1. Caddy version (caddy version):
abiosoft/caddy 1.0.3
2. How I run Caddy:
I use docker compose to start caddy and bitwarden_rs see below for my Caddyfile and docker-compose.yml
a. System environment:
Ubuntu 20.04, Docker 19.03.8, Docker Compose 1.25.0
b. Command:
docker-compose up
c. Service/unit/compose file:
# docker-compose.yml
version: '3'
services:
bitwarden:
image: bitwardenrs/server
restart: always
volumes:
- ./bw-data:/data
environment:
WEBSOCKET_ENABLED: 'true' # Required to use websockets
SIGNUPS_ALLOWED: 'true' # set to false to disable signups
caddy:
image: abiosoft/caddy
restart: always
volumes:
- ./Caddyfile:/etc/Caddyfile:ro
ports:
- 80:80
- 443:443
d. My complete Caddyfile or JSON config:
# Caddyfile
https://bitwardenrs.dangerling.com {
tls /home/administrator/Certificate.crt /home/administrator/CertKey.key
header / {
# Enable HTTP Strict Transport Security (HSTS)
Strict-Transport-Security "max-age=31536000;"
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "DENY"
# Prevent search engines from indexing (optional)
#X-Robots-Tag "none"
}
# The negotiation endpoint is also proxied to Rocket
proxy /notifications/hub/negotiate bitwarden:80 {
transparent
}
# Notifications redirected to the websockets server
proxy /notifications/hub bitwarden:3012 {
websocket
}
# Proxy the Root directory to Rocket
proxy / bitwarden:80 {
transparent
}
}
3. The problem I’m having:
I want to run bitwarden_rs behind a reverse proxy using certificates I provide as I have a wilecard cert from a company who’s name is not LetsEncrypt.
Upon docker-compose executing bitwarden starts and then caddy tries to start. The problem is it is unable to find the certificate file I defined in my Caddyfile. For testing purposes I chmod 777 both the crt and key files but no luck.
4. Error messages and/or full log output:
administrator@bitwardenrs:~$ sudo docker-compose up
Starting administrator_caddy_1 ... done
Starting administrator_bitwarden_1 ... done
Attaching to administrator_bitwarden_1, administrator_caddy_1
bitwarden_1 | /--------------------------------------------------------------------\
bitwarden_1 | | Starting Bitwarden_RS |
bitwarden_1 | | Version 1.17.0 |
bitwarden_1 | |--------------------------------------------------------------------|
bitwarden_1 | | This is an *unofficial* Bitwarden implementation, DO NOT use the |
bitwarden_1 | | official channels to report bugs/features, regardless of client. |
bitwarden_1 | | Send usage/configuration questions or feature requests to: |
bitwarden_1 | | https://bitwardenrs.discourse.group/ |
bitwarden_1 | | Report suspected bugs/issues in the software itself at: |
bitwarden_1 | | https://github.com/dani-garcia/bitwarden_rs/issues/new |
bitwarden_1 | \--------------------------------------------------------------------/
bitwarden_1 |
caddy_1 | 2020/11/19 23:06:28 /etc/Caddyfile:3 - Error during parsing: Unable to load certificate and key files for 'https://bitwardenrs.dangerling.com': open /home/administrator/Certificate.crt: no such file or directory
caddy_1 | exit status 1
bitwarden_1 | [2020-11-19 23:06:28.515][start][INFO] Rocket has launched from http://0.0.0.0:80
bitwarden_1 | [2020-11-19 23:06:28.515][ws][INFO] Listening for new connections on 0.0.0.0:3012.
caddy_1 | exit status 1
administrator_caddy_1 exited with code 1
5. What I already tried:
Google, but to be completely honest I am out of my element when it comes to docker, docker compose, and caddy. I have tried setting the permissions for the certificate files to 777 just in case caddy didn’t have read access to those files. Unfortunately several hours of googling has not helped here as it seems very few are doing the same thing as me.
Its likely I am missing out here on something fundamental, but as I said I am a little out of my element here.