[SOLVED] Traefik + Vaultwarden 502 Error

@fenndev@leminal.space to Selfhosted@lemmy.world

English

•
edit-2
6M
•

[SOLVED] Traefik + Vaultwarden 502 Error

@fenndev@leminal.space to Selfhosted@lemmy.world

English

•
edit-2
6M
•

Edit: Thanks for the help, issue was solved! Had Traefik’s loadbalancer set to route to port 8081, not the internal port of 80. Whoops.

Intro

HI everyone. I’ve been busy configuring my homelab and have run into issues with Traefik and Vaultwarden running within Podman. I’ve already successfully set up Home Assistant and Homepage but for the life of me cannot get things working. I’m hoping a fresh pair of eyes would be able to spot something I missed or provide some advice. I’ve tried to provide all the information and logs relevant to the situation.

Expected Behavior:

Requests for *.fenndev.network are sent to my Traefik server.
Incoming HTTPS requests to vault.fenndev.network are forwarded to Vaultwarden
- HTTP requests are upgraded to HTTPS
Vaultwarden is accessible via https://vault.fenndev.network and utilizes the wildcard certificates generated by Traefik.

Quick Facts

Overview

I’m running Traefik and Vaultwarden in Podman, using Quadlet
Traefik and Vaultwarden, along with all of my other services, are part of the same fenndev_default network
Traefik is working correctly with Home assistant, Adguard Home, and Homepage, but returns a 502 Bad Gateway error with Vaultwarden
I’ve verified that port 8081 is open on my firewall and my service is reachable at {SERVER_IP}:8081.
10.89.0.132 is the internal Podman IP address of the Vaultwarden container

Versions

Server: AlmaLinux 9.4

Podman: 4.9.4-rhel

Traefik: v3

Vaultwarden: alpine-latest (1.30.5-alpine I believe)

Error Logs

Traefik Log:

2024-05-11T22:09:53Z DBG github.com/traefik/traefik/v3/pkg/server/service/proxy.go:100 > 502 Bad Gateway error="dial tcp 10.89.0.132:8081: connect: connection refused"

cURL to URL:

[fenndev@bastion ~]$ curl -v https://vault.fenndev.network
*   Trying 192.168.1.169:443...
* Connected to vault.fenndev.network (192.168.1.169) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/pki/tls/certs/ca-bundle.crt
* TLSv1.0 (OUT), TLS header, Certificate Status (22):

Config Files

vaultwarden.container file:

[Unit]
Description=Password 
After=network-online.target
[Service]
Restart=always
RestartSec=3

[Install]
# Start by default on boot
WantedBy=multi-user.target default.target

[Container]
Image=ghcr.io/dani-garcia/vaultwarden:latest-alpine
Exec=/start.sh
EnvironmentFile=%h/.config/vault/vault.env
ContainerName=vault
Network=fenndev_default

# Security Options
SecurityLabelType=container_runtime_t
NoNewPrivileges=true                                    
# Volumes
Volume=%h/.config/vault/data:/data:Z

# Ports
PublishPort=8081:80

# Labels
Label=traefik.enable=true
Label=traefik.http.routers.vault.entrypoints=web
Label=traefik.http.routers.vault-websecure.entrypoints=websecure
Label=traefik.http.routers.vault.rule=Host(`vault.fenndev.network`)
Label=traefik.http.routers.vault-websecure.rule=Host(`vault.fenndev.network`)
Label=traefik.http.routers.vault-websecure.tls=true
Label=traefik.http.routers.vault.service=vault
Label=traefik.http.routers.vault-websecure.service=vault

Label=traefik.http.services.vault.loadbalancer.server.port=8081

Label=homepage.group="Services"
Label=homepage.name="Vaultwarden"
Label=homepage.icon=vaultwarden.svg
Label=homepage.description="Password Manager"
Label=homepage.href=https://vault.fenndev.network

vault.env file:

LOG_LEVEL=debug
DOMAIN=https://vault.fenndev.network

You must log in or register to comment.

HotTopNewOld

Chat

@Dalraz@lemmy.ca English

2•6M

I did a ninja edit about ports, but in your labels I only see web as an entrypoint

Edit, nm I see it not used to using labels for configuration it seems

@fenndev@leminal.space

creator

English

3•6M

Oh. You’re right. That worked. I feel really silly that I missed that.

Thank you so much!

@Dalraz@lemmy.ca English

2•6M

Don’t feel bad, I have spend hours looking at the same thing overlooking the simple mistake. Glad I could help

Selfhosted

!selfhosted@lemmy.world

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

1 user online
127 users / day
422 users / week
1.16K users / month
3.85K users / 6 months
1 subscriber
3.68K Posts
74.2K Comments
Modlog