:

  headscale-ui:
    container_name: headscale-ui
    image: ghcr.io/gurucomputing/headscale-ui:latest
    restart: unless-stopped
    networks:
      reverseproxy-nw:
  firezone:
    image: firezone/firezone
    ports:
      - 51820:51820/udp
    env_file:
      # This should contain a list of env vars for configuring Firezone.
      # See https://docs.firezone.dev/reference/env-vars for more info.
      - ${FZ_INSTALL_DIR:-.}/.env
    volumes:
      # IMPORTANT: Persists WireGuard private key and other data. If
      # /var/firezone/private_key exists when Firezone starts, it is
      # used as the WireGuard private. Otherwise, one is generated.
      - ${FZ_INSTALL_DIR:-.}/firezone:/var/firezone
    cap_add:
      # Needed for WireGuard and firewall support.
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      # Needed for masquerading and NAT.
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv4.ip_forward=1
      - net.ipv6.conf.all.forwarding=1
    depends_on:
      - postgres
    networks:
      firezone-network:
        ipv4_address: 172.25.0.100

  postgres:
    image: postgres:15
    volumes:
      - postgres-data:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: ${DATABASE_NAME:-firezone}
      POSTGRES_USER: ${DATABASE_USER:-postgres}
      POSTGRES_PASSWORD: ${DATABASE_PASSWORD:?err}
    networks:
      - firezone-network

# Postgres needs a named volume to prevent perms issues on non-linux platforms
volumes:
  postgres-data:

networks:
  reverseproxy-nw:
    external: true
  firezone-network:
    driver: bridge
    ipam:
      config:
        - subnet: 172.25.0.0/16

3. The problem I’m having:

*   Trying 192.168.1.21:80...
* Connected to viperhome.skye.moe (192.168.1.21) port 80 (#0)
> GET / HTTP/1.1
> Host: viperhome.skye.moe
> User-Agent: curl/7.81.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://viperhome.skye.moe/
< Server: Caddy
< Date: Tue, 29 Nov 2022 11:45:51 GMT
< Content-Length: 0
<
* Closing connection 0

4. Error messages and/or full log output:

{"level":"error","ts":1669721245.8633182,"logger":"http.log.error","msg":"dial tcp: lookup vaultwarden on 127.0.0.53:53: server misbehaving","request":{"remote_ip":"192.168.1.124","remote_port":"32667","proto":"HTTP/2.0","method":"POST","host":"viperhome.skye.moe","uri":"/identity/connect/token","headers":{"Bitwarden-Client-Name":["browser"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"],"Accept-Language":["en-US,en;q=0.9"],"Accept":["application/json"],"Bitwarden-Client-Version":["2022.10.1"],"Sec-Gpc":["1"],"Accept-Encoding":["gzip, deflate, br"],"Device-Type":["2"],"Sec-Fetch-Mode":["cors"],"Sec-Fetch-Dest":["empty"],"Sec-Fetch-Site":["none"],"Content-Length":["151"],"Content-Type":["application/x-www-form-urlencoded; charset=utf-8"],"Origin":["chrome-extension://nngceckbapebfimnlniiiahkandclblb"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"domain.1"}},"duration":0.005867847,"status":502,"err_id":"r67eimsxx","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"} {"level":"error","ts":1669722548.828256,"logger":"http.log.error","msg":"dial tcp: lookup vaultwarden on 127.0.0.53:53: server misbehaving","request":{"remote_ip":"192.168.1.124","remote_port":"33816","proto":"HTTP/2.0","method":"GET","host":"viperhome.skye.moe","uri":"/","headers":{"Cache-Control":["max-age=0"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"],"Sec-Fetch-Mode":["navigate"],"Accept-Encoding":["gzip, deflate, br"],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8"],"Sec-Gpc":["1"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Site":["cross-site"],"Sec-Fetch-User":["?1"],"Sec-Fetch-Dest":["document"]},"tls":{"resumed":true,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"viperhome.skye.moe"}},"duration":0.010308856,"status":502,"err_id":"hrsyeek13","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
{"level":"error","ts":1669722548.8633273,"logger":"http.log.error","msg":"dial tcp: lookup vaultwarden on 127.0.0.53:53: server misbehaving","request":{"remote_ip":"192.168.1.124","remote_port":"33816","proto":"HTTP/2.0","method":"GET","host":"viperhome.skye.moe","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"],"Sec-Fetch-Site":["cross-site"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Accept-Encoding":["gzip, deflate, br"],"Cache-Control":["max-age=0"],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8"],"Sec-Gpc":["1"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Dest":["document"]},"tls":{"resumed":true,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"viperhome.skye.moe"}},"duration":0.0042642,"status":502,"err_id":"mk3ddwkd6","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}"

5. What I already tried:

I’ve gone from editing the caddyfile to docker container/compose file to restarting both containers and seeing what would happen if I only ran with both of them nothing I could figure out please let me know if I am missing any other info to put into this template and I will do my best to provide it
Thank you for helping this dead brained person here on trying to figure out what might be a simple solution

6. Links to relevant resources:

emilylange · November 29, 2022, 2:48pm

Can you share your Caddyfile too?

PS: The curl output you shared doesn’t show an error, but instead the default http → https redirect.
Use curl -L -v to follow that redirect or curl -v https://viperhome.skye.moe

matt · November 29, 2022, 3:59pm

Port 53 “server misbehaving” usually refers to a misconfigured DNS server. Hope that helps!

Rainee · November 29, 2022, 11:16pm

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 192.168.1.21:443...
* Connected to viperhome.skye.moe (192.168.1.21) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS header, Certificate Status (22):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.2 (IN), TLS header, Finished (20):
{ [5 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [15 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [3832 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [78 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [36 bytes data]
* TLSv1.2 (OUT), TLS header, Finished (20):
} [5 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [36 bytes data]
* SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=viperhome.skye.moe
*  start date: Oct 29 02:17:33 2022 GMT
*  expire date: Jan 27 02:17:32 2023 GMT
*  subjectAltName: host "viperhome.skye.moe" matched cert's "viperhome.skye.moe"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0x55ebd4654c60)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
> GET / HTTP/2
> Host: viperhome.skye.moe
> user-agent: curl/7.81.0
> accept: */*
> 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [130 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
< HTTP/2 502 
< alt-svc: h3=":443"; ma=2592000
< server: Caddy
< content-length: 0
< date: Tue, 29 Nov 2022 23:14:15 GMT
< 
{ [0 bytes data]

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Connection #0 to host viperhome.skye.moe left intact

as for the caddyfile

viperhome.s:443 {
  # Use the ACME DNS-01 challenge to get a cert for the configured domain.
  tls {
    dns cloudflare 
  }

  # This setting may have compatibility issues with some browsers
  # (e.g., attachment downloading on Firefox). Try disabling this
  # if you encounter issues.
  encode gzip

  # Notifications redirected to the WebSocket server
  reverse_proxy /notifications/hub vaultwarden:3012

  # Proxy everything else to Rocket
  reverse_proxy vaultwarden:8080
  
}

https://headscale.s {
	@hs-options {
		host headscale.s
		method OPTIONS
	}
	@hs-other {
		host headscale.s
	}
	handle @hs-options {
		header {
			Access-Control-Allow-Origin https://headscale.skye.moe
			Access-Control-Allow-Headers *
			Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE"
		}
		respond 204
	}
	handle @hs-other {
		reverse_proxy http://headscale:8080 {
			header_down Access-Control-Allow-Origin https://headscale.s
			header_down Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE"
			header_down Access-Control-Allow-Headers *
		}
	}
}

https://firezone.s {
          log
          reverse_proxy * 172.25.0.100:13000
        }

emilylange · November 30, 2022, 2:52am

network_mode: "host" disables most of docker’s networking features, including docker’s container dns.

Remove the network_mode: "host" from the Caddy service/container in your docker-compose.yml, run docker-compose -up -d and your vaultwarden should start working as expected

Rainee · November 30, 2022, 7:22am

Okay so that’s done I have access to vaultwarden once again however I have lost access to firezone but I thank you for this help now to figure out how to get access to firezone

system · December 29, 2022, 11:52am

This topic was automatically closed after 30 days. New replies are no longer allowed.